If the following error message gets displayed:
———————————-
Important : Potential errors found in the system.
During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql: 1f SYSVER 0xff0024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED
————————————
and/or
—————————————
“A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port0×28f, Baud rat 192000)”
———————————–
This is a VIRUS.
One solution:
- Delete any files under C:\ and My Documents called posxxx.tmp.
- Download VundoFix and ComboFix.
- Run VundoFix first,
- if there are still any files that it can’t delete after rebooting then run ComboFix.
if not working try here:
http://forum.bitdefender.com/index.php?showtopic=3571
and here:
http://forum.bitdefender.com/index.php?showtopic=3561
More info and discution about this Viruses/Spyware/Malware here:
http://www.techspot.com/vb/topic96663.html
preliminary removal instructions here:
http://www.techspot.com/vb/topic58138.html
another source for: C: X/pos.tmp files/fake? warn , here:
http://www.computing.net/security/wwwboard/forum/22230.html
Digg more about this threat here: nt_kernel error 1256
March 4th, 2008 at 10:45 am
VundoFix didn’t do anything but….Wow…ComboFix really did wonders. Deleted the whole virus completely! Thanks.
February 3rd, 2008 at 10:22 pm
My friend is havin the same problem. The only thing i suggest is go to:
start
programs
accessories
system tools
system restore
if there are any restore points before the date this happened but arent really old, then restore from that point. Restoring will delete any files added to the computer since that point in time. I only reccomend this if there is absolutely nothing you need that was made AFTER the restore point.
January 29th, 2008 at 11:49 pm
Hello, I’ve got this thing a few days ago. Tried to repair windows, many other things. Nothing. Now I found all these posxxx.temp files, but can’t delete it. I get a message “the instruction at “0×01d62739″ referenced memory at “0×02354e50″. The file could not be deleted. ”
Now what? Should I still try to run programs you suggested? Could you post some more info on this issue?
Bitdefender posted a solution: create *.bat file, execute, etc.
I am not a pro, and by now I am very confused in all different instructions. I also can’t remove a WLinstaller, which I downloaded at approx. the same time.
Any thoughts?