Network Icon red X - NlaSvc service failed - Trend Micro TROJ_Generic.ADV
Current situation...
The NlaSvc Service is failing to start. The symptoms on the desktop are a red "X" on the network icon. (The pop-up message is "Connection status: unknown The dependency service or group failed to start." However, the network connection is working OK, but Vista is apparently unable to recognize the network.
How it started...
Trend Micro detected a problem:
"To remove a trojan horse program we need to restart the computer.
Trojan name: TROJ Generic.ADVRestart now | Restart Later"
On restarting immediately, the entire OS failed and restarted about 4 times. Once boot-up became stable, the network icon contained the red "x", and I eventually discovered the failed NlaSvc.
I have seen two other posts with the identical problem in http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3842672&SiteID=17.
Both Trend Micro and MBAM scans now say the system is clean from threats.
Any ideas how to find/repair the problem with NlaSvc?
Answers
A direct link to the Trend Micro update bulletin.
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038089
The "restore" operation in Trend Micro for the quarantined wextract.exe file did not seem to work.
Hi Corbish,
The Trend Micro falsely reported a Trojan and wrongly quarenteend certain files from c:\windows\system32 and a specific file for Dell computers.
The nlasvc.dll file is to do with Windows Network Location Awareness. It does not stop network access but stops windows from reporting the connection state and therefore errors with the red x.
As per my earlier emal the system32 directory is high protected and to fix the problem you need to replace the nlasvc,dll file with a working one. I have, per my earlier email, put a correct Vista version for use.
If you follow my instructions about taking ownership of the file (using an Adminstrator CMD window), replacing the file and setting the ownership as per the other files in the system32 diectory, then reboot your system. You should have fixed the red x problem and therefore windows ability to report the network connection correctly..
I hope that this helps you further. If my instructions are not clear please let me know where the problem is and I will try and help you further.
Kind regards
Terry
All Replies
I have the very same problem going on, when I hover over the little connection thing near the clock, I get a message saying: "Connection status: unknown The dependency service or group failed to start." I have come to find out that the "dependancy" is service known as NlaSvc, but when I try to start the service, I get an error saying "Windows could not start the NlaSvc service on Local Computer Error 193: 0xc1" the other errors I get are "Configuration Manager: A general internal error occurred. The System cannot find the file specified."
The only thing I could think of was trying to replace the nlasvc.dll in the system32 folder, but even as admin, permission is not granted. Trying to take ownership of the file also doesn't work, so I'm lost on ideas, any help would be great!
- Trend Micro shows that file c:\Windows\System32\wextract.exe was infected. That file is not located on my system... trying to determine if this is related.
Trend Micro has a post today saying that certain pattern files were recognizing Microsoft Operating System files as trojans. The list included wextract.exe
http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=307308&messageID=2850681
Still trying to find out how to restore the wextract file....
A direct link to the Trend Micro update bulletin.
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038089
The "restore" operation in Trend Micro for the quarantined wextract.exe file did not seem to work.
- Hey, I got it all fixed, all you have to do is system restore back to Sept 3. Once you reach your desktop, update Trend Micro to the latest version, and everything will be good again.
Thanks. System restore took care of it.
How to Delete/Change a System File in Windows Vista (and fix nlasvc.dll)
Warning: Do not delete system files. Bad things will probably ensue.
If you need to delete or overwrite a system file in Windows Vista, you'll quickly notice that you cannot delete system files, even as administrator. This is because Windows Vista's system files are owned by the TrustedInstaller service by default, and Windows File Protection will keep them from being overwritten.
Thankfully, there's a way that you can get around this. You need to take ownership of the files, and then assign yourself rights to delete or modify the file. For this, we'll use the command line.
Open an administrator command prompt by typing cmd into the start menu search box, and hit the Ctrl+Shift+Enter key combination.
