Re: not possible to write to files with names like *com.dll

nospam_at_cristalink.com
Date: 06/08/04 

Date: Wed, 9 Jun 2004 09:15:56 +1200

Looks like a trojan. None of the scanners will help if you have an unknown
one. You seem to have some system API patched to intercept things like
NtCreateFile etc. You can access files over a share because the network
redirector might use say IoCreateFile, which isn't intercepted.

It's relatively easy for a professional to track down the offender. If you
are not the former, then you better reinstall Windows as already suggested.

"PCPete" <PCPete@community.nospam> wrote in message
news:75D4D3A1-7B38-400E-A765-F0113873DB4C@microsoft.com...
> Dear all
> I am at my wits' end re the below problem, posted on the Windows XP
> security newsgroup - if any of you has the time to have a quick look & at
> least point me in the direction of some additional diagnostics I could put
> in place, or a textbook on XP internals that explains how XP interacts
> with the file system, I would be extremely grateful ... I have been able
> to get zero help elsewhere, I really can't imagine why people are so
> unwilling to help (I did my best to be helpful with other questions on the
> same newsgroup, to show willing ...)
> Many thanks
>
> ----- Original Message -----
> I have a problem on my Windows XP Home installation. It is not possible to
> write to files with names like *com.dll. I first observed this when
> attempting to re-install Norton Anti-Virus 2003 (which has a couple of
> files with names of the relevant format). However even 'echo garbage
> >c:\temp\testcom.dll' comes up with an error. I have run Ad-Aware, Spybot
> and CWShredder, also installed SP1a (PC was on SP1 previously). Virus scan
> (Symantec online, since NAV won't install) comes up clean. Definitely had
> a CoolWeb infestation at one point, this proved hard to eradicate (am
> unconvinced it's quite gone yet), I suspect this may have been the root of
> the trouble. I can see from various other forums that others are having
> similar problems, but as yet I can't see that anyone has found a solution.
> File system is OK, it's Windows XP that is the problem [thank goodness, I
> suppose] - I can share the file system from elsewhere (Windows 2000) and
> write out a *com.dll file with no trouble at all.
> ******
> Hallo, I am still experiencing this problem despite enlisting the help of
> both Experts Exchange and Symantec - my system is now clean, but the
> problem is still there (I can give you details of the actions taken if you
> need them). I feel that what I really need is to understand the internals
> of what XP is doing when it accesses files, so that I know which programs
> / DLLs / registry entries (or whatever) I should be investigating.
> Alternatively, perhaps there is additional logging I could switch on
> somewhere to make the event log pop up some diagnostics. Can anyone
> recommend a Web site or textbook that might help?
> ******
> I am still experiencing this problem despite trying absolutely everything
> I can think of.
> There is one other reference to a similar issue in the archives of this
> newsgroup - the advice was, however, limited to 'reinstall XP' which I am
> of course prepared to do if I must (I have tracked down the product key,
> have the CDs, etc.). But SOMEONE out there must know enough about the
> innards of XP to be able to give me a clue what is happening. The other
> poster was basically told to go re-install XP and stop worrying about
> trivia, and appears to have accepted this. But I don't see this as trivia,
> I have an
> operating system which is not working correctly and no-one can tell me
> why.
> SFC /scannow comes up clean, no viruses (AVG both updated and used
> regularly), no spyware (Ad-Aware and Spybot both updated and used
> regularly), no CWS, nothing unexpected in HijackThis or msconfig, and the
> problem is the same when running in Safe Mode signed on as Administrator.
> There are no other weird symptoms of any sort on this computer (in fact it
> behaves miles better than any other PC I have had that hasn't had a
> re-install for nearly 18 months - I do like XP really).
> I did wonder if opportunistic locking could be anything to do with it? Any
> comments? (Not sure whether XP Home supports this anyway.)
> Note that I can write out a *com.dll file absolutely fine from elsewhere
> via a share. I can also read, run, move, rename, copy *com.dll files. I
> just can't write bytes to one.
> ******
> [a fellow sufferer!]
> "pt" <ppt002@pandora.be> wrote in message
> news:9c3189bc.0406061353.59f3e300@posting.google.com...
>> Hello,
>> just af the same prop here, but this on a XP Pro
>> not possible to install NAV 2004 & Nero 6....
>> noth failing on a *com.ddl "the system cannot find the file found"
>> PT
> ******
> [my response:]
> That's the one.
> I, also, tried installing NAV 2004 - same problem (needless to say).
> Interesting that it happens on XP Pro as well as Home.
> Do you have anywhere else you can turn for support? I have got nowhere
> either here or on Experts Exchange (one of the specialists on the latter
> did
> try very hard to think of something, but has not done so as yet).
> Symantec just told me to send them screen dumps of the error messages,
> i.e. were as much use as a chocolate fireguard.
> No-one seems to understand that this is a simple issue with writing out
> data to files with names of a specific structure - it appears to be
> neither application-dependent nor disk drive hardware-dependent in any
> way. Surely SOMEONE understands the way in which XP accesses a file system
> well enough to be able to diagnose this problem, or at least to be able to
> suggest additional logging we could switch on for diagnostic purposes?
>
>

Relevant Pages

  • Re: not possible to write to files with names like *com.dll
    ... > I am at my wits' end re the below problem, posted on the Windows XP ... > (Symantec online, since NAV won't install) comes up clean. ... > perhaps there is additional logging I could switch on somewhere to make ... > event log pop up some diagnostics. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Activation of Windows XP after major Crash
    ... The results of the diagnostics have been posted and I am awaiting a reply. ... Windows Product ID Type: 5 ... Download unsigned ActiveX controls: Disabled ... Initialize and script ActiveX controls not marked as safe: ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Windows wont boot. Need help.
    ... I'm planning to buy another hard disk, install Windows on it and copy the data from the old hard ... Run the DRIVE MANUFACTURER'S diagnostics, downloaded from the mfr's web site, on the hard drive. ... Also run HDAT2, a free download, to examine the SMART data on the drive. ... The computer will only boot in safe mode and software can't be installed in safe mode. ...
    (alt.sys.pc-clone.dell)
  • Re: Windows wont boot. Need help.
    ... I'm planning to buy another hard disk, install Windows on it and copy the data from the old hard ... Run the DRIVE MANUFACTURER'S diagnostics, downloaded from the mfr's web site, on the hard drive. ... The computer will only boot in safe mode and software can't be installed in safe mode. ... You need a version of SeaTools that is self-booting and runs under DOS. ...
    (alt.sys.pc-clone.dell)
  • Re: Computer keeps restarting
    ... The problem seems to be the startup of Windows. ... Therefore the doors (memory) are still not exonerated ... Foundation is the power supply system. ... diagnostics, well, that memory diagnostic will not report accurately ...
    (microsoft.public.windowsxp.general)
Loading