Bad Image warning with the file wowfx.dll
yagga
Havn't you heard? ... New
I am unable to boot my computer fully into windows after the login screen. I get several warnings about bad images, 1st is services.exe, 2nd is isass.exe, before my login screen appears. After typing a password in I get a userinit.exe, ntos.exe, and Explorer.exe bad image error. All these errors point to a wowfx.dll file. The computer quickly blue screens me, dumps memory, and restarts after the explorer.exe window pop up error.
Is there some way I can delete this trojan thing outside of windows, seeing as I can't possibly get into windows in any mode whatsoever? I am on a mission to save files. ~could care less about this windows install after files are saved~
Is there some way I can delete this trojan thing outside of windows, seeing as I can't possibly get into windows in any mode whatsoever? I am on a mission to save files. ~could care less about this windows install after files are saved~
0
Comments
I have managed to delete the wowfx.dll through the recovery console.
I then did a win xp restore install and was able to get into windows normally one time. There is other crap there that is messing around. The symtoms are:
1. a REALLY long wait at the login screen
2. no control panel
3. IE attempting to connect to the internet, but I've got the cord unplugged so it doesn't like me. I tried re setting all the ie settings to max, which I had them on for a while because I was solely using firefox on the computer.
Upon rebooting and trying to go into administrator administrator in safe mode I got blue screened again.
I believe I need to now do a repair install again (maybe), and find a way to get a the control panel back, or at the very least access the user accounts to remove my password.
That malware file if there would have loaded into a sensitive part of the registry, and if removed without correcting the registry as well could have led to some serious problems. Likely you did find this out. By "restore install" you mean you left the existing file system intact? This potentially would have left quite a bit of malware and changes from that, but I can't really tell what these current issues are yet.
If you have not yet resolved the problems we can take a look here. Just download HijackThis from Here. Then click on the downloaded file to install HijackThis. After it is installed open HijackThis and select Do a system scan and save logfile. Use copy/paste and post that log back here for review.
Also go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here please.