Page 1 of 5 12345 LastLast
Results 1 to 10 of 44

Thread: "Bad Image"&"Unexpected Error" Messages,

  1. #1
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Post "Bad Image"&"Unexpected Error" Messages,

    Hi:
    Im not sure if this is the forum I should be writing to for help, but I need to start somewhere . Im sure that some "bug" or "parasite" has done something but I dont want to do a reformat unless I absolutely have to.

    SITUATION/PROBLEM:
    1. Infected with Application.Adware.NewDotNet.Dropper according to [Bit Defender Virus scan].

    2. "Bad Image", & "Unexpected Error" messages come up for various programs/applications-see below for list & particulars.

    3. Cant access System Restore, Task Manager, or HiJack This.

    HISTORY:
    Starting on late evening Jan30/06, a message box showed up in the lower right side of task bar saying a chkdsk needed to be done. The message mentioned something about ICQ (ICQ is on the computer but hasnt been accessed in a few months).
    I was told about the message 1&1/2 hours after it appeared; I clicked the 2 boxes in the chkdsk window from "tools", & restarted the computer so the chkdsk could run.
    As soon as the chkdsk started, in the first section, all of a sudden there were "tons" of files scrolling down as if being added or accesssed. The chkdsk continued & finished.
    NOTE:I'm never quick enough to read the report so I didnt see what it said. (Also, I dont even know how to access the report after the chkdsk is done).
    When I opened up my user account, I noticed that the AVG icon on taskbar was grey. I clicked on it to update and a message said "no new updates".
    When I clicked the desktop AVG icon , I received a message (see message 1).
    I was able to open the AVG Control Center-Database said it hadnt been updated since Dec.17 2005(or approx.). However I KNOW I received an update just a few days before(I check daily for updates).
    Antivirus AVG is now up to date(I was able to get the Jan31/2006 update late evening that night).
    At first I kept receiving the "Bad Image" message for AVG desktop icon, but once the Jan31 update was on the computer, I dont get that message for AVG anymore.
    I continue to receive the "Bad Image" message for various other applications/programs.

    Windows Version: Windows XP SP2 Home Edition- 2 user Accounts set up (mine password controlled)

    Firewall: WindowsXP SP2 default firewall

    Anti virus program: AVG Free 7.1.375 database 267.15.0 249 02/02/2006-set to auto update daily but I check manually as well to make sure-auto scan daily.

    Other Protection Software:
    Spybot Search & Destroy1.4 detection date 2006-01-27 Default Mode-manual check daily for updates-scan daily

    Spyware Blaster-manual daily check for updates(BEFORE when I could access the program)

    Lavasoft Ad-Aware SE Personal Edition(downloaded Feb2/06(after the troubles happened-manual check daily for updates-scan daily-NO "Bad Image" or "Unexpected Error" message received-works great!!!

    Content Advisor Program activated & password controlled by me(I have 2 late teen boys)

    NOTE: Used to have Spyware Guard-deleted June2005 but I think restricted sites are still active on list.

    Exact error message 1: "The application or DLL C:/Windows/system32/.......is not a valid Windows image. Please check your installation disk." (not sure what that is-installation disk cause computer came new with pre-programmed operating system).

    Exact error message 2: "Unexpected Error".(for Spyware Blaster & HijackThis ONLY)

    Programs/applications affected (ones that Ive noticed so far):

    taskmgr.exe (see message1)...VDMDBG.dll . Task manager WONT load from right click on taskbar OR from CTRL ALT DEL keys.

    spybotSD.exe (see message1) ...Srclient.dll Program DOES load, scan & update.

    spywareblaster.exe see message 2)( Program tries to load page but then message appears.

    rundll.exe(see message 1)

    msnmgr.exe (see message1) ....msdmo.dll

    HijackThis

    System Restore (see message1) ...rstrui.exe
    I cant access system restore to turn it off OR to go back to a restore point. The window loads for me to choose a previous point or to create a new one; however, the "Bad Image" message comes up when I choose "previous restore point". It appears that I may be able to create a NEW restore point though.



    WHAT IVE DONE SO FAR:

    1. "How to clean an infected computer" (AVG Free forum instructions) -followed all instructions-thats when I discovered that System Restore couldnt be accessed.

    2. Ran Disk Cleanup utility [Cleanup]-program used 2X monthly
    on my computer since May2005 when "little eagle"-Spybot Moderator instructed me to download & use it.

