Error: the application was unable to start correctly (0xc0000005).

[GregH]

Hi all,

PC was running fine and shut down correctly. Came to switch it back on and get the above error message on just about every application I click on. No errors on booting up to the Desktop though. Same problem whether it is a shortcut or the actual .exe file. Seems not to affect the 64 bit applications but all 32 bit applications will not start. Even clicking a .pdf document gives this error. Also seems that some Windows stuff is not working properly. For example I can access the Device Manager by clicking its icon directly in the Control Panel but not by clicking it from a a link in a different Control Panel section (just does not respond to the click).

System is Windows 7 X64. Last Windows update ran 3 days ago so I don't think t has anything to do with that?

I ran Bit Defender Anti Virus (up to date virus definitions, paid for version) and it ran OK as it is a 64 bit app and it did not find anything on the virus front. I don't think is is a virus. Also ran C Cleaner a few times. I have not tried a system restore yet but nothing new has been installed, only a Steam update ran in the previous session.

Any ideas welcome, a reformat is too much to consider right now Please help!

PS: I Google'd this and others reported similar issues about a year back and it was attributed to a bad Windows update back then.

 

[Layback Bear]

If it was my computer after checking for infection which you have done. I would use the restore point. Then I would run
sfc /scannow as per this tutorial by Brink.

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

The problem does have the smell of a infection or a PUP.
You could also run Malwarebytes.

No security program finds 100% of everything 100% of the time.

Then check Windows Updates.
If it gives new updates install them one at a time and verify no problems.

P/S: What big case do you have?

 

[GregH]

Thanks Layback Bear,

I tried running System Restore and it returned an error with a note to disable my AV first and try again. I disabled the AV and before running Sys Restore, noticed that everything was working! Turned the AV back on and the error was back. So it seems the issue is with my AV blocking any 32 bit application from running. Even Internet Explorer won't run on this PC. I am going to post my findings on the Bit Defender website to see if they know what this might be. Maybe a corrupt virus definition update? I have 3 PC's running this version of Bit Defender and the other 2 are not affected. Can't rule out that my 7 year old son who's PC this is has not somehow invited a virus or malware onto it.....

Simply turning UAC off completely did not fix the problem either.

Not sure what you mean by "what big case do you have?" The PC is a hand me down to my 7 year old from me when I upgraded my machine, i5 2320 with a GTX480, 8 GB of RAM, Win Home Prem with SP 1. It was a home build, not off the shelf. A couple years old now.

 

[Sir George]

Thanks Layback Bear,

I tried running System Restore and it returned an error with a note to disable my AV first and try again. I disabled the AV and before running Sys Restore, noticed that everything was working! Turned the AV back on and the error was back. So it seems the issue is with my AV blocking any 32 bit application from running. Even Internet Explorer won't run on this PC. I am going to post my findings on the Bit Defender website to see if they know what this might be. Maybe a corrupt virus definition update? I have 3 PC's running this version of Bit Defender and the other 2 are not affected. Can't rule out that my 7 year old son who's PC this is has not somehow invited a virus or malware onto it.....

Simply turning UAC off completely did not fix the problem either.

Not sure what you mean by "what big case do you have?" The PC is a hand me down to my 7 year old from me when I upgraded my machine, i5 2320 with a GTX480, 8 GB of RAM, Win Home Prem with SP 1. It was a home build, not off the shelf. A couple years old now.

"Case A big one " is what you wrote in your system specs. I believe the question from Layback Bear is more in line with a humorous idol curiousity and not related to your problem.

HTH

 

[Layback Bear]

Correct Sir George just curiosity on the case.

Why Bitdefender on this one system is a problem I really don't know.
I have never used it. Take a look in the problem computer and a working computer and see if Bitdefender has the same setting in both systems.

Who make sure that your sons PC is kept up to date?
Windows Up Dates, security updates ect.?

Could you check the computer and see what programs have been installed? Something might get your attentions.
Check for Advanced System Care or anything by IObit for sure.

Did you do this?


SFC /SCANNOW Command - System File Checker

 

[GregH]

Ah OK sorry, I was half asleep on that one!

My case is a Xigmatek (or something like that). A big one referring to the size - one of those bigger towers so there is lots of space to work with and keep it neat. Fortunately that PC is not the one that is affected here, but my son's PC which is pretty much only used for his games and a little homework. Does concern me that this PC is on the same wireless network as mine and in the fear that it is a virus, I have disconnected it from the network.

His PC is set to automatic updates for Windows and AV. I usually keep a check on from time to time.

The guys from Bit Defender have been helpful and also suggested similar to what has been posted here:
Run chkdsk /r from a cmd prompt (running as admin) and then if that did not work, to run the sfc /scannow command. Both reported errors and both claimed they could not fix everything. After running both with and without the AV switched on, still have the same issue.