To take ownership of the file, you'll need to use the takeown command. Here's an example:
takeown /f C:\Windows\System32\nlasvc.dll
That will give you ownership of the file, but you still have no rights to delete it. Now you can run the cacls command to give yourself full control rights to the file:
cacls C:\Windows\System32\nlasvc.dll /G your username:F
At this point, you should be able to delete the file. If you still can't do so, you may need to reboot into Safe Mode and try it again. For the filename in the example, I was able to overwrite it without safe mode, but your mileage may vary.
Oncethe file has been replace you should set the permissions back but…
TrustedInstaller does not exist in the "visible" users and groups as it runs as an NT Service so to restore:
Right mouse button click on the file and choose Properties
Click Security tab
Click Advanced button
Click Owner tab
Click Edit button
Click Other User or Group and type in NT SERVICE\TrustedInstaller
Press Ok on all dialogs until all property dialogs are closed
Kind regards
Terry Downing MBCS CITP MIoD
Chartered Information Technology Professional
- Proposed As Answer byfirie02 Sunday, January 18, 2009 4:10 AM
- Thanks for this.. this worked a treat... almost thought i was going to have to reinstall as System restore wasn't going back far enough..
- Unfortunately, I have a similar problem that I don't have an available restore point, and the workaround with the nlasvc.dll that was posted earlier didn't quite work either. Unfortunately, the files that TrendMicro listed as infected were deleted.
I'm frustrated to no end by this issue, and TrendMicro has proven themselves completely worthless with tech support on their end. At this point, I've spent well over six hours of time trying to resolve the issue, not including the time I wasted with their tech support.
Are there any other suggestions for a work-around, or will I likely have to reload the entire OS?
Thank you!
Thanks, Ohaw. You're my hero. I don't know why we have to go back to Sept 3. (Sept 4 system restore didn't work). The globe is back!- HELP!!!
Where can I find a copy of the nlasvc.dll? I tried the DLL swap that was mentioned earlier, and now Event Viewer is showing a new error "Network List Service is not a valid Win32 application". The DLL I used for the swap was from afreedll website.
Thank you,
~Matt In my own case, wextract.exe was the file that needed to be restored (Nlasvc was the service that was failing, but I don't think there was a problem with the DLL). No matter the answer, the question remains the same... how to restore? I don't know how to restore a system file if your system restore is not available. I assume some version of the missing file is on your OS disk. Whether that can be extracted and installed, and is compatible with other files (updates may have been applied)... not sure. Are you certain you don't have an available check-point on your system restore? I found mine went back many days, and I had never made any special configuration. I'm not that familiar with the feature, but it certainly worked.
The Vista files are available at
ftp://ftp.wisdom-communications.com/
username u39238544-files
password nlasvcfiles
HI dryl,
I found that replacing the nlasvc.dll file did fix the problem with th enetwork connection issues.
- I'm lost on everything. I still have this red X and i am almost positive it was from a trojan horse. i ran trend micro. found nothing. i tried starting the service through the manage computer option. i then tried the command prompt to take ownership then delete the file. i got nothing. im really upset that this isnt working correctly. my system isnt exactly hurt from this it is only that there is no globe just the red x but i still have internet access?
Hi Corbish,
The Trend Micro falsely reported a Trojan and wrongly quarenteend certain files from c:\windows\system32 and a specific file for Dell computers.
The nlasvc.dll file is to do with Windows Network Location Awareness. It does not stop network access but stops windows from reporting the connection state and therefore errors with the red x.
As per my earlier emal the system32 directory is high protected and to fix the problem you need to replace the nlasvc,dll file with a working one. I have, per my earlier email, put a correct Vista version for use.
If you follow my instructions about taking ownership of the file (using an Adminstrator CMD window), replacing the file and setting the ownership as per the other files in the system32 diectory, then reboot your system. You should have fixed the red x problem and therefore windows ability to report the network connection correctly..
I hope that this helps you further. If my instructions are not clear please let me know where the problem is and I will try and help you further.
