When Malware attacks Service.exe Status Code -1073741482
One of my client came to me with an laptop that seems to auto shutdown when getting into the log-in screen. When turning on the computer, once the laptop gets into the log-in screen, an error message pop-up. “‘C:\WINDOWS\SYSTEM32\services.exe’ terminated unexpectedly with status code -1073741482.The system will now shut down.” This is followed by a 30 second count down that will eventually shut down the computer. I was unable to log-in at all. The following are the steps I took to investigate and solve the problem.
- Boot into safe mode- on a dell laptop, press F8 after turning on the computer and select Safe Mode with Network
- Tried to install Malewarebytes, was unable to start the problem, same thing happen with other various anti-maleware programs.
- Services seems to constantly start and stop, explorer.exe was constantly crashing.
- At this point it looks like the maleware is either corrupt or deleted important system files from the system.
- Boot the computer using the XP CD. (It would be best to have a windows cd that has the same Service pack as the one your computer is currently on, if not you will need to reinstall the service pack)
You may need to change the boot order in the system BIOS so the CD boots before the hard drive. Check your system documentation for steps to access the BIOS and change the boot order. - When you see the “Welcome To Setup” screen, you will see the options below
This portion of the Setup program prepares Microsoft
Windows XP to run on your computer:To setup Windows XP now, press ENTER.
To repair a Windows XP installation using Recovery Console, press R.
To quit Setup without installing Windows XP, press F3.
- Press enter , do not choose “To repair a Windows XP installation using the Recovery Console, press R“,Accept the License Agreement and Windows will search for existing Windows installations.
- Select the XP installation you want to repair from the list and press R to start the repair. If Repair is not one of the options, END setup
- Windows will start copying and rewriting all the necessary files and reboot
- When windows reboot again, do not press any cd to boot from the cd when the message appear.
- Follow through the installation process
- You should be able to log in now, I went ahead and install maelwarebytes and did a fast scan
- found various malwares, trojans and backdoor went ahead and remove them and reboot
- I usually start with a fast scan, if I find something I would usually follow up with a full scan
- Perform a full scan, remove any malware objects and reboot
- Reset Internet Explorer browser setting to default
- Run windows updates and install any security updates (In my case since the computer was original a SP3, and the windows CD was a SP2, I had to reinstall SP3)
- Update Flash player, Java
At this point I did another fast scan to make sure everything was fine and did a hijackthis scan. Everything looked good! I went ahead a did a performance tune up to make the computer faster and remove/delete system restore in case there were additional maleware in the system restore files.
Tools Used
- Malewarebytes -www.malwarebytes.org
- Hijackthis- http://free.antivirus.com/hijackthis/
