Questions

What are the sshb run-time errors?

+
0 Votes
Locked

What are the sshb run-time errors?

j0204
Ever since I partition my hd into 2 drives (C: for Windows XP and for My Documents) I keep getting these annoying errors that will fill up my screen:
sshb
Run-time error 'Five Digit Number':
Your system did not provide string representation of the error.

Is this related to the partition or what's the problem? I googled the problem with no results.
  • +
    0 Votes
    BFilmFan

    Run a virus scan and then check the link http://www.pcguide.com/ts/x/sys/crash.htm

    +
    0 Votes
    j0204

    I did all that. I've even format the HD (no kidding) 5 times and still get it. Not only my computer now but another laptop. Those little windows appear one after the other more than 50 time if you leave them open up.
    Here is one of them:
    http://skipall.com/7l.png
    I'll get more screenshots once I get more.

    +
    0 Votes
    Jacky Howe

    Insert your XP CD and when you see ?Press any key to boot from CD? press a key. Now wait for the XP installer to finish loading up and you will be presented with the option to press R to Repair.

    Press R.
    The next screen will ask you which Windows? installation you would like to log on to. Normally the following will be listed:
    1: C:\WINDOWS

    Press 1, then Enter to continue.
    You may now be asked for the Administrator password. If you know this type it and press Enter. If you don't know the Administrators password it may be blank. Just press Enter or type your username and password.

    At the command prompt type:

    fixmbr and press Enter

    fixboot and press Enter

    Wait until you are returned to the Recovery Console.

    Type bootcfg /rebuild

    Once you are back to the Recovery Console remove the XP CD and restart your PC.


    Don't use this on the Notebook

    Darik's Boot and Nuke.

    http://dban.sourceforge.net/

    Autonuke should do it by running it at least 3 times.

    +
    0 Votes
    j0204

    I will do the Boot and Nuke.
    I replaced my hard drive and it still did it, I've posted a picture of the little messages here:
    http://skipall.com/8b.png

    Here is a screen shot with Process Explorer:
    http://skipall.com/8f.png

    I really appreciate the help

    +
    0 Votes
    Jacky Howe

    Run this Rootkit Revealer GMer
    <a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>

    FAQ
    <a href="http://www.gmer.net/faq.php" target="_blank"><u>FAQ</u></a>

    Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Download Malwarebytes Anti-Malware, install it and update it.

    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    <a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.


    You may have to copy MBAM and the Update to USB as well.

    From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

    Restart the PC in Safe Mode, navigate to the USB stick and run Spybot and MBAM and the Update if necessary.

    Download Spybot - Search & Destroy and install it. Update it.

    <a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

    Edit: to add a bit

    +
    0 Votes
    j0204

    Malwarebytes found lsass.exe file to be infected. This program is great. Thank you guys.
    I will continue to do the next steps. I think one of my USB drives is spreading the infection. Will the best thing to do is formatting the flashdrives?

    Malwarebytes' Anti-Malware 1.36
    Database version: 1959
    Windows 5.1.2600 Service Pack 3

    4/9/2009 1:13:38 PM
    mbam-log-2009-04-09 (13-13-38).txt

    Scan type: Quick Scan
    Objects scanned: 75385
    Time elapsed: 3 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows intranet controller (Backdoor.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows intranet controller (Backdoor.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\security\lsass.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

    +
    0 Votes
    Jacky Howe

    One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ?Ravmon? , ?New Folder.exe?, ?Orkut is banned? etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives.

    Don?t click on Ok , just choose ?Cancel?. Open the Command Prompt by typing ?cmd? in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

    This will display a list of the files in the pen drive. Check whether the following files are there or not

    Autorun.inf
    Ravmon.exe
    New Folder.exe
    svchost.exe
    Heap41a

    or any other exe file which may be suspicious.

    If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the ?Autorun.inf? file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread

    http://www.whoismadhur.com/2008/01/26/how-to-remove-virus-from-usb-drives/

    <i>Keep us informed as to your progress if you require further assistance.</i>
    <HR>
    <i>If you think that any of the posts that have been made by all TechRepublic Members, have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome. </i> :-bd

    +
    0 Votes
    seanferd

    Go with Jacky's procedure.

