sp2 "the system cannot find the file specified"

  • Thread starter Thread starter scottbarnard
  • Start date Start date
S

scottbarnard

Guest
Hey Guys...



I recently came into owning an older Dell Latitude with XP Pro. This

laptop had no antivirus installed, and the previous user wanted to start

a worm farm. This thing was infected with the Winn32/tantos.m virus and

replicated itself 170 times in one instance. I installed AVG 9, ran it.

3 days later, Winn32/tantos came back 145 times. Installed rmtant.exe

from AVG, and seemed to work (so far).



Also, through Windows Update, over 45 updates, to include SP3 was

installed.



Anyway, this worm corrupted many files, mainly install/uninstall

programs. Upon desktop loading, I get this error message: *Windows

cannot find: C:\documents and settings\aaa\desktop\akvspf.exe *Make

sure..... blah, blah...



There is no "akvspf.exe" on the desktop.



The computer runs fine after clicking "ok".



Also, installed CCleaner, ran it. Ran the Registry cleaner, error

message still pops up.



Question one: "How do I stop Windows from looking for it?"

Question two: "Is there a fix for install/uninstall programs?" (for

instance, Limewire is installed, it can not be uninstalled or updated

due to corrupted installer files.)



I looked in gpedit and regedit as well as services, and didn't really

find anything related to "akvspf.exe"
 
scottbarnard wrote:

> Hey Guys...

>

> I recently came into owning an older Dell Latitude with XP Pro. This

> laptop had no antivirus installed, and the previous user wanted to start

> a worm farm. This thing was infected with the Winn32/tantos.m virus and

> replicated itself 170 times in one instance. I installed AVG 9, ran it.

> 3 days later, Winn32/tantos came back 145 times. Installed rmtant.exe

> from AVG, and seemed to work (so far).

>

> Also, through Windows Update, over 45 updates, to include SP3 was

> installed.

>

> Anyway, this worm corrupted many files, mainly install/uninstall

> programs. Upon desktop loading, I get this error message: *Windows

> cannot find: C:\documents and settings\aaa\desktop\akvspf.exe *Make

> sure..... blah, blah...

>

> There is no "akvspf.exe" on the desktop.

>

> The computer runs fine after clicking "ok".

>

> Also, installed CCleaner, ran it. Ran the Registry cleaner, error

> message still pops up.

>

> Question one: "How do I stop Windows from looking for it?"

> Question two: "Is there a fix for install/uninstall programs?" (for

> instance, Limewire is installed, it can not be uninstalled or updated

> due to corrupted installer files.)

>

> I looked in gpedit and regedit as well as services, and didn't really

> find anything related to "akvspf.exe"

>

>



When randomly named executables attempt to run at startup, those are

malware.



Your malware cleanup process, has removed "akvspf.exe". So the

dangerous bit, has already been removed.



But there is still a startup item, which the malware cleaner doesn't

remove. And that still attempts to reference the file. That doesn't

hurt anything, but it does give you some idea that there used to be a

"akvspf.exe" file, which is now gone. If there was such a thing

as a quarantine folder, the file might be in there. Or perhaps it

is completely deleted.



You may be able to locate the reference, with a program like Autoruns.

Or, using other tools, you can search the registry, search the known places

where startup files are supposed to go, and take care of the references

to the missing/deleted file from there. The advantage of Autoruns, is

it shows you all of the methods at the same time.



http://technet.microsoft.com/en-ca/sysinternals/bb963902.aspx



Paul
 
When randomly named executables attempt to run at startup, those are

malware.



Your malware cleanup process, has removed "akvspf.exe". So the

dangerous bit, has already been removed.



But there is still a startup item, which the malware cleaner doesn't

remove. And that still attempts to reference the file. That doesn't

hurt anything, but it does give you some idea that there used to be a

"akvspf.exe" file, which is now gone. If there was such a thing

as a quarantine folder, the file might be in there. Or perhaps it

is completely deleted.



You may be able to locate the reference, with a program like Autoruns.

Or, using other tools, you can search the registry, search the known

places

where startup files are supposed to go, and take care of the

references

to the missing/deleted file from there. The advantage of Autoruns, is

it shows you all of the methods at the same time.



http://technet.microsoft.com/en-ca/sysinternals/bb963902.aspx



Paul



Hey Paul -



It worked! Found it, deleted it, and never came back! Bravo! I also used

the program to fix another issue as far as an auto run.



HOWEVER..... I broke the laptop in the process..... (where's my dunce

cap)

I accidently de-selected the Windows.exe, because "My Computer" was now

popping up on the desktop. Ever realize you left your keys in the car just

as the locked door is closing? Well, that's me right now.



So.... I get the desktop, but no icons, task bar, nothing. No Windows.

Oops.



I have an XP Pro disk, SP2 (that didn't come with this laptop) and

Hiren's Boot CD 9.5 as well as the "Ultimate Boot CD" and a Dell

Reinstallation CD that came with a desktop.



Place hand on forehead, shake head, laugh.



Help?
 
scottbarnard wrote:

> > When randomly named executables attempt to run at startup, those are

> > malware.

> >

> > Your malware cleanup process, has removed "akvspf.exe". So the

> > dangerous bit, has already been removed.

> >

> > But there is still a startup item, which the malware cleaner doesn't

> > remove. And that still attempts to reference the file. That doesn't

> > hurt anything, but it does give you some idea that there used to be a

> > "akvspf.exe" file, which is now gone. If there was such a thing

> > as a quarantine folder, the file might be in there. Or perhaps it

> > is completely deleted.

> >

> > You may be able to locate the reference, with a program like Autoruns.

> > Or, using other tools, you can search the registry, search the known

> > places

> > where startup files are supposed to go, and take care of the

> > references

> > to the missing/deleted file from there. The advantage of Autoruns, is

> > it shows you all of the methods at the same time.

> >

> > http://technet.microsoft.com/en-ca/sysinternals/bb963902.aspx

> >

> > Paul



>

> Hey Paul -

>

> It worked! Found it, deleted it, and never came back! Bravo! I also used

> the program to fix another issue as far as an auto run.

>

> HOWEVER..... I broke the laptop in the process..... (where's my dunce

> cap)

> I accidently de-selected the Windows.exe, because "My Computer" was now

> popping up on the desktop. Ever realize you left your keys in the car just

> as the locked door is closing? Well, that's me right now.

>

> So.... I get the desktop, but no icons, task bar, nothing. No Windows.

> Oops.

>

> I have an XP Pro disk, SP2 (that didn't come with this laptop) and

> Hiren's Boot CD 9.5 as well as the "Ultimate Boot CD" and a Dell

> Reinstallation CD that came with a desktop.

>

> Place hand on forehead, shake head, laugh.

>

> Help?



My first problem is, when I look in Autoruns here, I don't see a "Windows.exe",

so I can't tell what you've done.



When I look in the Autoruns program, it supports two options. If you click a

tick box, that is a temporary disabling of an item. Autoruns may prepare some

backup information, which you could use as part of correcting a mistake you

made.



If you went to the menu and used the "Delete" option, I suspect that would be

more serious. As it may not leave any way to correct the mistake.



If you damage the registry, System Restore is your friend. If you have left

System Restore running, it has a copy of the registry in it. But since you've

been working on Malware, you may have been instructed at some point, to disable

System Restore, to clear out the restore points and start from scratch. If that

is the case, again, you could be screwed.



Recovering from registry damage is detailed here.



http://support.microsoft.com/kb/307545



That process uses the Recovery Console. What you're doing, is removing the current

busted registry, and moving an "empty" registry into place. The "empty" registry

is not a "keeper" and is only an intermediate step to recovery. If the computer

is bootable with the newly installed "empty" set of five registry files, then

you can use System Restore and select a restore point, that has a known good

registry in it. You'd select a date far enough back, where you know the

registry is OK. The purpose of that procedure, is to give you access to

System Restore, and do a restore without further file hacking.



So for that two step method to work, System Restore has to be working, and there

has to be at least one Restore Point in there with an intact copy of the

registry. If System Restore is not available, an "empty" registry is not

going to be of much good to you, since there is nothing in there which

corresponds to all your installed programs.



If the damage you've done, involves Autoruns moving some file called

"Windows.exe" into a backup folder, you'd have to figure out where the

file is, then move it back. The Recovery Console has rudimentary tools in

it, to make repairs, but it would not be my favorite place to work.



If I need to do some serious changes to my C: drive, I boot a Linux

LiveCD, as I can surf the web (Firefox), as well as search folders

for stuff, and move stuff around. That's how I fix things here, as a

home user. If the only tool I had was the Recovery Console, I'd probably

be completely bald from hair loss :-)



There is another suggestion here, to prepare a BartPE CD, which is

more powerful than the Linux LiveCD, but means a bit of preparation

work to build one.



http://forum.sysinternals.com/forum_posts.asp?TID=1374&PN=4&TPN=1



Autoruns has its own support forum here, which is where I found that link.



http://forum.sysinternals.com/forum_topics.asp?FID=16



I don't think any of these procedures is exactly easy. In this

one, they cover the case of someone who has disabled their "userinit.exe",

which wouldn't allow the desktop to even sit there.



http://forum.sysinternals.com/forum_posts.asp?TID=7672



*******



The first part of getting help, is figuring out exactly what you've done.

I don't have a Windows.exe here, so perhaps you could elaborate.



Paul
 
You must log in or register to reply here.
Back
Top