What is an InterNUT?
… …………… Gentle Readers, Gentils Lecteurs … …………… 
.
This night, instead of sleeping like most normal human being, I was up and running to check what’s happen to the recent Microsoft update for Windows XP, which was in an unattended installation… And, by the way, instead of waiting for the result, I was surfing on Internet and checking the Yahoo! site called “Yahoo Answer”. Whilst browsing in the site I found a question posted two hours ago from a user and, as usual when I know the answer, I prepare off-line, a complete answer to the asked question…
Subject & Themes / Sujet & Thèmes
The user was very confused and focus on an error message common to Windows OS in some circumstances: “The memory could not be read (or write) at the address… blah blah blah”.
But this user reveal some aspect of his [temporary?] status of InterNUT © climenole.
So, here my answer and the interesting aftermath… 
First let me give you the translation of the error description by Mr. Jean-Claude Bellamy, MS MVP, engineer at EDF and one of the most respected expert for MS Windows OS:
” This error stems from a software problem. The memory could not be read or write to mean a given moment in application running in the foreground, there is attempt to read a memory address that is “outside the boundaries” Under NT, preemptive multitasking OS, any application (user level) is assigned a memory, not shared with other applications, and conversely the application be held in this memory. If, by chance, it needs more memory, it made the request “official” system, which will award him the “rab” equally “official”. But she has no right to use any single one! ; +) It is totally forbidden to access (read or write) to the memory unauthorized.
This may occur, usually following a bug in the application (or install). The typical case occurs when using pointer (variable containing memory addresses). If the developer has failed to properly initialize the pointer to the execution the program will want to read or write to memory address “0″, which is (and because,in the case this address does not match anything).
Often, it is an irreparable error of the application (bug as already said). So contact the editor, expect a new version.
In other cases, it is a weird case, not provided by the publisher who crashed only with hardware configurations and / or very special software.” JCB
A) THE PROBLEM analysed
1) Now this is the error message you have:
“svchost.exe – Application error
the instruction at 0×46fe453a referenced memory at 0×46fe453a. the memory could not be written…”
a) The explanation given before may help you to understand what’s going wrong
but not the solution to fix that mess.
b) In the case of your problem it’s obviously a case of a “very special softwareS”:
at least one cracked software plus the “gifts” added with that kind of stuff.
2) This is the first error YOU make:
“I’ve downloaded a73 piano station w/ crack(i have no money to buy a license)”
Cracked softwares founded mainly in warez sites are one of the main sources of malwares.
When you get “free” stuff from them they also give you a “gift” with it: a dropper, a downloader
or any kind of malware to infect your system. I remark that your AntiVirus makes no warning
when you download and installed this cracked program…
Did I’m right? May be the “On Access” protection was not enabled or this is a very bad AV or there is some vulnerability in the security process…
To verify by yourself what I’m saying here I suggest you to use one of these Firefox extensions to check with trustable sources of information about the web sites you visit:
As stated by Bruce Schneier, “Security is not a product, it’s a process” and the most important
factor into Internet security in the behaviour of the user not mainly the security tools used.
This is called the “Safe-Hex” and that’s the basic knowledge to avoid mess like the one we’re
talking about.
About B. Schneier
A reference for you: Safe Hex – Safe Computing Tips
Courtesy of the alt.comp.virus newsgroup participants.
3) This is the second error YOU make:
“i left my computer open for 5 hours and when i was gone my brother messed it up…”
No Sir. You make the mess. Take your responsability please. You own this PC?
So you are the system administrator and responsible for what’s happen to it and with it.
4) This is one of the symptoms resulting from your first error:
“i used avg antivirus and hell it scanned 1672 virus infected files…”
Not one or two: 1672!
So for a cracked software you will have to loose your time and may be some of your
valuable data… What is the value of your time? How much per hour?
B) THE SOLUTIONS: hints to get out of that mess
[I guess you're using W xp using my Crystal Ball... ]
1) Boot the PC in Safe Mode
a) Stop the System Restore service
Malwares infect the SR files and makes them useless.
In the familly of malwares, the worms used also the
System Restore to restore … themselves!
Since we have no idea if it’s the case of your PC
and it’s possibly infected by at least one worm,
this is the best and reasonable decision.
From the Control Panel
System / System Restoration tab / check the option to disable SR
This will stop the SR service and delete all SR points in your system.
b) keep the system at minimal for booting:
Disable all programs running at the user startup
EXCEPT the anti-virus (and, if it’s apply, the 3 rd party Firewall)
Start / Run / msconfig
startup tab: uncheck all programs to disable them
Then reboot…
2) Check if you have an access to Internet
If you have an access to Internet:
a) update your AV and run a scan
b) make a cross check with an online AV such as:
….TrendMicro
….Works with any web browser and used Java to run the scan.
c) Use the COMBO FIX from Bleeping Computer:
….Read and follow carefully the instructions.
If you don’t have an access to Internet:
a) Use an other computer with an Internet access and:
.- download the Ultimate Boot CD for Windows
…This include many AVs: read the warning about AVs……
.- Burn the ISO file on a CD with your CD burner program or use this one:
…InfraRecorder
b) Boot the infected PC with this CD
- Check the Bios setup to be sure the CD reader is the First bootable device and the Hard disk the second…
- Boot on this CD and run the AVs
- Restart your computer at the very end of the process.
Hope this help. Let us know.
Aftermath…
So I was a bit proud of my answer and I returned to the Yahoo Answer to reply to this user question and discover user delete the message posted a couple hours ago…
This story shows you what I mean by InterNUT:
- Post a question without giving all pertinent informations e.g. on which OS…
- Make no research by himself
- Download cracked programs as well as clicking on any link without thinking B4
- Reject his own responsability to others, in this case “his brother” (usually it’s Bill Gates)
- Have thousands infected files even with an AV installed
- Don’t wait for the answer and, I’m pretty sure of this, going to reinstall Windows from scratch loosing datas and the occasion to learn and becomes an Internaut or, if you prefer, a cybercitizen.
Well, did I waste my time? Absolutely not: I posted this story here because I’m sure that you, my valuable readers, will learned from this and stay away of that “e-st00pidity”.
Your Comment… / Votre Commentaire…
.
Publishing tools / Outils de publication
.
[{p ٧ ¬p}W{p ۸ ¬p}] ٧ significare aut crepare ٧ σημασία ἤ θόρυβος …
Claude LaFrenière
K'iou Hsi 久喜
