Please contact me if you have the same problems, any additional information or possibly the solution of this anomaly!
One day somewhere around 25. April 2005 two of my computers suddenly started to behave strange and even after a deep search I didn't manage to find the reason. Maybe it is very clever virus or a strange bug in some updates I was doing then. Anyway, here is my report on everything unusual:
Every running process on the Windows system has the file C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 open and loaded. This seems to be a part of SP2 update, but who knows.
Symantec LiveUpdate, a part of Symantec Antivirus, stopped working. Every time I command it to update itself, it displays an error titled "LU1803 Liveupdate failed getting your updates" and describes that an internal error has happened. On the other hand manual updating still works (see [an error occurred while processing this directive] web page). In each attempt to reinstall just LiveUpdate or the whole Antivirus the installation process always fails. Somewhere at the end it suddenly stops with an error regarding LiveUpdate. Therefore it is impossible to set up this antivirus software again once it has been uninstalled.
I also have multiple problems with Windows Installer. Some programs simply do not want to install themselves - usually they just wait for some time and then report that the initialization process of something failed. If I try to manually start the Windows Installer service (see Services for more information), then an error report pops up saying: "Unable to create a copy of InstallDriver. Return code: -2147221021". When this problems began I had the newest Windows Installer 3.1 service installed, but after its uninstallation the same problems are still present. The majour effect of this is that some other antivirus or antispyware programs can not be installed (for example Kaspersky Antivirus 5.0).
Winamp also changed its behavour. It simply doesn't want to start automatically if I double click on an audio file. But if the player is running before, the file is added to the playlist and, if I right click on a file and select it to open in Winamp, then it works too. Maybe this is only noticeable if the Winamp Agent isn't active.
Network adapters are behaving really strange. Usually the network icon in Systray never shows up or it disappears. When I manage to open the network connection status window, it says that it is in a disconnected state, but I can surf on the internet without any problems. Strange is also that even if I pull the cable out the computer it doesn't report anything.
There are no new and unknown running process in Task Manager. Saddly the RPC Server is unavalible and therefore I can not get a list of services running under a specific svchost.exe. Sygate Personal Firewall Pro doesn't report any unusual activity so it seems that it is not an internet worm and since before this problems occur it had all system programs set to Blocked.
When connected to the Internet there are no suspicious ports open. No antivirus or antispyware software found anything, neither did I. I scanned my computer with up to date versions of:
After restoring the system to a previous version where everything seemed to work the following dynamic libraries (DLL) have been loaded into many programs during their normal operation without a reason C:\WINDOWS\system32\msimg32.dll and C:\WINDOWS\system32\apphelp.dll. Maybe this are absolutely normal operations and the restored system is uninfected, but who knows.
Yet unknown. I simply reinstalled everything and now it works fine.
© Tnode 2005-06 (GW)
Feel free to email me (gwSPAM@tnode.com) if you have any questions, suggestions or information related to this web page.
Remember to remove the word "SPAM" out from my email address before sending (yes, the username is just 2 chars long). This is a part of my attempts to keep SPAM out from my email box.
If you haven't found a good solution on this page, you may continue your search on Google: