Erreur windows pro
isabou
-
Bof -
Bof -
Bonjour,
Au secours.
Quand je suis sur n'importe quel programme, le message suivant apparait dans un pavé avec une croix rouge et je dois le fermer pour m'en débarrasser mais il revient sans arrêt. les anti virus et anti spy n'y ont rien fait
C'est C:\WINNT\System32\\txsocm32.dll et en dessous : a degugger has been found running in foyr system. Please, unload it from memory and restart your program.
Que puis-je faire pour arrêtrer ceci. Merci
Au secours.
Quand je suis sur n'importe quel programme, le message suivant apparait dans un pavé avec une croix rouge et je dois le fermer pour m'en débarrasser mais il revient sans arrêt. les anti virus et anti spy n'y ont rien fait
C'est C:\WINNT\System32\\txsocm32.dll et en dessous : a degugger has been found running in foyr system. Please, unload it from memory and restart your program.
Que puis-je faire pour arrêtrer ceci. Merci
A voir également:
- Erreur windows pro
- Clé windows 10 pro 64 bits gratuit - Guide
- Montage video gratuit windows - Guide
- Windows movie maker - Télécharger - Montage & Édition
- Windows ne démarre pas - Guide
- Cool edit pro - Télécharger - Édition & Montage
6 réponses
Excuse for writing in english, but I have the same problem since today and this post was the only one which google returns. I'm using Win2000 and didn't install anything except for search & destroy, but probably the problem didn't result from that. Can anyone help?
falko
same here, since today. exctly the same. using win2000 too and get every few seconds an antivir-message, that this files contains HEUR/Malware put putting it in quarantine doesn't help. and i can't delete it. help!
isabou
>
falko
Thanks for your answer,norton ant the antisspybotands destroy dosen't work. Like You
isabeou
Thanks for your answer,norton ant the antisspybotands destroy dosen't work. Like You
Okay, I got a solution, so please tell me, if it helps you out, too.
Here is what I did:
1. every debugger-message creates a "firefox.exe"-Task in Task-Manager, you have to kill each process with the Task-Manager before you can continue.
2. prepare two 0-byte-files with ready-only-attribute: wciactrl.exe and txsocm32.dll
3. prepare for what to do: copy your prepared wciactrl.exe to c:\<windows-dir>\ [for example: C:\WinNT\ ]
and copy the prepared txsocm32.dll to C:\<windows-dir>\system32\
4. NOW FIRST quickly kill the last firefox.exe task in Task-Manager and THEN instantly COPY the prepared files to the destination mentioned in 3. Maybe you need 2 oder 3 trials before it worked, because the system was to fast for you. More important is the wciactrl.exe
Don't try to just delete these files, cause this virus recreates them instantly. After this, no debugger-messages popped up in my system. This is just a method to make the virus harmless, but it wouldn't be really erased from your systems until there are newer anti-virus-updates fpr the virus-scanner avaiblabe.
Please tell me, if this worked with your problems as well, thanks!
Here is what I did:
1. every debugger-message creates a "firefox.exe"-Task in Task-Manager, you have to kill each process with the Task-Manager before you can continue.
2. prepare two 0-byte-files with ready-only-attribute: wciactrl.exe and txsocm32.dll
3. prepare for what to do: copy your prepared wciactrl.exe to c:\<windows-dir>\ [for example: C:\WinNT\ ]
and copy the prepared txsocm32.dll to C:\<windows-dir>\system32\
4. NOW FIRST quickly kill the last firefox.exe task in Task-Manager and THEN instantly COPY the prepared files to the destination mentioned in 3. Maybe you need 2 oder 3 trials before it worked, because the system was to fast for you. More important is the wciactrl.exe
Don't try to just delete these files, cause this virus recreates them instantly. After this, no debugger-messages popped up in my system. This is just a method to make the virus harmless, but it wouldn't be really erased from your systems until there are newer anti-virus-updates fpr the virus-scanner avaiblabe.
Please tell me, if this worked with your problems as well, thanks!
Hi,
Sorry I don't speak or write French. I have been working on this same issue since last night. This is what I found.
1. Boot into Safe Mode and open regedit. Search for wciactrl.exe (you will find it in multiple places) and delete it.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\WINNT\wciactrl.exe
2. delete the following string. (I beleive the malware deletes the DWORD and recreates it as STRING, which prevents you from seeing hidden files)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
"CheckValue"
3. Create a new DWORD for "CheckValue"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
This will give to the ability to view hidden files.
4. Open Windows explorer, click on Tools, Folder Option and click on View tab. Click on the "Show hidden files and folders".
5. delete wciactrl.exe located c:\winnt\ and svhost c:\winnt\system.
6. Reboot and run an antivirus scan.
I hope this helps, so far I have not seen the viruses/malware.
PS I ran this through googles translate.
Salut,
Désolé je ne suis pas parler ou écrire le français. J'ai travaillé sur cette même question, depuis la nuit dernière. C'est ce que j'ai trouvé.
1. Démarrez en mode sans échec et ouvrez regedit. Recherche de wciactrl.exe (vous le trouverez à plusieurs endroits) et de la supprimer.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ c: \ WINNT \ wciactrl.exe
2. supprimer la chaîne suivante. (Je crois que le malware supprime la valeur DWORD et recrée comme STRING, ce qui vous empêche de voir les fichiers cachés)
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ ShowAll
"CheckValue"
3. Créez une nouvelle valeur DWORD pour "CheckValue"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ ShowAll
Cela donnera à la capacité d'afficher les fichiers cachés.
4. Ouvrez l'explorateur Windows, cliquez sur Outils, Options des dossiers et cliquez sur l'onglet Afficher. Cliquez sur le bouton "Afficher les fichiers et dossiers cachés".
5. supprimer wciactrl.exe situé c: \ winnt \ svhost et c: \ winnt \ system.
6. Redémarrez et lancer une analyse antivirus.
J'espère que cette aide, dans la mesure où je n'ai pas vu le virus / malware.
Sorry I don't speak or write French. I have been working on this same issue since last night. This is what I found.
1. Boot into Safe Mode and open regedit. Search for wciactrl.exe (you will find it in multiple places) and delete it.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\WINNT\wciactrl.exe
2. delete the following string. (I beleive the malware deletes the DWORD and recreates it as STRING, which prevents you from seeing hidden files)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
"CheckValue"
3. Create a new DWORD for "CheckValue"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
This will give to the ability to view hidden files.
4. Open Windows explorer, click on Tools, Folder Option and click on View tab. Click on the "Show hidden files and folders".
5. delete wciactrl.exe located c:\winnt\ and svhost c:\winnt\system.
6. Reboot and run an antivirus scan.
I hope this helps, so far I have not seen the viruses/malware.
PS I ran this through googles translate.
Salut,
Désolé je ne suis pas parler ou écrire le français. J'ai travaillé sur cette même question, depuis la nuit dernière. C'est ce que j'ai trouvé.
1. Démarrez en mode sans échec et ouvrez regedit. Recherche de wciactrl.exe (vous le trouverez à plusieurs endroits) et de la supprimer.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ c: \ WINNT \ wciactrl.exe
2. supprimer la chaîne suivante. (Je crois que le malware supprime la valeur DWORD et recrée comme STRING, ce qui vous empêche de voir les fichiers cachés)
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ ShowAll
"CheckValue"
3. Créez une nouvelle valeur DWORD pour "CheckValue"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ ShowAll
Cela donnera à la capacité d'afficher les fichiers cachés.
4. Ouvrez l'explorateur Windows, cliquez sur Outils, Options des dossiers et cliquez sur l'onglet Afficher. Cliquez sur le bouton "Afficher les fichiers et dossiers cachés".