Kind regards
Terry
Terry,
I replaced both the nlasvc.dll and the wextract.exe in my system32 folder. There was another file on that ftp site, some sort of ini or init file. do I need to replace that also? So far replacing the nlasvc.dll and the wextract.exe file have not restored my system's wireless status, nor allowed the service to restart. I'll let you know as I find more.
John A. Lillard
Helping Hand PC Services
630-940-1718
-------------------------------------------------update-------------------------------------
Sorry,
I must have messed up somewhere. I did not need that init file or whatever it was. All I needed was the nlasvc.dll, when i copied the new file back into the system32 folder, i used the command land and apparently copied the .zip file into the system32 folder and not the .dll, Terry's instructions seem to work perfectly assuming you follow them correctly step by step. At any rate, I read and follow them step by step, and I'm fixed now. Thanks again Terry.
John.
Hi John,
Sorry, I zipped the dll to save space and file transfer time.
The wininit.exe file is another file some people have lost due to the Trend Micro problem so I just added it in case someone needed it.
Glad that the solution worked for you.
Kind regards
Terry
Thank you Terry Downing2!
Your procedure solved the problem! After replacing the file I just started the service and that was all, the network error was gone.
Hi,
the problem is, that Internet Security-Pro in serveral configurations will delete as much as 140 files and propably more.
Here is a part of the protocol of the most important ones:
13.13 In Quarantäne C:\WINDOWS\system32\dllcache\wsock32.dll
13.13 In Quarantäne C:\WINDOWS\system32\dllcache\mprapi.dll
13.13 In Gesäubert C:\WINDOWS\SYSTEM32\WSOCK32.DLL
13.13 In Gesäubert C:\WINDOWS\SYSTEM32\MPRAPI.dll
13.13 In Gesäubert C:\WINDOWS\SYSTEM32\MPRAPI.DLL
00.27 In Quarantäne C:\WINDOWS\system32\dllcache\netui0.dll
00.27 In Gesäubert C:\WINDOWS\ system32\NETUI0.dll
00.27 In Gesäubert C:\WINDOWS\ System32\NETUI0.dll
00.21 In Quarantäne C:\WINDOWS\system32\dllcache\pstorec.dll
00.21 In Quarantäne C:\WINDOWS\system32\dllcache\PSTOREC.DLL
in some cases Trend Micro deleted even the 'servicepack2 exe-file'. Be aware that systemrecovery
from system-recovery-points will not work, because these files may be deleted!
To solve the problem is to restore the missing files from a service-pack expansion (i386-directory)
or from any other still running system. You only need to restore the missing files in
'c:\windows\system32\'. In one case I had only to install Servicepack3 to get everything OK.
I hope I can help anybody because I invested 4 Days on hard work to find a way to help my customers
to get their PCs running again
Your welcome.
Terry,
I was able to deleve nlasvc.dll but I can't seem to restore it. I took all the steps you listed off but the problem is I don't know what to do with it. I gave ownership to trustedinstaller but I have no idea where to go from there. Any help would be appreciated as I cannot update Trend Micro because I can't connect to the internet on my laptop. Thanks
OK... try restoring your computer back to before the Trend issue. Then run through each step of the path I documented.
You need to first get Internet access by the restore and then follow my instructions having access to the replacement files (VISTA Only).
You need to take ownership first
Do the repair and then return ownership to TrustedInstaller.
- I ran into this exact problem, but I do not have Trend running on my system. I went through system restore, and selected the September 2nd backup, skipping over others. (The only changes I can recall since 9/2 were a windows update and an install of an MP4 player.) The system was working yesterday morning when I checked out of a hotel, and would not work when I stopped late afternoon to check email at a WiFi hotspot.
The restore cured the problems. Thanks for the concise info. Now I need a windfall of some sort so I can replace all my Windows machines with nice Macs.
- Chuck - Was not able to login to retrieve the files - does this still work?
- I have just checked and yes they are.