    3. AVG Complete Scan (Normal & Safe modes)-NO VIRUSES

    4. Spybot S&D scan (Normal & Safe modes)-up to date definitions-NO PROBLEMS

    5. Ad-Aware scan-NO PROBLEMS

    6. Defrag

    7. Chkdsk -including fix & repair (Normal & Safe modes)

    8. Feb 2/06 Posted for help on Antivirus free forum[http://forum.grisoft.cz/freeforum]

    9. Directed from there to [aumha.org] to "The Parasite Fight" pages for info & a copy of Hijack his(I got it here instead)& told by moderator to go with info/situation to Spyware site where I trust the people.

    10. Today Read at Spybot "Before you post a log", followed instructions, did scan at [Bit Defender Virus Scan] site, Spybot scan & downloaded HJT files into [C:Antispyware2006] folder(there is a previous "Antispyware" folder from when I got help here in May2005-didnt know if I was supposed to erase it.).

    11. Attempted to use HJT to scan but got "Unexpected Error" message.

    :o I sure hope that you can help me or direct me to where I can get help.
    I also hope I didnt give TOO much info BUT that I gave enough.

    Thank you from Dorothy-Im still hopeful that this situation can be fixed

  2. #2
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    can you install new programs ?

    i'd like you to do the following:


    Please download ewido anti malware it is a free version of the program.
    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck..
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful")
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    Once the updates are installed do the following:

    reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.


    then launch ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido security suite.

    reboot back to normal mode, post the ewido report here

    i'd really need to see the full contents of the error messages, especially if ther is a mention of a missing file.. could you try to write them ?
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  3. #3
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image" & "Unexpected Error" messages

    Hi "illukka":

    Thank you for your reply and request. Yes...I can download new programs.

    Sorry I took so long to get back to you.I had to go out of town for a few days. I will do as you requested and get back to you as soon as I've finished.

    Thanks again. from Dorothy

  4. #4
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image" & "Unexpected Error" messages

    Hi illukka:


    Here are the "ewido anti malware reports that you requested.

    I had to use the "manual updates" link.

    There were 2 choices of update databases that seemed to be both the same size, (didnt know which to choose),so I installed the "most recent database" choice first ,rebooted into Safe Mode, chose "Complete System Scan".
    A message came up that said "Remove"(I had no choice of "Clean") so I clicked it, saved the first scan in "My Documents".

    I then went back to the manual updates link, installed the full update database, rebooted to safe mode, chose Complete Computer Scan-, and saved that report as well (2nd report).

    ewido first report

    --------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 2:17:33 AM, 12/02/2006
    + Report-Checksum: 42C5A90A

    + Scan result:

    C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup


    ::Report End

    ewido 2nd report
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 3:41:52 AM, 12/02/2006
    + Report-Checksum: 71C78A61

    + Scan result:

    C:\System Volume Information\_restore{4FB30166-1CDF-4883-93F0-E2BED21D25AA}\RP154\A0057426.ocx -> Adware.Coupons : Cleaned with backup


    ::Report End

    Question:

    Should I do another scan? It seems that there were 2 different things found.

    Error Messages

    I will write out the error messages just as they appear so you can see the file names. I'll be back to post them in another reply.

    Thanks for your help. Please let me know what else I should do...another ewido scan, etc.

    from Dorothy...still hopeful

  5. #5
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    actually its the same detection, first its found in the filesystem> cleaned. then the second scan finds it in system restore

    no malware, at least visible malware there

    lets still check some more:
    Download and Save Blacklight to your desktop:

    Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

    You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

    Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  6. #6
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image" & "Unexpected Error" Messages

    Hi:

    I downloaded & saved Blacklight as you requested.
    I didnt see "scan through Windows Explorer";
    I only saw a "box" for hidden processes,( was it supposed to scan more???)so I clicked scan, then next.

    The results were no hidden processes.

    Here is copy of the log that was on my desktop.

    Log fsbl-2--6-215190329

    02/15/06 14:03:29 [Info]: BlackLight Engine 1.0.30 initialized
    02/15/06 14:03:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    02/15/06 14:03:29 [Note]: 7019 4
    02/15/06 14:03:29 [Note]: 7005 0
    02/15/06 14:04:02 [Note]: 7006 0
    02/15/06 14:04:02 [Note]: 7011 472
    02/15/06 14:04:03 [Note]: FSRAW library version 1.7.1014
    02/15/06 14:05:41 [Note]: 7006 0
    02/15/06 14:05:41 [Note]: 7011 472
    02/15/06 14:05:41 [Note]: FSRAW library version 1.7.1014
    02/15/06 14:07:13 [Note]: 7007 0


    I hope this is okay & what you were looking for. Pls let me know.
    Im going to post the "Unexpected Error " essages & "Bad Image" message in a separate reply, just to keep things organized.

