AXWIN Frame Window SVCHOST.exe Application Error

151 views
Skip to first unread message

Frank M

unread,
Jan 22, 2010, 10:08:01 AM1/22/10
to
Have an Xp home system infected with a virus or worm. Receive the following
message: AXWIN Frame Window SVCHOST.exe Application Error. If I click OK the
computer locks up and will not shutdown.
The event log show an event ID 1000.
Have run several virus scans and have run Netsky removal tool. The message
pops up after the computer has been running for several minutes.
My customer has lost her CD's so, I am reluctant to reformat the hard drive.
Would appreciate any suggestions.
Thanks,
Frank M

~BD~

unread,
Jan 22, 2010, 1:33:58 PM1/22/10
to

PA Bear [MS MVP]

unread,
Jan 22, 2010, 4:28:21 PM1/22/10
to
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help.

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via...

Consumer Security Support home page
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

[$50 consulting fee, please.]

~BD~

unread,
Jan 22, 2010, 6:31:31 PM1/22/10
to
DHL recently said:

2. The Microsoft news Server is controlled by the Microsoft News Server admin (now
outsourced) and based upon their criteria, the server admin may choose to delete posts
from their server. This will include spam, posts with improper material and posts made by
such personalities as PCBUTTS1, Alias and Kevin Panzke.


Please will you confirm that this 'admin' team check all links - in posts like this one from PABear - to ensure that they go to bona fide web sites which are free from malware.


(Comments invited from everyone)

@nomail.afraid.org FromTheRafters

unread,
Jan 22, 2010, 6:33:16 PM1/22/10
to

~BD~

unread,
Jan 22, 2010, 6:59:51 PM1/22/10
to

BoaterDave

unread,
Jan 22, 2010, 7:20:01 PM1/22/10
to

"FromTheRafters" wrote:

Is this your personal Blog site, FTR?

There doesn't seem to be very much activity in the forums!

--
Dave

@nomail.afraid.org FromTheRafters

unread,
Jan 22, 2010, 7:49:31 PM1/22/10
to
"BoaterDave" <Boate...@discussions.microsoft.com> wrote in message
news:913F5FF0-CE78-4381...@microsoft.com...

No, I don't blog.

> There doesn't seem to be very much activity in the forums!

Don't know about that either. Of course there is *always* the chance
that additional and perhaps related malware can pose as a removal tool.


nobody >

unread,
Jan 22, 2010, 10:00:22 PM1/22/10
to
~BD~ > wrote:
> DHL recently said:
>
> 2. The Microsoft news Server is controlled by the Microsoft News
> Server admin (now
> outsourced) and based upon their criteria, the server admin may choose
> to delete posts
> from their server. This will include spam, posts with improper material
> and posts made by
> such personalities as PCBUTTS1, Alias and Kevin Panzke.
>
>
> Please will you confirm that this 'admin' team check all links - in
> posts like this one from PABear - to ensure that they go to bona fide
> web sites which are free from malware.
>
>
> (Comments invited from everyone)
>

You are *fucking* *paranoid* !!

FWIW, "PABear" may piss some people off, but I don't believe he'd
intentionally post a link to malware.

Just to "wind you up" a little tighter, the number of innocent websites
that have been hacked to deliver malware has started increasing on a
logarithmic scale.

What was the flavor of the Koolaid you drank?

@nomail.afraid.org FromTheRafters

unread,
Jan 22, 2010, 10:55:47 PM1/22/10
to
"nobody >" <useneth...@aol.com> wrote in message
news:LYidnRM1-b_V-8fW...@supernews.com...

[...]

...and a local privilege escalation vulnerability makes it like
everybody runs as admin.


~BD~

unread,
Jan 23, 2010, 3:49:05 AM1/23/10
to
On 23/01/2010 03:00, nobody > wrote:
>
> Just to "wind you up" a little tighter, the number of innocent
> websites that have been hacked to deliver malware has started
> increasing on a logarithmic scale.
>

The word you were struggling to find was *exponentially*!

No - I'm not paranoid - just well informed.

My concerns are voiced well in the video clips here from Trend Micro

http://www.trendmicro.co.uk/worryfreeservices/index.html?mpt=1618305658&WT.mc_id=wf_uk_GoogleContent_336x280

OR

http://snurl.com/u60f4

Things *have* changed! ;)

davidbenston

unread,
Feb 18, 2010, 8:22:28 PM2/18/10
to

Just once I would like to see someone respond with "I don't know" rather than post a bunch of generic, useless advice, and/or "You're screwed-reinstall".

Even better- if you don't know shut the hell up and save the wear-and-tear on your keyboard.

Though I suppose "Geek Squad sucks!" is always relevant info.

PA Bear [MS MVP] wrote:

NB: If you had no anti-virus application installed or the subscription

22-Jan-10

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows

Update, do not waste your time with any of the below: Format & reinstall


Windows. A Repair Install will NOT help.

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via...

Consumer Security Support home page
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
??? http://mvps.org/winhelp2002/unwanted.htm
??? http://inetexplorer.mvps.org/tshoot.html
??? http://www.mvps.org/sramesh2k/Malware_Defence.htm
??? http://www.elephantboycomputers.com/page2.html#Removing_Malware

If these procedures look too complex - and there is no shame in admitting

this is not your cup of tea - take the machine to a local, reputable and


independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

[$50 consulting fee, please.]

