Microsoft .Net Framework Issue

Toggle sidebar Toggle sidebar
dmott

dmott

Prominent
Jul 10, 2017
2
0
510
When my computer first logs in and loads into the desktop, it keeps throwing me this error message:

http://imgur.com/gallery/dt5vs

my current pc build is:

OS: Windows 10 Home x64
CPU: AMD FX-6200 6 core
GPU: 2047MB NVIDIA GeForce GTX 760
RAM: 16GB Dual-Channel DDR3 @716MHz (6-8-8-21)
STORAGE: 1863GB WD WDC WD2002FAEX
MOBO: MSI 990FXA-GD80 (MS-7640)

Additionally, here is the detailed report generated from the error message.

See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text ************** System.IO.IOException: The process cannot access the file 'C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append) at windows8.Form1.Form1_Load(Object sender, EventArgs e) at System.EventHandler.Invoke(Object sender, EventArgs e) at System.Windows.Forms.Form.OnLoad(EventArgs e) at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl() at System.Windows.Forms.Control.WmShowWindow(Message& m) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
************** Loaded Assemblies ************** mscorlib Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.8784 (WinRel.050727-8700)
CODEBASE: FILE:///C:/WINDOWS/MICROSOFT.NET/FRAMEWORK64/V2.0.50727/MSCORLIB.DLL
windows8 Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0
CODEBASE: FILE:///C:/USERS/DOM/APPDATA/LOCAL/TEMP/RARSFX1/SYSTEM.EXE
Microsoft.VisualBasic Assembly Version: 8.0.0.0 Win32 Version: 8.0.50727.8784 (WinRel.050727-8700)
CODEBASE: FILE:///C:/WINDOWS/ASSEMBLY/GACMSIL/MICROSOFT.VISUALBASIC/8.0.0.0_B03F5F7F11D50A3A/MICROSOFT.VISUALBASIC.DLL
System Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.8793 (WinRelRS2.050727-8700)
CODEBASE: FILE:///C:/WINDOWS/ASSEMBLY/GACMSIL/SYSTEM/2.0.0.0_B77A5C561934E089/SYSTEM.DLL
System.Windows.Forms Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.8784 (WinRel.050727-8700)
CODEBASE: FILE:///C:/WINDOWS/ASSEMBLY/GACMSIL/SYSTEM.WINDOWS.FORMS/2.0.0.0_B77A5C561934E089/SYSTEM.WINDOWS.FORMS.DLL
System.Drawing Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.8784 (WinRel.050727-8700)
CODEBASE: FILE:///C:/WINDOWS/ASSEMBLY/GACMSIL/SYSTEM.DRAWING/2.0.0.0_B03F5F7F11D50A3A/SYSTEM.DRAWING.DLL
System.Runtime.Remoting Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.8784 (WinRel.050727-8700)
CODEBASE: FILE:///C:/WINDOWS/ASSEMBLY/GACMSIL/SYSTEM.RUNTIME.REMOTING/2.0.0.0_B77A5C561934E089/SYSTEM.RUNTIME.REMOTING.DLL
************** JIT Debugging ************** To enable just-in-time (JIT) debugging, the .config file for this application or computer (machine.config) must have the jitDebugging value set in the system.windows.forms section. The application must also be compiled with debugging enabled.
For example:
<configuration> <system.windows.forms jitDebugging="true" /> </configuration>
When JIT debugging is enabled, any unhandled exception will be sent to the JIT debugger registered on the computer rather than be handled by this dialog box.

 
Solution
gardenman
Hi, while I can't tell you this for sure, it does appear as if you are infected with some type of malware. I base my thoughts on this page: https://www.bleepingcomputer.com/startups/windows.vbs-5191.html That page also says it is a homepage hijacker, so if your homepage (Browser start page) has been changed around lately without your permission then it's likely you are infected.

It's unlikely (yet possible) that a legitimate script would be placed in Start Menu / Programs / Startup folder.

Download the free version of Malwarebytes and install it. Do a full scan with it and see if it finds anything and fixes the problem for you. If not, report back and we'll look at trying other things.
Sort by date Sort by votes
gardenman

gardenman

Splendid
Moderator
Jun 16, 2016
4,250
495
26,090
Hi, while I can't tell you this for sure, it does appear as if you are infected with some type of malware. I base my thoughts on this page: https://www.bleepingcomputer.com/startups/windows.vbs-5191.html That page also says it is a homepage hijacker, so if your homepage (Browser start page) has been changed around lately without your permission then it's likely you are infected.

It's unlikely (yet possible) that a legitimate script would be placed in Start Menu / Programs / Startup folder.

Download the free version of Malwarebytes and install it. Do a full scan with it and see if it finds anything and fixes the problem for you. If not, report back and we'll look at trying other things.
 
Upvote 1 Downvote
Solution
dmott

dmott

Prominent
Jul 10, 2017
2
0
510


Hello gardenman, this is what I ended up doing. I believe this solved the issue, but I am running a full scan on Windows defender to see if it picks up any residual. When I went to Start Menu / Programs / Startup folder I found a windows script that was the destination of the windows process that was enabled on startup. I have a screenshot of that right here:
http://imgur.com/bv52YQ7

After I deleted and disabled this, another process started to populate in abundance called "windows8." I deleted all these instances of the process, which was about 10 instances, and also deleted the file where "windows8" process was located. The destination of this was in a folder called RarSFX1 and I have a screenshot of that here:
http://imgur.com/2Wbt1LD
 
Upvote 0 Downvote
gardenman

gardenman

Splendid
Moderator
Jun 16, 2016
4,250
495
26,090
Hi dmott, it really sounds like you were (and might still be) infected. Windows Defender is good because it's light on system resource usage, however it's not the best virus scanner when ranked among others. No virus scanner will find ALL viruses, and that includes Windows Defender. When using Windows Defender, I (and others) still recommend a 2nd scanner such as Malwarebytes.

I hope that just deleting the link and closing it out will help you, but I'm doubtful if your system will be "cured" of any problems. Remember that Windows Defender missed it in the first place and allowed it to be installed on your system while running in the background. The problem may reappear on a reboot.

If you don't want to install Malwarebytes or any other anti-virus, then I suggest getting help from the [bleepingcomputer.com forums]. They have experts who deal with viruses and malware everyday.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom