I tried a repair install on Windows XP, but in the middle of it it tried to run rundll32.exe and is now asking me to choose a program to open with. I posted for help about the original virus on the forums, and got asked for a log. But, I can't get to a log because I'm stuck in this install! I tried opening runndll32 with a program (i.e notepad) and it opens up but then the open with... box comes right back right away.
How can I get out of this without losing data? If I just turn off the computer, will my stuff (windows included) be safe?

Has anyone else run into this problem? apparently it's a new, really crappy virus.

I will post on how to solve it if I ever get out of this screen! WHat do I do?

Anyways, I'm just waiting here, halfway through a repair install. Stuck. Help would be appreciated, and thanks!

Recommended Answers

All 19 Replies

What happens to your sys will depend upon exactly where you are stuck in the Repair job. Past the "copying Files" point and things will get interesting. I spose I should point out that repairs etc should only be done on a clean sys.... a virus or worm would have a ball with all those files coming in. Only some of them are protected. In those cheap movies I longed for someone to pull the plug on the deranged computer, but they never did. Pull it, and you may not have a working OS with which to run cleaning scans. Slave the drive in another puter and a half decent worm or virus would infect that one too. Heck, what are friends for, but to join with you against the odds...?
K, does ctrl-alt-del get you Task Manager?

I've never done this stuff, but what you would need to scan your sys is a bootable USB [thumb] drive, and a suitable AV to run from the command line. Or a liveCD AV.
Avira has some goodies... http://www.free-av.com/en/download/index.html
Their LINUX-based Rescue System which burns a bootable CD for you, would allow you to copy out files to CD etc...
NTFSforDOS loaded on a thumdrive probably would do the same thing, but would also allow you to run a suitable DOS-based AV from the thumb drive.
And one of those scans would be.. well, you google for your choice of "free DOS command line AV scanner"
Or "free live CD AV scanner"
Something by Dr Web, maybe?
Good luck.. :)

Mmm... I just glanced at your earlier post... and I am not the person you wish to hear from.
But the keys you want are :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
or HKEY_CURRENT_USER...
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
-these are the common autorun keys that are used to load and start files at the various stages of the loading of Windows.
But I have not come across your particular malware; well, you do not specify it.

Hey-
Not sure how far along I am.

One the left, there are those green lights telling you how far you are, and the:

"collecting information", "Dynamic Update", and "preparing installation" are all lit.

The "installing windows" and "finalizing install" are unlit.

I am in the installing windows phase, but I don't know how far exactly. It doesn't quite give you a precentage or a list of tasks done, just a clock countdown. It started at 39 inutes, but now it's stuck at 33 min, so I suppose I'm about 15-20% done.

I am stuck working on the rundll32.exe

I am trying to figure out if I can 'pull the plug' without damaging anything, or how I can get out of this and still be able to boot.

I'm hoping that a repair install just maybe overwrites files one at a time, so all the ones before this point are new and the ones after havn't been touched? Or, maybe, it doesn't 'remember' everything until the finalization phase.

ALSO, ctr/alt/delete doesn't get me anything, not even the task manager.

Thanks for your help.

Well if u r getting stuck at a point while the installation is goin on for a freash version of XP then check the source from where u r installing.. maybe a file in that source (Cd/DVD) maybe corrupted and hence the installation stops... the way u can get your data safely out is make your hard drive as slave in some other PC and move data from ur disk to the other one... But be careful tat if any viruses are there in ur drive they don get transferred... Ctrl/alt/del won't give u anythin if the virus has disabled the taskmanager...

There is no way to safely abort that I know of. Unless someone can say otherwise, I reckon you are going to have to see it through.

Hey-
I don't know how to see it through, I am stuck at the 'open with...' box. When I choose a program, it opens the file, but the box is still there trying to open it again.

what would happen if I just turned off the computer?

At the stage you are in, Setup is checking your hardware, copying in and installing related drivers. I don't know if it is actually registering them at this point. But if you pull the pin I am fairly certain XP will not start, rather it will try to re-enter Setup again, and ask if you wish to boot from the cd. No other option, I am afraid, as far as I can see. [If you don't press a key to boot from the cd it will try to boot from your hdd... okay, see if it can.... and we'll both learn something!]

Okay, pulled the plug. Turned off, and when I restarted I went into setup and switched my boot order to try the HDD first. That went okay until halfway through the windows welcome screen (with the big window and the status bar, right after the 'dell' bios setup screen thing) and then halfway through the welcome screen it stopped.

Then, I got a light blue (NOT the scary blue screen) screen that said 'setup is being restarted', and it took me to almost right back to where I had turned it off. It had gotten frozen with 33 minutes left in the 'install' part, and now it went back and started the install back at 39 minutes (read my previous posts if that makes no sense, the 'minutes' are explained there)

OKay, so.... crap.

Yep, I follow you. And did it stop again with the rundll32 msg as before or just freeze at 34 mins?
During Setup you can press Shift+F10 to enter the cmd mode once the progress has reached a certain stage... Installing Devices. Check in C:\Windows\setupapi.log for any logged problem... it will appear at the very bottom of the file. At the cmd prompt just type ...
C:\Windows\setupapi.log ..the log will open in notepad. If that does work then you can also get into My Computer by going File > Open... in that notepad. If the notepad will not open then simply list the file in the cmd window -enter...
type C:\Windows\setupapi.log |more
Say what you find....

Heya, crunchie... :)

I see you gerbil :). How is it?

Orright. I've switched my focus after a break just sos I pick up on other stuff. Hope the grub stomping is still going well.

Now, after the 'windows is restarting setup' page, it just goes black and the mouse pointer appears and can move but that's all that's going on. It's been about 5 minutes so far of nothing. I'm going to restart it and switch my boot to CD

Still nothing. Now I can't even get back to the install page, it just freezes.

Hope the grub stomping is still going well.

Like a charm :D

Woliver, ...damn... but I was expecting failure on this one. I think you are going to have to go back to my earlier post and clean the drive of whatever malware was interfering with the Repair. It would possibly do the same thing to a fresh installation. On that point, if you had room enough on the drive to create another partition by shifting a partition boundary then you could try a fresh installation into that. But as I pointed out earlier, it is the job of a decent worm or virus to infect, even across partition boundaries. But if you wish to try it, and I would if it was my machine, GParted 3.7.7 or Parted-Magic-3.0 would be the tools of choice. For me. You make a live cd by burning the iso of choice, and it is bootable. And simple as. Help or guides are on the net.

Thanks I will try. Will post back with results...

Actually, first, I am going to take it to an IT guy my friend just met. If he can figure it out, I will post back how, otherwise, I will try your suggestion. THanks for trying everyone, see you in a few days.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.