Author Topic: What does "Error 42125" mean?  (Read 22771 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #15 on: June 27, 2005, 05:21:11 PM »
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #16 on: June 27, 2005, 05:53:37 PM »
I think I have found the real problem now.

Can you please run HijackThis! again and check the tick box for this entry:

O23 - Service: Netbios Helper Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe

Then click the fix it button.

You should be asked to reboot.

Upon rebooting, go to Start>Run and enter cmd

At the command prompt enter:

sc delete netbios helper service

This service is an adserver redirector and must be removed:

http://castlecops.com/o23list-201.html
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline TB303

  • Newbie
  • *
  • Posts: 17
Re: What does "Error 42125" mean?
« Reply #17 on: June 27, 2005, 05:59:26 PM »
Frank,
Thanks for the ideas...

In the mean time, I thought the computer was working properly, so I tried to turn off the ADSL's connection firewall, thinking that might be blocking Windows update...

A second afterwards Avast started warning against "Msdirectx.sys" worm, after telling it to delete it it popped up again a second later. I disconected, re-instated the firewall, and started doing a pre-boot scan...

So I will try all those ideas the moment it finishes (so far it found one file and deleted it).

Many thanks for your help mate.

Do you work at Avast?

Thanks,
Me.


Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #18 on: June 27, 2005, 06:14:20 PM »
Good luck!

No, I don't work for avast!

I just keep an eye on the forum and try to help anybody with a problem when I have some free time.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline TB303

  • Newbie
  • *
  • Posts: 17
Re: What does "Error 42125" mean?
« Reply #19 on: June 27, 2005, 06:24:45 PM »
Damm,
Avast just finished doing the pre-boot scan - found one file, deleted it.
I booted again normally and there it was again!!!

This is driving me nuts.

I've booted into safe mode...

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #20 on: June 27, 2005, 06:38:49 PM »
What is the exact location?
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline TB303

  • Newbie
  • *
  • Posts: 17
Re: What does "Error 42125" mean?
« Reply #21 on: June 27, 2005, 06:46:07 PM »
I think the location is C:\windows\system32\msdirectx.sys - it was supposedly removed.
Also, I'm doing another pre-boot scan and so far it hasn't detected anything in drive C.

I dunno, this is starting to get to me... over two days now...

Offline TB303

  • Newbie
  • *
  • Posts: 17
Re: What does "Error 42125" mean?
« Reply #22 on: June 27, 2005, 06:57:37 PM »
OK,
it found the msdirectx.sys file in C:\windows\system32 and supposedly deleted it.

now what?

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #23 on: June 27, 2005, 07:06:32 PM »
Did you try the MS tool I mentioned earlier: it can remove some rootkit worms?

The new Microsoft Malicious Software Removal Tool will remove some rootkits and many worms. Download it here:

http://www.microsoft.com/security/malwareremove/default.mspx
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #24 on: June 27, 2005, 07:09:18 PM »
This is a rootkit and will not be so simple to delete. Try the MS tool.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline TB303

  • Newbie
  • *
  • Posts: 17
Re: What does "Error 42125" mean?
« Reply #25 on: June 27, 2005, 07:14:43 PM »
I've tried the MS tool, I tried the F-Secure tool,
I've scanned and supposedly deleted it a billion times with AVast...

There must be a solution... please advise...

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #26 on: June 27, 2005, 07:22:23 PM »
You will have to follow the advice in this article. Be aware that the file msnt.exe may have a different name on your computer.

http://www.antisource.com/article.php/rootkit-msnt-msdirectx
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #27 on: June 27, 2005, 08:05:28 PM »
This rootkit is called Troj_rootkit.h by Trend Micro. Apparently their Virus Cleanup Engine will remove it.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ROOTKIT.H&VSect=Sn

If you haven't lost heart yet, download the Virus Cleanup Engine and pattern files here:

http://uk.trendmicro-europe.com/enterprise/support/tsc.php
http://uk.trendmicro-europe.com/enterprise/support/pattern.php

You want the engine which is not for Trend Micro customers. Place the pattern file in the same folder as the Trend Micro System Cleaner Package.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline TB303

  • Newbie
  • *
  • Posts: 17
Re: What does "Error 42125" mean?
« Reply #28 on: June 27, 2005, 08:30:26 PM »
Thanks mate.

I've followed the instructions in the first link, eventhough I delete msdirectx.sys with attrib -h -r -s before deleting it still comes back. I didn't manage to find the "other" file that keeps bringing it back, I searched fo rthe names mentioned in the article but they don't appear on my computer.

I tried the Trend Micro antivirus before yesterday, It tool ages and didn't find anything.

I might give it a shot again.

To be honest I'm ondering about backing up my documents and just reformating the whole thing.
If I back up files (like outlook .pst and word and excel files) is there a chance that trojan/worm would infect them and follow to teh new installation?

thanks.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: What does "Error 42125" mean?
« Reply #29 on: June 27, 2005, 08:38:49 PM »
Hi TB303,

See also Polonus's advice here:
http://forum.avast.com/index.php?topic=14618.from1119896128;topicseen#msg123356

Rootkits are difficult to get rid of, and you might be better off reinstalling your OS: this will guarantee removal of any malware.

At the moment you don't know what the rootkit is hiding! :o

If you try Trend Micro and that doesn't work, the only other program I can suggest is TDS-3, a powerful anti-Trojan program with a free working trial:

http://tds.diamondcs.com.au/

Remember, if you do install, activate the XP firewall as per my link, and visit the Windows update site as soon as you connect to the internet. Update to SP2 (It's much more secure) and download a free firewall- I recommend Kerio, but Zone Alarm and Sygate are also good.

Good luck, and stay virus free!

Scan any files thoroughly before copying them back to your HD. Download Ewido Free and double check your virus scan with that.
« Last Edit: June 27, 2005, 08:41:25 PM by FreewheelinFrank »
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog