Closed

What is Sysfader and why is it locking up my PC?

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Within the last two weeks my PC has been locking up. When I look in Task
Manager, the only application running is "Sysfader." This is new; how can I
get rid of it? I have searched the web and all I find are angry reports from
other users with the same problem and no solution.
--
Justa User
5 answers Last reply
More about what sysfader locking
  1. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    Found in another thread... Hope it helps!
    _________________________________
    Well ultimately I've found the answer, and lo and behold it was a virus. It
    didn't have anything to do with the installation I did, however - it had
    seemingly been on my PC for almost a month without doing anything.

    The virus is a Trojan called 'Winshow'.

    Here is the fix...
    This problem is created by a trojan (VBS_Winshow.A, as Trend Micro refers to
    it as)
    http://www.trendmicro.com/vinfo/vir...NSHOW.A&VSect=T

    or adware as Symantec refers to it as.

    http://securityresponse.symantec.co...re.winshow.html

    This past weekend happens to be about the one month anniversary of its
    initial appearance; perhaps this is the reason why it the 'copy' error
    started showing up. On my machine, it looks like it first deposited itself
    on 10/30/03. Its main impact for me was it would not allow multiple launches
    of IE from the desktop icon, and it became impossible over the weekend to
    synch my pda, HD MP3 player or use my multi-card reader, and impacted
    anything else that was hooked up through my USB 2.0 card. IE session since
    the beginning of November have seemed somewhat buggy; anything depending
    upon a plug-in applet (like Java) took FOREVER to load. The 'copy' boot
    error does not show up with every bootup or login, making it seem like the
    problem goes away.

    In 2000/XP, you need to search for the folders Winshow and Winlink, usually
    deposited in C:\ Documents and Settings \ (user) \ Local Settings \
    Application Data, where (user) is whatever name you log into or use XP/2000
    with. If you have them, you will need to delete eventually, but you'll first
    have to delete the registry entries (if you don't, the trojan will simply
    recreate the folders with the next bootup). There probably is the file
    'msupdater.exe' on your machine as well, this and the two folders have been
    associated as a IE hijacker routine a number of people have reported on the
    internet.

    Norton's WinDoctor can delete some of the registry entries (it did for me,
    but it didn't get everything), but you really need to use it or better yet,
    use Hijack This, booted into Safe Mode (where the trojan isn't allowed to
    start before attempting to delete its components).

    For those who don't know, Hijack This is an anti-hijacking app is easy to
    find (and best of all, is free). You can find it on CNET and other places to
    download. In my case, it came in a .zip file; within it was a .exe file that
    launches Hijack This when clicked. It doesn't appear to install itself to
    Windows. Upon starting in Safe Mode, you should get a window; select Scan,
    and in a second or two you will get a listing of the processes that launch
    on startup with your specific computer. Look for the Winlink and Winshow
    entries (under BHO on my computer), click the tick boxes, and click Fix
    Check.

    Once done, you can reboot normally, go and find the the msupdater.exe file,
    Winshow and Winlink folders and delete w/o them showing up again.

    To further clean up, you can go into the registry (with regedit, but only if
    you know what you're doing in there), and search for both winlink and
    winshow; there may be remnants still lurking as there were on my computer.
    If you find them, delete them; the trojan shouldn't be active at this point
    so it shouldn't recreate them. NOTE: if you have multiple login user
    identities on your machine, you may have to do this exercise for EACH one.
    If you're knowledgeable and brave enough, you can delete the registry
    entries in Safe Mode also, without using Hijack This or any other app.

    the above from a Google search
    peterk
    "Justa User" <JustaUser@discussions.microsoft.com> wrote in message
    news:93DFE5DE-5B73-4E07-B1BC-DA539212083E@microsoft.com...
    > Within the last two weeks my PC has been locking up. When I look in Task
    > Manager, the only application running is "Sysfader." This is new; how can
    > I
    > get rid of it? I have searched the web and all I find are angry reports
    > from
    > other users with the same problem and no solution.
    > --
    > Justa User
  2. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    Have you checked for spyware/malware?

    http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en
    Microsoft program - previously released by Giant Software.

    Information about malware:
    http://arstechnica.com/articles/paedia/malware.ars

    Unexplained computer behavior may be caused by third-party software
    http://support.microsoft.com/default.aspx?scid=kb;en-us;827315

    http://www.microsoft.com/athome/security/spyware/default.mspx
    Fight Spyware – articles by Microsoft

    Spyware Programs links:-
    www.lavasoftusa.com Ad-Aware (make sure you update all definitions)
    www.security.kolla.de Spybot (make sure you update all definitions)

    SpywareBlaster
    http://www.javacoolsoftware.com/spywareblaster.html

    Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
    http://mvps.org/winhelp2002/unwanted.htm


    Justa User wrote:
    > Within the last two weeks my PC has been locking up. When I look in
    > Task Manager, the only application running is "Sysfader." This is
    > new; how can I get rid of it? I have searched the web and all I find
    > are angry reports from other users with the same problem and no
    > solution.
  3. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    I have already thoroughly checked for spyware/malware using a number of
    programs - Microsoft's Beta Antispyware, Ad-Adware, Spybot S&D. and use
    Norton Antivirus for virus checking. None of these programs fixed it, or
    have references to it on their sites.

    "Taurarian" wrote:

    > Have you checked for spyware/malware?
    >
    > http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en
    > Microsoft program - previously released by Giant Software.
    >
    > Information about malware:
    > http://arstechnica.com/articles/paedia/malware.ars
    >
    > Unexplained computer behavior may be caused by third-party software
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;827315
    >
    > http://www.microsoft.com/athome/security/spyware/default.mspx
    > Fight Spyware – articles by Microsoft
    >
    > Spyware Programs links:-
    > www.lavasoftusa.com Ad-Aware (make sure you update all definitions)
    > www.security.kolla.de Spybot (make sure you update all definitions)
    >
    > SpywareBlaster
    > http://www.javacoolsoftware.com/spywareblaster.html
    >
    > Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
    > http://mvps.org/winhelp2002/unwanted.htm
    >
    >
    >
    > Justa User wrote:
    > > Within the last two weeks my PC has been locking up. When I look in
    > > Task Manager, the only application running is "Sysfader." This is
    > > new; how can I get rid of it? I have searched the web and all I find
    > > are angry reports from other users with the same problem and no
    > > solution.
    >
    >
  4. Justa User.

    Thank you very much for the posting. I followed your advice and got rid of my sysfader problem. I had to go into safe mode command line and run regedit in order to remove "weblink" after that I was able to load windows normally and all is well.

    Victim no more
  5. This topic has been closed by Buwish
Ask a new question

Read More

Microsoft Windows XP