    Thanks...looking forward to hearing from you.
    from Dorothy

  7. #7
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image" & "Unexpected Error" Messages

    Hi again:

    Here are the particulars of the message boxes that appear:

    1. Task Manager:

    [taskmgr.exe-Bad Image]
    [This application or DLL C:Windows/system32/VDMDBG.dll is not a valid Windows image. Please check this against your installation diskette.]

    This is the message that appears for Task Manager when I hit
    Ctrl>Alt>Delete. Nothing shows up when I right-click on the lower taskbar..
    This message keeps coming up 4 to 5 times after clicking [ok] or [X], before it disappears.Task Manager window does not appear.

    2. Spybot-Search & Destroy version 1.4:

    [SpybotSD.exe-Bad Image]
    [The application or DLL C:Windows/system32/SrClient.dll is not a valid Windows Image. Please check this against your installation diskette.]

    This message box appears no matter what I click for Spybot(desktop icon,or from [start]>[all programs].
    However, when you click [ok] or [X] to close the message, the program does load and check for updates and check for problems.

    3. MSN Messenger version 7.5(Build 7.5.0324):

    [msnmsgr.exe-Bad Image]
    [The application or DLL C:Windows/system32/msdmo.dll is not a valid Windows image. Please check this against your installlation diskette.]

    When you click [ok] or [X] to close the message, MSN does load and run without any problems as far as I know.

    4. Spyware Blaster:

    [SpywareBlaster]
    [Unexpected error]

    For a split second, I can see that the Spyware Blaster window is trying to open, but then the [Unexpected error] message appears. Spyware Blaster opening window does not load so I cant even check for updates....not sure if it is blocking the sites its supposed to and I dont know how to check if it is running.

    5. System Restore:

    [rstrui.exe-Bad Image]
    [The application or DLL C:Windows/system32/srclient.dll is not a valid Windows image. Please check this against your installation diskette.]

    Takes 6-7 clicks on [ok] or [X] to close this message box; then [Welcome to System Restore] window comes up, showing a dot in [Restore my computer to an earlier time]. I click [next], then this message box below appears:

    [System restor:rstrui.exe-Bad Image]

    I can click on link for [System Restore Settings] and access [System Properties]. I am afraid to click the box for [turn off system restore] because message comes up telling me all restore points will be lost.

    I can click[Create a restore point]>[next] and the window comes up for me to create a restore point & type a description.

    I can click [back], and click back and forth between [Restore computer...] and [Create a restore....]. The error messages dont show up, but I cant access calendars to choose a restore date.

    As far as I know, these are the only messages and programs affected.

    Any ideas? Please let me know.

    Thanks a lot for your help so far. Still hopeful.
    from Dorothy

  8. #8
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    this could be a fileinfector virus. lets try these tools first:

    Please download the free MWAV antivirus tool from here:
    ftp://ftp.microworldsystems.com/download/tools/mwav.exe
    Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.

    then:
    Create a folder on your desktop called Sysclean.
    Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
    Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
    Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
    Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

    Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

    Open the sysclean-folder and doubleclick sysclean.com.
    Check: Automatically clean or delete detected files.
    Click scan.
    When the scan is finished, open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

    is hijackthis still unavailable?

    could you try this:
    http://diamondcs.com.au/downloads/asviewer.zip

    unzip, then launch the program
    when it has loaded click file> save to save its logfile. post that here
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  9. #9
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Imaage"&"Unexpected Error" messages

    Hi again:
    I got your post of Feb.16. I was unavailable yesterday to follow your instructions. Doing them. Will get back to you with info when I'm finished.
    Thanks from Dorothy ....still hopeful

  10. #10
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image"&"Unexpected Error" messages

    Hi illukka:

    Below is the log for the MWAV antivirus tool. I clicked on [view log] and copied from MWAV Notepad. Hope this is what you wanted.

    By the way, a [Bad Image] message came up when I double-clicked the MWAV icon on my desktop but it appears to have run anyway. The DLL mentioned is the same one as mention for the Task Manager [Bad Image] message.(Just curious if this means anything).

    MWAV antivirus tool message:

    [mwavscan.com-Bad Image]

    [The application DLL or C:windows/system32/VDMDBG.DLL is not a valid Windows image. Please check this against your installation diskette.]