Frank M wrote:

Previous Posts In This Thread:

On Friday, January 22, 2010 10:08 AM
Frank M wrote:

AXWIN Frame Window SVCHOST.exe Application Error
Have an Xp home system infected with a virus or worm. Receive the following
message: AXWIN Frame Window SVCHOST.exe Application Error. If I click OK the
computer locks up and will not shutdown.
The event log show an event ID 1000.
Have run several virus scans and have run Netsky removal tool. The message
pops up after the computer has been running for several minutes.
My customer has lost her CD's so, I am reluctant to reformat the hard drive.
Would appreciate any suggestions.
Thanks,
Frank M

On Friday, January 22, 2010 1:33 PM
~BD~ wrote:

On 22/01/2010 15:08, Frank M wrote:Hello FrankSaw your post here:http://www.


On 22/01/2010 15:08, Frank M wrote:
Hello Frank

Saw your post here:

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.security&tid=9cf7b8ed-03c6-4f73-9bfe-8e3938303180&cat=en_US_f2c4c686-2a84-4aaf-b6ec-b34b6f2030c2&lang=en&cr=US&sloc=&p=1

--


Dave (Sometimes man stumbles over the truth ...... Sir Winston Churchill)

On Friday, January 22, 2010 4:28 PM


PA Bear [MS MVP] wrote:

NB: If you had no anti-virus application installed or the subscription
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows

Update, do not waste your time with any of the below: Format & reinstall


Windows. A Repair Install will NOT help.

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via...

Consumer Security Support home page
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
??? http://mvps.org/winhelp2002/unwanted.htm
??? http://inetexplorer.mvps.org/tshoot.html
??? http://www.mvps.org/sramesh2k/Malware_Defence.htm
??? http://www.elephantboycomputers.com/page2.html#Removing_Malware

If these procedures look too complex - and there is no shame in admitting

this is not your cup of tea - take the machine to a local, reputable and


independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

[$50 consulting fee, please.]

Frank M wrote:

On Friday, January 22, 2010 6:31 PM
~BD~ wrote:

PING: David H. Lipman (others please ignore)
DHL recently said:

2. The Microsoft news Server is controlled by the Microsoft News Serve=
r admin (now
outsourced) and based upon their criteria, the server admin may choose to=
delete posts
from their server. This will include spam, posts with improper material =


and posts made by
such personalities as PCBUTTS1, Alias and Kevin Panzke.


Please will you confirm that this 'admin' team check all links - in posts=
like this one from PABear - to ensure that they go to bona fide web site=


s which are free from malware.


(Comments invited from everyone)


On 22/01/2010 21:28, PA Bear [MS MVP] wrote:

re

On Friday, January 22, 2010 6:33 PM
FromTheRafters wrote:

http://www.spywareremovalblog.
http://www.spywareremovalblog.com/threat-explorer/axwin-frame-window-svchost-exe-application-error/

On Friday, January 22, 2010 7:20 PM
BoaterDave wrote:

"FromTheRafters" wrote:Is this your personal Blog site, FTR?
"FromTheRafters" wrote:


Is this your personal Blog site, FTR?

There does not seem to be very much activity in the forums!

--
Dave

On Friday, January 22, 2010 7:49 PM
FromTheRafters wrote:

No, I do not blog.Don't know about that either.
No, I do not blog.


Don't know about that either. Of course there is *always* the chance
that additional and perhaps related malware can pose as a removal tool.

On Friday, January 22, 2010 10:55 PM
FromTheRafters wrote:

[...]...
[...]

....and a local privilege escalation vulnerability makes it like
everybody runs as admin.

On Saturday, January 23, 2010 3:49 AM
~BD~ wrote:

On 23/01/2010 03:00, nobody > wrote:The word you were struggling to find was


On 23/01/2010 03:00, nobody > wrote:

The word you were struggling to find was *exponentially*!

No - I am not paranoid - just well informed.

My concerns are voiced well in the video clips here from Trend Micro

http://www.trendmicro.co.uk/worryfreeservices/index.html?mpt=1618305658&WT.mc_id=wf_uk_GoogleContent_336x280

OR

http://snurl.com/u60f4

Things *have* changed! ;)

--
Dave (Sometimes man stumbles over the truth ...... Sir Winston Churchill)


Submitted via EggHeadCafe - Software Developer Portal of Choice
More Fun with Fluent NHibernate Automapping
http://www.eggheadcafe.com/tutorials/aspnet/50aa9259-6dbb-4d16-9639-81ee42171b00/more-fun-with-fluent-nhib.aspx

@nomail.afraid.org FromTheRafters

unread,
Feb 18, 2010, 8:36:33 PM2/18/10
to

<David Benston> wrote in message
news:201021820...@thepaperhouse.com...

> Just once I would like to see someone respond with "I don't know"
> rather than post a bunch of generic, useless advice, and/or "You're
> screwed-reinstall".

Oh ...I don't know.

Not hijacking someone elses thread would be helpful.
Not changing the subject line in the middle of a thread would be
helpful.
Not ranting about something posted a month ago would be helpful too.


PA Bear [MS MVP]

unread,
Feb 19, 2010, 2:41:42 AM2/19/10
to
Setting up Outlook Express to access Microsoft newsgroups
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

Setting up Windows Mail (in Vista) to access Microsoft newsgroups
http://www.winhelponline.com/blog/microsoft-newsgroup-setup-instructions-for-windows-mail/

Setting up Windows LIVE Mail to access Microsoft newsgroups
http://www.winhelponline.com/blog/ms-newsgroup-setup-instructions-windows-live-mail/

PS: Geek Squad does suck!

~BD~

unread,
Nov 8, 2013, 6:00:09 PM11/8/13
to
~BD~ is STILL awaiting an answer from Mr Lipman.

C'mon David - *why so shy*?

BurfordTJustice

unread,
Nov 9, 2013, 8:12:46 AM11/9/13
to

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:9tWdnTmpvbFk8eDP...@bt.com...

<snip 3 year old shit from supporter of children fucking>

Reply all
Reply to author
Forward
0 new messages