I tried everything you said but still didnt work pls help...
Terry
Bit of an annoying problem this one...
I have removed nlasvc.dll using the command line as instructed and whan prompted to delete I did so. However, the file was still visible in C:\Windows\System32\ (its original location) - a bit strange considering I had just deleted it.
Despite this I proceeded to replace the erroneous file with the "new" nlasvc.dll file from the ftp site you recommended. Before returning the permissions and ownership to their original status, I tried starting the service through Computer Management\Services and Applications\Services... (where it was still descriped as; <Failed to read description. Error Code:2>). Upon starting the service I received an error message;
Windows could not start the NlaSvc service on local Computer - Error 5: Access is denied
This lead me to think the permissions and ownership needed to be returned before the service could be started - I returned the ownership to TrustedInstaller as instructed and tried again...same error message.
Furthermore, previous posters have reported working network connections despite the red cross and "Connection Status unknown, the dependancy....." error message. I have no connection and the WLAN light is off - does this suggest a hardware problem also ?
(Aside from this the Vista system restore stalls during initiallisation - hence this method)
Your assistance would be greatly appreciated, otherwise I can see this costing me a fortune to fix - Wait till I see them Trend boys !
Cheers
Alex
- i have deleted the file but i can still see it in the system32 folder, by replacing the file, am i suppose to drag the downloaded file into the system32 folder? hope you can help!
- Terry,
I spent all weekend trying to fix this issue and no solution worked until I tried yours. I grabbed the files, took ownership and replaced them and now everything works again. Thanks so much for your help. I was about to reinstall Vista and dreaded having to backup everything. Major thanks for your time and help! Glad it worked... if you have not already.. could you please tick my solution as useful.
Many thanks
Terry
Hi,
If you can still see the file after "deleting" then you did not take ownership and did not delete. It is best to delete the file and then "copy and paste" the new file. This was you make sure that you place the new file and not a shortcut. Remember to follow my instructions and return the ownership back to the same as other files in the system32 directory. It has worked for others with the Trend Micro caused problem so please try again and good luck.
Terry
If the WLAN light is off then there is a hardware problem. Is the WLAN on your computer or Router?
Try switching WLAN on as it may have been turned off.
If you use wireless access then you will not get any network connections until the hardware connection is resolved.
Have you used system restore to a date prior to the Trend problem before taking my solution steps?
Little concerned.. Atfer changing the ownership you should not be prompted to delete the file.
Once you have followed my solution steps you should be able to remove the old file, place the new one from my ftp site (see earlier message), change the ownership back to the same as other files in the system32 folder, reboot and the services should startup.
The error is because you tried to restart the service when the file ownership was not correct hence the access was denied.
Good luck
- however when i try deleting the file using the cacls command, they said something such as "invalid arguments." and a "NOTE: Cacls is now deprecated, please use Icacls."
so what am i suppose to do now as this occurs? TERRY THANK YOU THANK YOU THANK YOU! YOUR INSTRUCTIONS WORKED!
I've been missing my globe so much.
At first I had some problems with all of the instructions.
I tried system scan, which did absolutely nothing. Then I moved on to trying system restore, just to find out that I can only restore after September 4th, not September 3rd; again, this was useless. So I tried your instructions. At first, it didnt work for me, so I tried doing it in Safe Mode. On my computer Safe Mode made no difference, except that now I couldn't get connected to the internet so I had to get on another computer to review the directions. I figured out that my problem was when you run the cacls command. My username wasn't working but I used another username on my computer, got onto that name and then it worked perfectly. After using the files that you linked, I restarted my computer and voila! My globe was back!! =)
Good luck to those who are trying to resolve this problem. If you follow the directions, it will work perfectly.
Cracked it the end. I misinterpreted the instructions first time around.
Unfortunately, a WLAN hardware problem seems to have arisen at the same time although the device manager reports the card is working correctly. I thought the virus problem may have been related but it appears not.
This was the first time I had tried the system restore (new machine) so no idea if it ever worked.
Thanks for your help.
Thank You Terry ... Your solution worked great ... My globe has returned and my frustrations have vanished !
"May Your Camel Always Lead You To Water"
~SloughKing
Rock solid solution! Worked like a charm. Thanks!
- Terry,
Thank you for all the help you have provided the forum on this problem.
As I understand it, you recommend doing a system restore prior to the Trend Micro problem. Unfortunately my earliest restore point is 9/6/2008, which is after my problems started. Will deleting and copying "nlasvc.dll" still work?
Thanks. Hi meisterabe,
Not sure as I have not tried it but it can not harm to try.
Good luck
Terry
Hi chocolatefantasy,
cacls is just to change your rights on the file.
Used normal DOS delete command to remove the file.
Good luck
Terry
- Just replacing the "nlasvc.dll" worked like a charm. Thanks.
Now I have to figure out some of the other problems that started right around this time.
Have anyone come across any problems in the loading user profile because of the Trend Micro issue. Right around this time, Vista wouldnt allow me to log on because of problems loading user profile. I deleted my account and created a brand new one. The problems still happens intermittently. - is there anything wrong with the command? i tried the cacls command and i got an answer of invalid arguments. when i try deleting the file i was said to not have the permission to. i rebooted into safe mode and tried deleting again, however to no avail, i suspect there is something wrong with the cacls command but i have no idea whats wrong with it. hope you can help! thanks!
- hi terry
i got a similar problem too
and i have try to replace the file "nlasvc.dll" as you mention
i did this already but seen not work
and my firewall still cannot switch "on" too
what is my real problem is?
may you tell me why? - Was having this problem as well on one machine. Just installed Vista SP1 under the presumption that these might be files in that pack. Seems to be all fixed now.
- You fix works great Terry, I've marked your post helpful. Thank you for the help!
Hi Terry,
I just got a laptop from a customer with this problem - obviously they've had the problem a while, didn't have restores turned on and PC-Cillin got itself messed up enough to have to be re-installed...
Are the fix files still available for download? I am having problems with both links.
Edited: Tried again later in the day and all is well. Fix worked beautifully too. Thanks Terry!
Regards,
Thurls
Thanks Terry,
Your fix helped me get rid of the 'dependency service or group failed to start' message, but when I click on connect to network everything on the screen disappears for a while, except for the wallpaper and it won't show the network list.
This problem also happens when I try to install a Microsoft Update, when I try to empty the trash bin in Windows Mail and when I close Paint.
Does anyone here know a fix for this problem?
Thanks heaps,
Cameron
Camwich72,
I think you may have to open a new thread for that problem - this one has been marked as "answered" in the status bar.
Terry,
Thank you !! Your instructions worked ! Your the Best!!!
Brian
- I had the red x for weeks but my internet connection was ok. I did not have a restore point prior to the Trend corrupting the nlasvc file so I decided to leave well enough alone and accept looking at a red x knowing my connection was ok. I finally installed Vista SP 1 tonight and it fixed the problem and reinstalled new critical system files. So if you haven't installed SP1 yet - it looks like it fixes the problem.
I too have the same problem on Vista SP1 but am running Norton anti-virus which doesn't appear to have flagged the NlaSvc file. I cannot check the service logs as some of the service that failed to start included the service logging. Any ideas about how to debug this?
- hiiiiii,i have the same problem.
Can anyone upload the file in FTP server becuase it seems that they are delete it from server. Well i need help people
i got 'red' cross in my pc at the right bottom corner, in the taskbar
and show me:
Connection status: unknown
The dependency sevice or group failed to start.But i just only install NOD32 for anti the virus
since this iron appear
system
cannot start:
{firewall, window update, restore}
but can access internet
i use NOD32 run a scanning if there any virus, not found anyway
then i try go to Norton website
use their online checking scan the virus
also found nothing
Terry (or anyone else who did this successfully), What would my username be?
Thanks, Lezlie
HI Lezlie,
Your username is the name you click on to login to your computer at the welcome window.
Hi Tagco,
The ftp site and files are still there and accessable.
I just checked
Terry
Terry, I finally got it! thank you SO very much!! Now my new question is, do you recommend one of those registry scanning programs to keep this from happening again? Or at least a little easier to fix?
Thanks again,
Lezlie
- You say that you could think of replacing the nlasvc.dll, but where did you get the file from that you wanted to replace it with?
Thanks in advance. - Hi Terry.
I too have been experiencing ongoing problems with Vista being able to access the internet but with the network icon showing a red cross for up to 2 minutes (and thereby holding up any actions which require user authorisation).
I followed strictly your instructions, and copied both the nlasvc.dll file and the wextract.exe file from your site to my \system32 directory. As you suggested might be the caes in some instances, I had to do this in safe mode. I then changed ownership of both replacement files to TrustedInstaller.
On reboot, the problem with the red cross remained, and was actually worse in that it continued on (indefinitely) rather than clearing after c. 2 minutes.
I therefore completely reversed the exercise, and copied back my original files (I had kept a copy), but after another reboot I have the same problem as with the replacement files i.e. the red cross does not clear.
I looked in Event Viewer and I note that the nlasvc service is not starting as access is denied! I do not understand - both the nlasvc.dll file and the wextract.exe file show TrustedInstaller as being the owner.
Help, please.
Thanks. - i have tried everything on this forum. I still have the red X and my network connection says: "Connection Status Unknown The dependency service or group failed to start."
i have replaced the nlasvc.dll file with one from my desktop computer (assumed good). I also replaced the wextract.exe file. I took ownership, deleted, and replaced with ones from my other computer running Vista. I did notice on the secturity tab for these two files, it does not list Trusted Installer as one of the users. Should it? Thanks for the help.
I am running a new inspiron 1720. Ughhhh - Thanks Terry, I have been putting this problem off for a while. Tried your solution today and worked a treat. Appreciate the help.
I tried Terry's fix, replacing nlasvc.dll and reinstating TrustedInstaller as its owner, and it all seemed to work except that the service refuses to restart.
I am getting 'Error 5: Access is denied.' when trying to start the Network Location Awareness service.
What can I do?- Hello,
I know this is way late in the game, but I am having the same problems and I haven't had the time to deal with it until now.
Although I understand the escellent directions given by Terry, I am not able to find any files on the FTP site. I realize that they are probably gone by now, but was wondering if Terry is around and can help me with this.
Best regards and thanks in advance. - Mvining
Terry,
I am having the problem with dependency services or group failed to start.I have followed the steps that terry, recommended up to the point of ownership.
I am not too familiar with DOS so i am trying to catch on,
1 Do i just enter the command DEl or replace nlasvc.dll after owning the file?
2 after i have deleted this file,how do i go about replacing it ?is there a add command or replace command.
3 i have the file that i ftp saved on my desktop.
I am so sorry to bother you guys with these somewhat trivial question , but i am just trying to learn this.
P
I am having the problem with dependency services or group failed to start.I have followed the steps that terry, recommended up to the point of ownership.
I am not too familiar with DOS so i am trying to catch on,
1 Do i just enter the command DEl or replace nlasvc.dll after owning the file?
2 after i have deleted this file,how do i go about replacing it ?is there a add command or replace command.
3 i have the file that i ftp saved on my desktop.
I am so sorry to bother you guys with these somewhat trivial question , but i am just trying to learn this.
P- How in the world do I get this file to my other computer if I dont have any access to the internet? I don't have trend micro but I have the same problem as all of the others with " Fail to start "
Thanks
![](http://www.crossloop.com/TerryDowning?type=email" target="_blank"><img border = "0" src="http://www.crossloop.com/images/badge-sm-gray.jpg" alt="Get help from Terry Downing!"){kind=link}