5. supprimer wciactrl.exe situé c: \ winnt \ svhost et c: \ winnt \ system.
6. Redémarrez et lancer une analyse antivirus.
J'espère que cette aide, dans la mesure où je n'ai pas vu le virus / malware.
And delete c:\winnt\system32txsocm32.dll or c:windows\txsocm32.dll.
To help suppress the debug pop up windows do the following:
From IE select Tools/Internet Options/Connections/LAN Settings.
Put a tick in the check box next to "Use a Proxy Server for your LAN ...â€
Type in "0.0.0.0" in the address box and "80" in the Port box. Don't type in the quote marks of course, just what's inside them.
Click OK.
This will help while troubleshooting. Don't forget to undo this settings.
To help suppress the debug pop up windows do the following:
From IE select Tools/Internet Options/Connections/LAN Settings.
Put a tick in the check box next to "Use a Proxy Server for your LAN ...â€
Type in "0.0.0.0" in the address box and "80" in the Port box. Don't type in the quote marks of course, just what's inside them.
Click OK.
This will help while troubleshooting. Don't forget to undo this settings.
Salut j'utilise windows 2000 professionnel et j'ai le meme problème. S'agit-il d'un nouveau virus ? Cette foutue fenêtre windows n'arrête pas d'apparaître C:/WINNT/System32/txscom32.dll
Je n'ai rien compris à la manip car suis nul en anglais. Comment faire ?
Je n'ai rien compris à la manip car suis nul en anglais. Comment faire ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci pour les réponses,
Je n'ai plus de processus wciactrl.exe qui tourne mais je n'arrive pas a réafficher les fichiers caches...
Quand je recrée un fichier dword, quel valeur dois-je mettre dedans ?
Thanks for the answers,
I don't have the process wciactrl.exe anymore, but I can not display hidden files
When i create a new dword, what value should i enter ?
Je n'ai plus de processus wciactrl.exe qui tourne mais je n'arrive pas a réafficher les fichiers caches...
Quand je recrée un fichier dword, quel valeur dois-je mettre dedans ?
Thanks for the answers,
I don't have the process wciactrl.exe anymore, but I can not display hidden files
When i create a new dword, what value should i enter ?
The name of registry value is "CheckedValue", not "CheckValue".
There other way - change HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden to checkbox-style (look at other keys, that are checkboxes). This can help to protect from modification this key by viruses.
For this virus present other things - they create file 1.exe at root of disc C, that a RAR-SFX archive of virus files, it must be deleted too. And look for any files created after virus infection - there more randomize .exe, .dll and .scr files.
There other way - change HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden to checkbox-style (look at other keys, that are checkboxes). This can help to protect from modification this key by viruses.
For this virus present other things - they create file 1.exe at root of disc C, that a RAR-SFX archive of virus files, it must be deleted too. And look for any files created after virus infection - there more randomize .exe, .dll and .scr files.
Found constant files:
C:\Windows\wciactrl.exe
C:\Windows\System32\txsocm32.dll
C:\Windows\System32\frnscli32.dll
C:\Windows\System32\msvcrt2.dll
C:\Windows\System\wmisync.exe
C:\Windows\System\wmisys.exe
Files with randomize names found in:
C:\Windows
C:\Windows\System32
C:\Windows\System32\Drivers
C:\Windows\Temp
and in Temp folder in user profile.
Also was changed:
C:\Windows\System32\Drivers\Etc\hosts
C:\Windows\wciactrl.exe
C:\Windows\System32\txsocm32.dll
C:\Windows\System32\frnscli32.dll
C:\Windows\System32\msvcrt2.dll
C:\Windows\System\wmisync.exe
C:\Windows\System\wmisys.exe
Files with randomize names found in:
C:\Windows
C:\Windows\System32
C:\Windows\System32\Drivers
C:\Windows\Temp
and in Temp folder in user profile.
Also was changed:
C:\Windows\System32\Drivers\Etc\hosts