  • +
    0 Votes
    BFilmFan

    Run a virus scan and then check the link http://www.pcguide.com/ts/x/sys/crash.htm

    +
    0 Votes
    j0204

    I did all that. I've even format the HD (no kidding) 5 times and still get it. Not only my computer now but another laptop. Those little windows appear one after the other more than 50 time if you leave them open up.
    Here is one of them:
    http://skipall.com/7l.png
    I'll get more screenshots once I get more.

    +
    0 Votes
    Jacky Howe

    Insert your XP CD and when you see ?Press any key to boot from CD? press a key. Now wait for the XP installer to finish loading up and you will be presented with the option to press R to Repair.

    Press R.
    The next screen will ask you which Windows? installation you would like to log on to. Normally the following will be listed:
    1: C:\WINDOWS

    Press 1, then Enter to continue.
    You may now be asked for the Administrator password. If you know this type it and press Enter. If you don't know the Administrators password it may be blank. Just press Enter or type your username and password.

    At the command prompt type:

    fixmbr and press Enter

    fixboot and press Enter

    Wait until you are returned to the Recovery Console.

    Type bootcfg /rebuild

    Once you are back to the Recovery Console remove the XP CD and restart your PC.


    Don't use this on the Notebook

    Darik's Boot and Nuke.

    http://dban.sourceforge.net/

    Autonuke should do it by running it at least 3 times.

    +
    0 Votes
    j0204

    I will do the Boot and Nuke.
    I replaced my hard drive and it still did it, I've posted a picture of the little messages here:
    http://skipall.com/8b.png

    Here is a screen shot with Process Explorer:
    http://skipall.com/8f.png

    I really appreciate the help

    +
    0 Votes
    Jacky Howe

    Run this Rootkit Revealer GMer
    <a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>

    FAQ
    <a href="http://www.gmer.net/faq.php" target="_blank"><u>FAQ</u></a>

    Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Download Malwarebytes Anti-Malware, install it and update it.

    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    <a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.


    You may have to copy MBAM and the Update to USB as well.

    From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

    Restart the PC in Safe Mode, navigate to the USB stick and run Spybot and MBAM and the Update if necessary.

    Download Spybot - Search & Destroy and install it. Update it.

    <a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

    Edit: to add a bit

    +
    0 Votes
    j0204

    Malwarebytes found lsass.exe file to be infected. This program is great. Thank you guys.
    I will continue to do the next steps. I think one of my USB drives is spreading the infection. Will the best thing to do is formatting the flashdrives?

    Malwarebytes' Anti-Malware 1.36
    Database version: 1959
    Windows 5.1.2600 Service Pack 3

    4/9/2009 1:13:38 PM
    mbam-log-2009-04-09 (13-13-38).txt

    Scan type: Quick Scan
    Objects scanned: 75385
    Time elapsed: 3 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows intranet controller (Backdoor.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows intranet controller (Backdoor.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\security\lsass.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

    +
    0 Votes
    Jacky Howe

    One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ?Ravmon? , ?New Folder.exe?, ?Orkut is banned? etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives.

    Don?t click on Ok , just choose ?Cancel?. Open the Command Prompt by typing ?cmd? in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

    This will display a list of the files in the pen drive. Check whether the following files are there or not

    Autorun.inf
    Ravmon.exe
    New Folder.exe
    svchost.exe
    Heap41a

    or any other exe file which may be suspicious.

    If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the ?Autorun.inf? file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread

    http://www.whoismadhur.com/2008/01/26/how-to-remove-virus-from-usb-drives/

    <i>Keep us informed as to your progress if you require further assistance.</i>
    <HR>
    <i>If you think that any of the posts that have been made by all TechRepublic Members, have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome. </i> :-bd

    +
    0 Votes
    seanferd

    Go with Jacky's procedure.