Archived from groups: microsoft.public.windowsxp.perform_maintain (
More info?)
Found in another thread... Hope it helps!
_________________________________
Well ultimately I've found the answer, and lo and behold it was a virus. It
didn't have anything to do with the installation I did, however - it had
seemingly been on my PC for almost a month without doing anything.
The virus is a Trojan called 'Winshow'.
Here is the fix...
This problem is created by a trojan (VBS_Winshow.A, as Trend Micro refers to
it as)
http://www.trendmicro.com/vinfo/vir...NSHOW.A&VSect=T
or adware as Symantec refers to it as.
http://securityresponse.symantec.co...re.winshow.html
This past weekend happens to be about the one month anniversary of its
initial appearance; perhaps this is the reason why it the 'copy' error
started showing up. On my machine, it looks like it first deposited itself
on 10/30/03. Its main impact for me was it would not allow multiple launches
of IE from the desktop icon, and it became impossible over the weekend to
synch my pda, HD MP3 player or use my multi-card reader, and impacted
anything else that was hooked up through my USB 2.0 card. IE session since
the beginning of November have seemed somewhat buggy; anything depending
upon a plug-in applet (like Java) took FOREVER to load. The 'copy' boot
error does not show up with every bootup or login, making it seem like the
problem goes away.
In 2000/XP, you need to search for the folders Winshow and Winlink, usually
deposited in C:\ Documents and Settings \ (user) \ Local Settings \
Application Data, where (user) is whatever name you log into or use XP/2000
with. If you have them, you will need to delete eventually, but you'll first
have to delete the registry entries (if you don't, the trojan will simply
recreate the folders with the next bootup). There probably is the file
'msupdater.exe' on your machine as well, this and the two folders have been
associated as a IE hijacker routine a number of people have reported on the
internet.
Norton's WinDoctor can delete some of the registry entries (it did for me,
but it didn't get everything), but you really need to use it or better yet,
use Hijack This, booted into Safe Mode (where the trojan isn't allowed to
start before attempting to delete its components).
For those who don't know, Hijack This is an anti-hijacking app is easy to
find (and best of all, is free). You can find it on CNET and other places to
download. In my case, it came in a .zip file; within it was a .exe file that
launches Hijack This when clicked. It doesn't appear to install itself to
Windows. Upon starting in Safe Mode, you should get a window; select Scan,
and in a second or two you will get a listing of the processes that launch
on startup with your specific computer. Look for the Winlink and Winshow
entries (under BHO on my computer), click the tick boxes, and click Fix
Check.
Once done, you can reboot normally, go and find the the msupdater.exe file,
Winshow and Winlink folders and delete w/o them showing up again.
To further clean up, you can go into the registry (with regedit, but only if
you know what you're doing in there), and search for both winlink and
winshow; there may be remnants still lurking as there were on my computer.
If you find them, delete them; the trojan shouldn't be active at this point
so it shouldn't recreate them. NOTE: if you have multiple login user
identities on your machine, you may have to do this exercise for EACH one.
If you're knowledgeable and brave enough, you can delete the registry
entries in Safe Mode also, without using Hijack This or any other app.
the above from a Google search
peterk
"Justa User" <JustaUser@discussions.microsoft.com> wrote in message
news:93DFE5DE-5B73-4E07-B1BC-DA539212083E@microsoft.com...
> Within the last two weeks my PC has been locking up. When I look in Task
> Manager, the only application running is "Sysfader." This is new; how can
> I
> get rid of it? I have searched the web and all I find are angry reports
> from
> other users with the same problem and no solution.
> --
> Justa User
Facebook
Twitter
Instagram