    Log for the MWAV antivirus tool:

    Sat Feb 18 13:01:02 2006 => **********************************************************
    Sat Feb 18 13:01:02 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
    Sat Feb 18 13:01:02 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
    Sat Feb 18 13:01:02 2006 => **********************************************************
    Sat Feb 18 13:01:02 2006 => Source: C:\DOCUME~1\DOROTH~1\Desktop\mwav.exe
    Sat Feb 18 13:01:03 2006 => Version 8.1.8 (C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\mwavscan.com)
    Sat Feb 18 13:01:03 2006 => Log File: C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\MWAV.LOG
    Sat Feb 18 13:01:03 2006 => MWAV Registered: FALSE.
    Sat Feb 18 13:01:03 2006 => OS Type: Windows Workstation
    Sat Feb 18 13:01:03 2006 => Local Fixed Drives: c:\
    Sat Feb 18 13:01:03 2006 => MWAV Mode: Only Scan files.
    Sat Feb 18 13:01:03 2006 => Latest Date of files inside MWAV: 16 Feb 2006 12:40:42.
    Sat Feb 18 13:01:08 2006 => AV Library Loaded...
    Sat Feb 18 13:01:08 2006 => MWAV doing self scanning...
    Sat Feb 18 13:01:08 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavss.exe
    Sat Feb 18 13:01:08 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\Getvlist.exe
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavss.dll
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavssdi.dll
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavssi.dll
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavvlg.dll
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\msvlclnt.dll
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\ipc.dll
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\main.avi
    Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\virus.avi
    Sat Feb 18 13:01:09 2006 => MWAV files are clean.
    Sat Feb 18 13:01:19 2006 => Virus Database Date: 2/16/2006
    Sat Feb 18 13:01:19 2006 => Virus Database Count: 177018

    Sat Feb 18 13:03:22 2006 => **********************************************************
    Sat Feb 18 13:03:22 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
    Sat Feb 18 13:03:22 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
    Sat Feb 18 13:03:22 2006 =>
    Sat Feb 18 13:03:22 2006 => Support: support@mwti.net
    Sat Feb 18 13:03:22 2006 => Web: http://www.mwti.net
    Sat Feb 18 13:03:22 2006 => **********************************************************
    Sat Feb 18 13:03:22 2006 => Version 8.1.8 (C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\mwavscan.com)
    Sat Feb 18 13:03:22 2006 => Log File: C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\MWAV.LOG
    Sat Feb 18 13:03:22 2006 => User Account: Dorothy Blake
    Sat Feb 18 13:03:22 2006 => Windows Root Folder: C:\WINDOWS
    Sat Feb 18 13:03:22 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
    Sat Feb 18 13:03:22 2006 => OS: Windows XP
    Sat Feb 18 13:03:23 2006 => Latest Date of files inside MWAV: 16 Feb 2006 12:40:42.

    Sat Feb 18 13:03:23 2006 => Options Selected by User:
    Sat Feb 18 13:03:23 2006 => Memory Check: Enabled
    Sat Feb 18 13:03:23 2006 => Registry Check: Enabled
    Sat Feb 18 13:03:23 2006 => StartUp Folder Check: Enabled
    Sat Feb 18 13:03:23 2006 => System Folder Check: Enabled
    Sat Feb 18 13:03:23 2006 => System Area Check: Disabled
    Sat Feb 18 13:03:23 2006 => Services Check: Enabled
    Sat Feb 18 13:03:23 2006 => Drive Check: Enabled
    Sat Feb 18 13:03:23 2006 => All Drive Check :Disabled
    Sat Feb 18 13:03:23 2006 => Drive Selected = C:\
    Sat Feb 18 13:03:23 2006 => Folder Check: Disabled
    Sat Feb 18 13:04:54 2006 => ERROR!!! Unable to Load Memory List...
    Sat Feb 18 13:04:54 2006 => ERROR!!! LoadMemory Fails

    Sat Feb 18 13:04:54 2006 => Total Objects Scanned: 0
    Sat Feb 18 13:04:54 2006 => Total Critical Objects: 0
    Sat Feb 18 13:04:54 2006 => Total Disinfected Objects: 0
    Sat Feb 18 13:04:54 2006 => Total Objects Renamed: 0
    Sat Feb 18 13:04:54 2006 => Total Deleted Objects: 0
    Sat Feb 18 13:04:54 2006 => Total Errors: 2
    Sat Feb 18 13:04:54 2006 => Time Elapsed: 00:01:31
    Sat Feb 18 13:04:54 2006 => Virus Database Date: 2/16/2006
    Sat Feb 18 13:04:54 2006 => Virus Database Count: 177018

    Sat Feb 18 13:04:54 2006 => Scan Completed.

    I will post this now; later I'll post the sysclean.log

    Thanks again for your patience and help from Dorothy ...still hoping...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •