XP Pro: Following MS updates, now unable to open Regedit or Command
atandhmb
Malke
> Start\run\regedit just removes all the icons on the desktop for a few
> seconds and they then re-appear. Any help appreciated.
This is very unlikely to have been caused by a Windows Update. It sounds
much more likely that your computer is infected. Be sure it's not:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
However, if you're really convinced that the computer is clean and that a
Windows Update caused this, go to Add/Remove Programs, click the show all
updates box at the top, and uninstall the update(s) that you think caused
this. Don't forget to reboot. If uninstalling the update(s) solves the
issue, install them back one at a time testing after each. If you can
pinpoint the culprit, contact Microsoft for free help with this update.
Start a free Windows Update support incident request -
https://support.microsoft.com/oas/default.aspx?gprid=6527
Support for Windows Update - http://support.microsoft.com/gp/wusupport
For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates. When you call, clearly state that your problem is
related to a Security Update and cite the update's KB number (e.g.,
KB958644).
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
Jose
> Start\run\regedit just removes all the icons on the desktop for a few seconds and they then re-appear.
> Any help appreciated.
...and what happens when you try to open Command (how do you do that
and what do you see).
Download Malwarebytes free software, update it, and run a full scan
and see what that does for you.
atandhmb
"Jose" <jose...@yahoo.com> wrote in message
news:88a2733e-0cdd-45a6...@m24g2000vbp.googlegroups.com...
On May 4, 7:42 am, "atandhmb" <zen18...@zen.co.uk> wrote:
> Start\run\regedit just removes all the icons on the desktop for a few
> seconds and they then re-appear.
> Any help appreciated.
...and what happens when you try to open Command (how do you do that
and what do you see).
Very interesting: I have always used the short form, i.e. cmd.
start|run|cmd behaves in same way as Regedit (above), however
start|run|command is OK. Is there a clue anywhere here.
Malke
>
> "Jose" <jose...@yahoo.com> wrote in message
> news:88a2733e-0cdd-45a6...@m24g2000vbp.googlegroups.com...
> On May 4, 7:42 am, "atandhmb" <zen18...@zen.co.uk> wrote:
>> Start\run\regedit just removes all the icons on the desktop for a few
>> seconds and they then re-appear.
>> Any help appreciated.
>
> ...and what happens when you try to open Command (how do you do that
> and what do you see).
>
> Very interesting: I have always used the short form, i.e. cmd.
> start|run|cmd behaves in same way as Regedit (above), however
> start|run|command is OK. Is there a clue anywhere here.
Yes, that is a clue. Command is the older 16-bit program included in XP only
to provide backwards compatibility for older (*much* older) programs. The
correct command prompt program to use in XP is cmd.exe. Since you can't run
it, you need to follow the advice given previously by me and by Jose and
scan your computer for malware.
atandhmb
"Malke" <ma...@invalid.invalid> wrote in message
news:%23IVyD0M...@TK2MSFTNGP06.phx.gbl...
Thanks. I will do that. meantime I have just restored, back to 1st May. The
options I had were 1st, 2nd, 3rd and 4th May only.
Another possible clue. AVG8 will not update. I cannot bring up the message
again, but I did message to the effect that "access is forbidden by the
server". I would think that is another clue.
I have used AVG and ZoneAlarm for many years on all my computers.
Thanks again.
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
http://groups.google.com/group/microsoft.public.outlookexpress.general/browse_frm/thread/35cc50fd67c61814/780bd8561379794b
Better yet, read the thread in your newsreader as all posts were HTML.
Subject: XP Pro Microsoft Updates reverting messages folder back to default
NGs: OE General; OE6
--
~Robear
PA Bear [MS MVP]
You've definitely got a hijackware infection on your hands! You should NOT
use System Restore as a workaround for these problems.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
Malke
> @malke: cf.
>
http://groups.google.com/group/microsoft.public.outlookexpress.general/browse_frm/thread/35cc50fd67c61814/780bd8561379794b
>
> Better yet, read the thread in your newsreader as all posts were HTML.