I also ran a system restore which appeared to run OK to a date two days prior to this issue and that did not resolve the problem.

I will post here if I win with this issue (I have opened a support ticket with Bit Defender and they have been very willing to assist), or any other ideas welcome. Just seems strange that with the AV off, everything seems to work OK, with it on, nothing works. Does that not point to an AV issue? Surely that fact along indicates that the files and the disk are not corrupt? If they were corrupt they would not work, regardless of AV on or off. I might try uninstalling Bit Defender tonight and then re-installing to see what effect that has.

 

[GregH]

UPDATE: At Bit Defenders request I have run a series of logs and emailed these to them. I also downloaded and installed Malwarebytes and ran the updater to get the latest definitions. Surprisingly, it detected 3 threats which it called "Forged Physical Sector" on Master Boot of Volume #0.

I ran Malwarebytes a few times and each time it said it quarantined and cleared this, requested a reboot, which I did. But a new scan would present the same issues, and the same error when trying to open files. Sometimes it would report only 1 or 2 of these Forged Physical Sectors remained.

Then I ran Malwarebytes in Windows "F8 Safe Mode" and although the program still reported the threat after a reboot, all the problems of opening files were gone! In other words, I could once again run applications. So it seems to me that this is the issue.

Surprised that a free download (trial version) of Malwarebytes was able to detect this and a paid up subscription to Bit Defender (Internet Security 2014) does not (or perhaps it does and this is why it is blocking apps from running - but giving cryptic error messages instead of saying something simple like "you got a virus there buddy!".

Now the challenge is to get rid of it properly. I am reporting my findings to the Bit Defender help desk also, but any ideas on how to deal with this?

Cheers!

 

[Layback Bear]

You are gaining on it, that is good.
While you are waiting for BD to get back to you here is another great program I use.

ESET Free Online Scanner :: Complete Malware Detection :: ESET

Again remember nothing finds ever infection 100% of the time.
It's free to try but it is slow.

If you have any backups they are probable also infected. I wouldn't use them.
If the backups are very important I would scan them also.

Here are some instruction for one of our security experts, Jacee

I will go to the ranch and ask for help from a security expert.
Just to make sure your computer is clean.

I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

 

[ICIT2LOL]

In addition to Layback Bears advice try these

http://www.sevenforums.com/tutorials/433-disk-check.html < use the /f option in Option 2 ifnecessary

http://www.superantispyware.com/

http://www.malwarebytes.org/products/malwarebytes_free/

http://www.bleepingcomputer.com/download/adwcleaner/

download from bleeping computer – delete any rubbishthese find.

There are others you can run too like these
Emsisoft Free Emergency Kit: portable malware scanner | Free removal of Viruses,Bots, Spyware, Keyloggers and Trojans < you only need run the Emergency scan and the Command line scan
for something that runs from boot

Download Kaspersky Rescue Disk 10

 

[Slartybart]

UPDATE: At Bit Defenders request I have run a series of logs and emailed these to them.

I also downloaded and installed Malwarebytes and ran the updater to get the latest definitions. Surprisingly, it detected 3 threats which it called "Forged Physical Sector" on Master Boot of Volume #0.

I ran Malwarebytes a few times and each time it said it quarantined and cleared this, requested a reboot, which I did. But a new scan would present the same issues, and the same error when trying to open files. Sometimes it would report only 1 or 2 of these Forged Physical Sectors remained.
.....

This is not a good thing - it's indicative of Rootkit infections.

Finish following what others have suggested and I'll come back with another scanner suggestion after I see some logs.

Please post any logs form the scanners you have already run.

Thanks,

Bill
.

 

[ICIT2LOL]

Hmm well Bill if you are going to post the rootkit scanners I will leave well alone unless I can help with same as I can send a link to five free ones if you like.
John

 

[Slartybart]

Hmm well Bill if you are going to post the rootkit scanners I will leave well alone unless I can help with same as I can send a link to five free ones if you like.
John

I wasn't certain if EmsiSoft emergency or Kasperky Rescue would address the issue, so I was waiting on the logs. While I was waiting, I finished the Kaspersky TDSSKiller tutorial.

I'd still like to see the other scan logs, Bitdefender and Malwarebytes, to better understand what they detected and what was repaired or isolated.

See Step 10 in http://www.sevenforums.com/tutorials/338716-malwarebytes-anti-malware-free.html to find and attach the Malwarebytes log(s)

I'm not sure where Bitdefender writes it's logs, but if you sent them to Bitdefender, then you know where they are ​

---

Please run the following and post the logs here on SF for further analysis:
http://www.sevenforums.com/tutorials/338877-kaspersky-tdsskiller-detect-repair-tdss-rookits.html

Thanks,

Bill
.

 

[Layback Bear]

Thanks folks for coming to help the OP.

 

[ICIT2LOL]

Hmm Bill if it needs it there are these which includes TDSS
Best Free Rootkit Scanner and Remover

John

 

[GregH]

Hi all,

Thank you very much for all the assistance and advice. So far Bit Defender have asked me to run a repair on the AV which I have done. I have updated them on my "Malwarebytes" findings, awaiting their response on that. BD still does not see the Forged Sector issue but Malwarebytes continues to report it on scans - sometime 1,2,3 or even 10 instances of it. Does not seem able to fix it though.

Not sure what a rootkit is but I guess it is bad and I guess this is what I am dealing with. I will post my scan logs here later today (I'm at work now). I will try the suggestions that have been posted here also and revert.

I have warned my son that I may have to reformat his PC and that his backups can't be used (it is on a separate HDD, but in the same PC - not so clever I know) and he is one unhappy camper as he will then lose all his game progress, medals and awards etc. Also worried that this thing can jump to my PC which is on the same ADSL network in my house. Could it jump over on a USB stick? I noticed that my ADSL usage was also unusually high this month - is this perhaps a symptom of this virus?

 

[Slartybart]

.....
I have warned my son that I may have to reformat his PC and that his backups can't be used (it is on a separate HDD, but in the same PC - not so clever I know) and he is one unhappy camper as he will then lose all his game progress, medals and awards etc.

Also worried that this thing can jump to my PC which is on the same ADSL network in my house.

Could it jump over on a USB stick? I noticed that my ADSL usage was also unusually high this month - is this perhaps a symptom of this virus?

A reinstall is the surest way to eradicate a Rootkit, wiping the drive first. Many security experts say it is the only way... I trust Kaspersky, but it is not guaranteed.

Personal data backups are probably ok, but no system files... executables are a difficult call ... how do you know what the virus infected? A scan should tell you, but.....

If you decide to re-install, ask questions first.

re: ADSL network - it depends on how your network is setup. Yes it is possible to cross contaminate systems on a network.

re: USB stick - yes viruses might travel on the stick depending on what was transferred and what virus is involved.

Yes abnormally high network usage might indicate virus activity. It could also be normal traffic, albeit a high rate.

You should probably run TDSSKiller, then run Bitdefender full system scan (or the AV program installed on that machine) and Malwarebytes (with options set for complete scanning) on your machine as well.

I have not written OPTION TWO of the Malwarebytes tutorial yet
See the Detection and Protection chapter of https://www.malwarebytes.org/support/guides/mbam/

Tick all detection options and treat non-malware as malware.

 

[andrew129260]

Keep in contact with bit defender if your a paying customer. You might just help them find this threat and if its new prevent it from infecting others.

 

[GregH]

View attachment malwarebytes_log.txt

View attachment malwarebytes log.txt

Two files from Malwarebytes are attached. Not sure if they tell you anything? The Bit Defender logs were generated using a tool I had to download. They are 6MB in size so I'm not sure if I can upload that here?

KasperskyTDSSKiller downloaded and run as per the instructions here - and found nothing. Now all my desktop icons are missing on the desktop also but they are visible in the Desktop Folder under the user.

I recon I will spend more time trying to resolve this (and always be in some doubt about whether it has really been cleaned). So I am going to go for a full format and re-install.

I appreciate all the help and advice over here but this time the 'kid' that wrote this virus, probably somewhere in Uzbekistan..... wins. I concede defeat. I will have to be more careful. My son is learning the hard way that you think before you click when online.

Cheers for now guys! Now, off to find the Windows and MB driver CD's....

 

[Slartybart]

Here are a few tutorials that explain a pure install of Windows. They also provide a link to official MS Windows ISO downloads.

They both accomplish the same thing a Clean re-install - very clean.

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

http://www.sevenforums.com/tutorials/219487-clean-reinstall-factory-oem-windows-7-a.html

A bit more technical, but worth the effort to move user profiles during a windows installation.
http://www.sevenforums.com/tutorial...reate-move-during-windows-7-installation.html
The instructions are in a PDF file so you can download them and read offline.

 

[Layback Bear]

Things to remember.
1. A infection can travel to anything that was or is connected to the infected computer or hardware.
2. Some security experts believe the only way to be sure a rootkit infection is remove is to do a Clean All Clean Install.
3. If the computer is use in the same fashion as before you will probably just get infected again.
4. The use of torrents is one of the best ways to get infected.
5. THE BIG ONE is replace all the password of any accounts using a know clean computer.