8 Replies Latest reply on May 11, 2010 6:40 AM by SamSwift

    Windows XP Pro : startup/logon issue OxC00000BB

      Hi, we're having more and more issues with a virus that stops us from logging on Windows XP machines (all updates).

       

      Whe we try to log, we get this message

       

      The system cannot log you on due to the following error: Invalid access to memory location.

       

      If I attempt to logon to the system with a Domain Account or any other account I get the following MS Error Code:

       

      OxC00000BB

      We did windows repair, all updates, put the drive as slave in another pc (can't use any anti-virus/malware software cause it blocks it). DId full scan with Mcafee 8.5 latest dat files, found nothing.

       

      Finnally we did a scan with Dr Web and sometimes it finds two infected files

      a0000258.exe

      beghrt.tmp

       

      which he says are infected with

      auxspy.70

      auspy.72

       

      If he finds it and deletes them we're able to log back on the machine. If not we still can't

       

      Did a call with MS and they found a reg key  Under HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Drivers32

       

      midi9 REG_SZ C:\Windows\..\kft.bak 0yAAAAAAAA

       

      the kft.bak can change but it's always something close to and 0yAAAAAAAA is always there.

       

      what it does is it creates a files in the %TEMP% called by the same name.

       

      If we delete it something recreates it (process link to explorer.exe) and then tries to stream more files with it.

       

      We've find no way to block it, only one way to clean it, but ot doesn't always work.

       

      Any ideas?

       

      Our antivirus is mcafee 8.5 with EPO 4.5 all updated.

       

      Also found a thread related to the same issue

      http://forums.techguy.org/windows-xp/868562-solved-windows-xp-pro-startup-2.html

       

      Thks in advance.