Sign in with
Sign up | Sign in
Your question
Closed

What is Sysfader and why is it locking up my PC?

Last response: in Windows XP
Share
Anonymous
March 8, 2005 11:33:02 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Within the last two weeks my PC has been locking up. When I look in Task
Manager, the only application running is "Sysfader." This is new; how can I
get rid of it? I have searched the web and all I find are angry reports from
other users with the same problem and no solution.
--
Justa User

More about : sysfader locking

Anonymous
March 9, 2005 9:26:26 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Found in another thread... Hope it helps!
_________________________________
Well ultimately I've found the answer, and lo and behold it was a virus. It
didn't have anything to do with the installation I did, however - it had
seemingly been on my PC for almost a month without doing anything.

The virus is a Trojan called 'Winshow'.

Here is the fix...
This problem is created by a trojan (VBS_Winshow.A, as Trend Micro refers to
it as)
http://www.trendmicro.com/vinfo/vir...NSHOW.A&VSect=T

or adware as Symantec refers to it as.

http://securityresponse.symantec.co...re.winshow.html

This past weekend happens to be about the one month anniversary of its
initial appearance; perhaps this is the reason why it the 'copy' error
started showing up. On my machine, it looks like it first deposited itself
on 10/30/03. Its main impact for me was it would not allow multiple launches
of IE from the desktop icon, and it became impossible over the weekend to
synch my pda, HD MP3 player or use my multi-card reader, and impacted
anything else that was hooked up through my USB 2.0 card. IE session since
the beginning of November have seemed somewhat buggy; anything depending
upon a plug-in applet (like Java) took FOREVER to load. The 'copy' boot
error does not show up with every bootup or login, making it seem like the
problem goes away.

In 2000/XP, you need to search for the folders Winshow and Winlink, usually
deposited in C:\ Documents and Settings \ (user) \ Local Settings \
Application Data, where (user) is whatever name you log into or use XP/2000
with. If you have them, you will need to delete eventually, but you'll first
have to delete the registry entries (if you don't, the trojan will simply
recreate the folders with the next bootup). There probably is the file
'msupdater.exe' on your machine as well, this and the two folders have been
associated as a IE hijacker routine a number of people have reported on the
internet.

Norton's WinDoctor can delete some of the registry entries (it did for me,
but it didn't get everything), but you really need to use it or better yet,
use Hijack This, booted into Safe Mode (where the trojan isn't allowed to
start before attempting to delete its components).

For those who don't know, Hijack This is an anti-hijacking app is easy to
find (and best of all, is free). You can find it on CNET and other places to
download. In my case, it came in a .zip file; within it was a .exe file that
launches Hijack This when clicked. It doesn't appear to install itself to
Windows. Upon starting in Safe Mode, you should get a window; select Scan,
and in a second or two you will get a listing of the processes that launch
on startup with your specific computer. Look for the Winlink and Winshow
entries (under BHO on my computer), click the tick boxes, and click Fix
Check.

Once done, you can reboot normally, go and find the the msupdater.exe file,
Winshow and Winlink folders and delete w/o them showing up again.

To further clean up, you can go into the registry (with regedit, but only if
you know what you're doing in there), and search for both winlink and
winshow; there may be remnants still lurking as there were on my computer.
If you find them, delete them; the trojan shouldn't be active at this point
so it shouldn't recreate them. NOTE: if you have multiple login user
identities on your machine, you may have to do this exercise for EACH one.
If you're knowledgeable and brave enough, you can delete the registry
entries in Safe Mode also, without using Hijack This or any other app.

the above from a Google search
peterk
"Justa User" <JustaUser@discussions.microsoft.com> wrote in message
news:93DFE5DE-5B73-4E07-B1BC-DA539212083E@microsoft.com...
> Within the last two weeks my PC has been locking up. When I look in Task
> Manager, the only application running is "Sysfader." This is new; how can
> I
> get rid of it? I have searched the web and all I find are angry reports
> from
> other users with the same problem and no solution.
> --
> Justa User
Anonymous
March 10, 2005 12:11:25 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Have you checked for spyware/malware?

http://www.microsoft.com/downloads/details.aspx?FamilyI...
Microsoft program - previously released by Giant Software.

Information about malware:
http://arstechnica.com/articles/paedia/malware.ars

Unexplained computer behavior may be caused by third-party software
http://support.microsoft.com/default.aspx?scid=kb;en-us;827315

http://www.microsoft.com/athome/security/spyware/defaul...
Fight Spyware – articles by Microsoft

Spyware Programs links:-
www.lavasoftusa.com Ad-Aware (make sure you update all definitions)
www.security.kolla.de Spybot (make sure you update all definitions)

SpywareBlaster
http://www.javacoolsoftware.com/spywareblaster.html

Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm



Justa User wrote:
> Within the last two weeks my PC has been locking up. When I look in
> Task Manager, the only application running is "Sysfader." This is
> new; how can I get rid of it? I have searched the web and all I find
> are angry reports from other users with the same problem and no
> solution.
Related resources
Anonymous
March 10, 2005 12:11:26 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I have already thoroughly checked for spyware/malware using a number of
programs - Microsoft's Beta Antispyware, Ad-Adware, Spybot S&D. and use
Norton Antivirus for virus checking. None of these programs fixed it, or
have references to it on their sites.

"Taurarian" wrote:

> Have you checked for spyware/malware?
>
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
> Microsoft program - previously released by Giant Software.
>
> Information about malware:
> http://arstechnica.com/articles/paedia/malware.ars
>
> Unexplained computer behavior may be caused by third-party software
> http://support.microsoft.com/default.aspx?scid=kb;en-us;827315
>
> http://www.microsoft.com/athome/security/spyware/defaul...
> Fight Spyware – articles by Microsoft
>
> Spyware Programs links:-
> www.lavasoftusa.com Ad-Aware (make sure you update all definitions)
> www.security.kolla.de Spybot (make sure you update all definitions)
>
> SpywareBlaster
> http://www.javacoolsoftware.com/spywareblaster.html
>
> Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
> http://mvps.org/winhelp2002/unwanted.htm
>
>
>
> Justa User wrote:
> > Within the last two weeks my PC has been locking up. When I look in
> > Task Manager, the only application running is "Sysfader." This is
> > new; how can I get rid of it? I have searched the web and all I find
> > are angry reports from other users with the same problem and no
> > solution.
>
>
May 23, 2011 9:44:01 PM

Justa User.

Thank you very much for the posting. I followed your advice and got rid of my sysfader problem. I had to go into safe mode command line and run regedit in order to remove "weblink" after that I was able to load windows normally and all is well.

Victim no more
May 24, 2011 4:24:55 AM

This topic has been closed by Buwish
!