>
> Subject: XP Pro Microsoft Updates reverting messages folder back to
> default NGs: OE General; OE6
Thanks, Robear. Lordy, I hate when posters do this. He's now got tons of
people working on his issue in two separate places. And he's still not
taking care of bidness. [sigh]
PA Bear [MS MVP]
> PA Bear [MS MVP] wrote:
>
>> @malke: cf.
>>
> http://groups.google.com/group/microsoft.public.outlookexpress.general/browse_frm/thread/35cc50fd67c61814/780bd8561379794b
>>
>> Better yet, read the thread in your newsreader as all posts were HTML.
>>
>> Subject: XP Pro Microsoft Updates reverting messages folder back to
>> default NGs: OE General; OE6
>
> Thanks, Robear. Lordy, I hate when posters do this. He's now got tons of
> people working on his issue in two separate places. And he's still not
> taking care of bidness. [sigh]
@htandhmb: Post any/all further follow-up in a reply to *this* thread only.
(Plain Text preferred.)
--
~PA Bear
atandhmb
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:%23FEn4ZP...@TK2MSFTNGP06.phx.gbl...
> Malke wrote:
>> PA Bear [MS MVP] wrote:
>>
>>> @malke: cf.
>>>
>> http://groups.google.com/group/microsoft.public.outlookexpress.general/browse_frm/thread/35cc50fd67c61814/780bd8561379794b
>>>
>>> Better yet, read the thread in your newsreader as all posts were HTML.
>>>
>>> Subject: XP Pro Microsoft Updates reverting messages folder back to
>>> default NGs: OE General; OE6
>>
>> Thanks, Robear. Lordy, I hate when posters do this. He's now got tons of
>> people working on his issue in two separate places. And he's still not
>> taking care of bidness. [sigh]
>
was OE.
When it became obvious that it was more appropriate to the "XP" site I then
raised it here some 3 days later.
If you take the trouble to read my first post on this site, you will note I
make no mention of OE issues and give very specific information.
I have posted 3 times here with facts, which incidentally still hold.
I have posted replies to the OE site as a matter of courtesy to P A Bear who
has given time to my problem.
And, incidentally, I have been following advice. As a start, last night I
ran the Windows Live One Care safety scanner, but this proved unsuccessful.
This was following P A Bears advice and I will follow in order what he has
suggested.
I had hoped the message from AVG Update - "access is forbidden by the
server" might have provided a clue.
If I am doing something wrong I am happy to fall in line with any reasonable
suggestion as I do appreciate the time that knowledgeable people give to
helping others who are struggling, but don't forget that it is natural to
follow one's own inclinations as well.
Incidentally, what is "bidness".
Malke
Snip all else except the relevant bit:
> Incidentally, what is "bidness".
It means that numerous people have given you very specific troubleshooting
steps and you haven't done them.
My original post to you said for you to do two separate troubleshooting
paths:
1. Make sure the computer is 100% virus/malware-free.
http://www.elephantboycomputers.com/page2.html#Removing_Malware
My steps are very thorough, require a fair amount of prep work, and also
require getting various tools/updates from a known-clean machine. Perhaps
I've missed it in this overly-long thread, but I don't see where you've
done this.
Scanning for malware must be a) systematic; and b) thorough or you don't
know if you are working from a clean base. Scanning with an online scanner
doesn't cut it as far as I'm concerned. PA Bear wanted you to start there
(I don't include online scanners in my malware removal process but I
respect that he does) but the operating words in that sentence are "start
there". Simply attempting an online scan - which you couldn't complete -
isn't enough. The fact that you couldn't complete it is in itself a clue
that the machine could be infected.
And the AVG message just tells us something is wrong and the first thing to
determine when your antivirus says something is wrong is whether the
something that is wrong is caused by malware infection. That coupled with
the inability to run cmd and regedit points to infection. In all my many
years as a professional computer tech, I've never seen a Windows Update
disable cmd and regedit and but I have seen viruses/malware do it many,
many times.
2. If the computer is proved to be completely clean - and *only* after that
has happened - uninstall the updates that you think caused the issue and
test. If all is well, then install the updates one at a time testing after
each change.
Because you haven't done any of this and *reported back the results*, we
can't go forward with more troubleshooting. And that is what I meant when I
said you weren't taking care of "bidness" (business).
If you can't do the work yourself - and there is no shame in admitting this
isn't your cup of tea - take the machine to a professional computer tech
for diagnosis and repair. I don't recommend using a
BigComputerStore/GeekSquad type of place.
PA Bear [MS MVP]
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
Jose
> "PA Bear [MS MVP]" <PABear...@gmail.com> wrote in messagenews:%23FEn4ZP...@TK2MSFTNGP06.phx.gbl...
>
> > Malke wrote:
> >> PA Bear [MS MVP] wrote:
>
> >>> @malke: cf.
>
If you do a Google search for: cmd and regedit don't work
you will get some hits. Some more interesting that others and some
are quite useless, but look at the ones like this from
bleepingcomputer.com:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t221879.html
These sufferers have also tried many things with your similar or
exactly problem to no avail.
There is another post that has the user run ComboFix and his (your)
problem was solved. I think they may have sent a PM (Private Message)
or two that is not in some of the posts, but they have your esact
problem, tried a lot of things and these bleeping people got them
running.
The helpers there will look at your Hijack and ComboFix reports and
seem to do quite a detailed analysis and lots of easy to follow
instructions, they seem very patient, but you have to register and all
that stuff to get help and I don't have your problem...
If I were you, I think I would try these people. It would be most
helpful to know later what fixes your problem.
PA Bear [MS MVP]
Jose wrote:
<snip>
> There is another post that has the user run ComboFix and his (your)
> problem was solved...
Jose
Yes - this is true about ComboFix. Just reading the instructions, you
better be paying attention, and then be prepared to punt just in case.
Those bleeping people had much to say about the ComboFix logs people
uploaded, so at least they seem to actually look at it - and the
Hijack logs.
Of course, ComboFix turned up absolutely nothing wrong with my system
here.
atandhmb
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t221879.html
MIRACLE (forgive caps)
The above solution worked first time: resolved the inability to open Regedit
and Cmd, and also fixed the "Access is forbidden by the Server" problem.
One thing. The file JWMRUS.YDS is not present anywhere in "my computer".
It is a mystery to me how this happened.
Having tried several Registry Cleaners without success I was about to
re-install.
I am so grateful to all who gave their time to this problem.
Thanks again.
Jose
> "Jose" <jose_e...@yahoo.com> wrote in message
>
> MIRACLE (forgive caps)
> The above solution worked first time: resolved the inability to open Regedit
> and Cmd, and also fixed the "Access is forbidden by the Server" problem.
> One thing. The file JWMRUS.YDS is not present anywhere in "my computer".
> It is a mystery to me how this happened.
> Having tried several Registry Cleaners without success I was about to
> re-install.
> I am so grateful to all who gave their time to this problem.
> Thanks again.
>
> These sufferers have also tried many things with your similar or
> exactly problem to no avail.
>
> problem was solved. I think they may have sent a PM (Private Message)
> or two that is not in some of the posts, but they have your esact
> problem, tried a lot of things and these bleeping people got them
> running.
>
> seem to do quite a detailed analysis and lots of easy to follow
> instructions, they seem very patient, but you have to register and all
> that stuff to get help and I don't have your problem...
>
> If I were you, I think I would try these people. It would be most
> helpful to know later what fixes your problem.
Another person is having this same sort of problem and needs help.
I feel their experience is not as advanced as yours so want to make it
as easy as possible.
Did you find your solution on that bleeping link?
Can you narrow down what you think was the ultimate fix from that WWW
listing?
Did you have to do any interacting with them to get it working?
I would like to try to come up with as few things as possible to try
for the future.
Really glad it is working!
atandhmb
I am at a loss as to why I had a problem in the first place although I think
it was following a download of MS Office, but others on this thread think
this unlikely.
I posted immediately after the Bleeping link to indicate that is where I got
the solution. I just followed the instructions and all was resolved first
time. I do not have a clue what caused the problem or, indeed, why the
instructions worked.
I was hoping someone might come up with a suggestion.
It is interesting that the file JWMRUS.YDS which seemed to be important is
not on my computer.
I am hoping that P A BEAR and the other guy can throw some light on this.
Thanks again.
PA Bear [MS MVP]
<snip>
Something tells me you only followed the instructions in Post #2 of that
thread
(http://www.bleepingcomputer.com/forums/lofiversion/index.php/t221879). Am
I correct?
atandhmb
I followed (blindly) from the start (pinkruby Apr 23 2009, 07:29), thru next
posting (farbar Apr 24 2009, 04:52), thru (pinkruby Apr 24 2009, 07:45),
thru (farbar Apr 25 2009, 03:55), thru (pinkruby Apr 25 2009, 04:26) at
which point I stopped as my problems were resolved.
However, a problem remains and I do not have a clue if/how it is related.
During the various tests I did to resolve the problem, I unchecked ZoneAlarm
(zlclient) in the System Configuration Utility and I cannot re-activate it.
This means that I am always in Selective Startup.
What happens is this:
( I am doing this as I write this)
Click Startup tab
Tick zlclient
Click Apply and either click Close or General tab which shows Normal Startup
and then click Close
Restart - it never works. When I reboot I am always in Selective Startup
with a green square against Load Startup Items and under Startup tab,
zlclient is unchecked.
I reckon I've tried about 20 times.
Following your remarks I decided to go back to bleepingcomputer.com and try
the next phase which was to run malwarebytes anti-malware cleaner. 25 items
were found; all referring to (from memory) rogue.malwarebyte.............
These were cleaned up OK.
Nevertheless I still have the problem of not being able to do anything with
MSCONFIG.
My current thought is...........should I go back to bleepingcomputer.com and
try the third thing (Java)
Note: I have had 2 (maybe 3) different scans which show my machine OK.
Do you think it is some infection that is causing the problem with MSCONFIG?
Regards
Jose
> "PA Bear [MS MVP]" <PABear...@gmail.com> wrote in messagenews:%23zNv9Lz...@TK2MSFTNGP05.phx.gbl...
You got your original problem fixed, right? That is only what my
bleeping reference was about. It already helped fix another guy with
the same issue of regedit and cmd. I think you should be done with
that part of bleeping for now.
I thought I mentioned Malwarebytes (I should have). Your original
problem is that some scanning softwares will find the trojan problem
and "fix" it, but sometimes leave crap in the registry - maybe the
scanners don't know about that. That is what seems to make CMD and
regedit not work (usually both). Fixing the registry by hand after a
scan gets it working so far.
Now you have a new problem? In MSCONFIG, you want to tick your zone
alarm and do, but it won't stay ticked when you reboot? That is a new
problem. I don't use ZA - is there a service or something that might
need to be set to automatic? Is it painful to uninstall reinstall ZA?
Clear you Event Logs and reboot or try to look at events from just the
last reboot. Any ZA clues there?
Are you using the ZA firewall feature and the Windows firewall on the
same computer at the same time?
Is MSCONFIG showing up every time you reboot? There is a check box
about to at least turn that off which you should be able to find.
Jose
> "PA Bear [MS MVP]" <PABear...@gmail.com> wrote in messagenews:%23zNv9Lz...@TK2MSFTNGP05.phx.gbl...
Oh yeah - if your original problem for this thread is resolved, why
not start a new one with an appropriate title with your new problem
and details? That way, it might get the attention of additional
eyeballs.
PA Bear [MS MVP]
You should seldom, if ever, follow instructions/fixes posted for another
user in such a forum. Doing so may only make matters worse.
1. Open your browser to this page:
http://www.bleepingcomputer.com/forums/forum22.html. Read & adhere to
everything in the Forum Guidelines section. Follow the instructions here:
http://www.bleepingcomputer.com/forums/topic34773.html
2. When you describe your problem and what you've done so far to fix them,
please include the following two (2) links to your newsgroup threads so the
expert handling your case knows the full background:
3. Since you've already used MBAM, I'd recommend posting the log from the
MBAM scan in your first post, too (assuming you had the presence of mind to
save it).
NB: Even though you may have have resolved your original problems, I think
it'd be best to post in that hijackware-specific forum at
bleepingcomputer.com anyway to make SURE the machine is 100% clean (despite
what Jose's been telling you in this thread).
Note the most of the above is what both Malke and I had recommended to you
earlier this week.
atandhmb
"You should seldom, if ever, follow instructions/fixes posted for another
user in such a forum. Doing so may only make matters worse."
regedit.
I did keep the log as "File Save as" to desktop under a specifically named
folder (Malware Removed 25 items). Unfortunately this is an empty folder and
I don't know why, as it saved OK.
However, I seem to remember it was saved by Malware in a log somewhere - I
will try to retrieve it.
Failing this I can resurrect the condition.
Taking the other advice I will open up a new thread about the ZoneAlarm
problem.
Following some googling it is apparent that the problem is only that I
cannot activate zlclient in Startup and it occurs to me that I will be able
to resolve this someway.
Kind Regards and again thanks.
PA Bear [MS MVP]
atandhmb wrote:
<snip>
>>> Do you think it is some infection that is causing the problem with
>>> MSCONFIG?
>>
>> You should seldom, if ever, follow instructions/fixes posted for another
>> user in such a forum. Doing so may only make matters worse.
>>
>> 1. Open your browser to this page:
>> http://www.bleepingcomputer.com/forums/forum22.html. Read & adhere to
>> everything in the Forum Guidelines section. Follow the instructions
>> here:
>> http://www.bleepingcomputer.com/forums/topic34773.html
>>
>> 2. When you describe your problem and what you've done so far to fix
>> them,
>> please include the following two (2) links to your newsgroup threads so
>> the expert handling your case knows the full background:
>>
>> http://groups.google.com/group/microsoft.public.windowsxp.general/browse_frm/thread/dc1e9a3c458f8ea1/113cf8a4fc64e9dc?#113cf8a4fc64e9dc
>>
>> http://groups.google.com/group/microsoft.public.outlookexpress.general/browse_frm/thread/35cc50fd67c61814/3d52847cdbdb17e1?#3d52847cdbdb17e1
>>
>> 3. Since you've already used MBAM, I'd recommend posting the log from the
>> MBAM scan in your first post, too (assuming you had the presence of mind
>> to save it).
>>
>> NB: Even though you may have resolved your original problems, I think
>> it'd be best to post in that hijackware-specific forum at
>> bleepingcomputer.com anyway to make SURE the machine is 100% clean
>> (despite what Jose's been telling you in this thread).
>>
>> Note the most of the above is what both Malke and I had recommended to
>> you
>> earlier this week.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>
> I don't know why you state:
> "You should seldom, if ever, follow instructions/fixes posted for another
> user in such a forum. Doing so may only make matters worse."
> This guy had EXACTLY the same problem as me, i.e. couldn't run cmd and
> regedit.
Yes, but *his* infection was most likely not the same as *yours*. (Most
responsible experts will post a disclaimer in their first reply to such a
thread similar to the following:
<QP>
These instructions are only for the forum member who started this thread. If
you use these instructions on another machine, you risk seriously damaging
the system and doing so will make clean-up much more difficult and
complicated. If you think you have a similar problem, please begin your own,
new thread.
</QP>
> I did keep the log as "File Save as" to desktop under a specifically named
> folder (Malware Removed 25 items). Unfortunately this is an empty folder
> and
> I don't know why, as it saved OK.
Could be the result of still-present hijackware.
> However, I seem to remember it was saved by Malware in a log somewhere - I
> will try to retrieve it.
> Failing this I can resurrect the condition.
A new log won't contain the same info.
> Taking the other advice I will open up a new thread about the ZoneAlarm
> problem.
<SNIP>
I wouldn't do so until you're absolutely certain the machine's 100% clean.
In any event, you should post here about ZA issues:
http://forums.zonelabs.com/zonelabs