Jump to content

.exe blocked in Vista


Recommended Posts

I am by no means a computer expert, and I know even less about Vista. The virus or whatever I have seems to block all .exe programs. The issue starts with bootup when explorer says its running, but its not completely open. I can open the task manager. I close explorer and then go to file then open it again. At this point, exlorer seems to be fine. I can use internet explorer to access the internet, but I cannot run any programs at all (It does allow me to download items).

I have tried everything. My Windows One Live Care states that it cannot open. Everything else just sits as if trying to open then eventually states that it's not responding. I have tried to open Malwarebytes by changing the name and by trying to open it from a disk that I copied from another computer. There seems to be no way around it. I tried ProcessExplorer but find nothing strange (as far as I can tell). I have tried Windows Restore and that does nothing for me.

I can open Malwarebytes in safe mode and it comes back saying everything is clear. I downloaded and tried rootrepeal based on one of your postings, but it freezes after a minute. I followed your other steps and have attached the logs from the DDS program. I can only turn on the defogger in safe mode, so I'm not sure if that helps or not. This is the log I got from that:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 12:03 on 28/07/2010 (Susan)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

I have attached the ARK, DDS Log and the Attach log. I have tried everything I can think of and REALLY, really don't want to wipe my machine if I don't have to. Any help is so appreciated. Thanks!

ark.zip

Link to post
Share on other sites

Hello scottie210! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 8.1.4

You can read, how to do this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Step 3

Please, download exehelper from here save it to your desktop.

1. Run exehelper.

2. Press any key to close a black window which should pop-up.

3. A log named exehelperlog.txt should open.

4. Post the contents of exehelperlog.txt in your next reply.

Step 4

Go into C:\Program Files\Malwarebytes' Anti-Malware and you will see a file called mbam.exe Right click on it and drop down to Rename change the name to firefox.com From mbam.exe to firefox.com . Please, restart your computer.

Step 5

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. exeHelper log
  2. MalwareBytes' Anti-Malware log
  3. a new fresh DDS log only

Link to post
Share on other sites

Let me start by saying thank-you for all your help! I've been going crazy over this machine. I was excited when you brought up Adobe Reader, because I thought it seemed suspicious since it was 84MB. I had already tried to delete it, and couldn't. I get "Windows Installer Service Could Not Be Accessed." I browsed online and found how to start the installer program by going to administrative tools and then services on the control panel. When I selected to start windows installer, it stated I could not turn the program on in safe mode.

So, I rebooted in regular mode and attempted to use the uninstaller. It does the same as all other programs, just gives me the blue spinning circle as if its not responding. When I went into Services (under Aministrative Tools) while the computer was in regular mode, I also got the blue spinning mouse. It won't let me get anywhere. So, how do I safely delete Java and Adobe without using the usual Windows Install/Uninstall programs? I do have access to another computer, so can download anyting I need onto a disk to then place on this laptop if needed.

Once you tell me how to uninstall these programs, then I think I can easily follow all the rest of your instructions.

Thanks again!

Link to post
Share on other sites

I can run Exehelper in safe mode only. I cannot get Malwarebytes to run in normal mode no matter what I rename it. In safe mode it finds no errors. Somehow I have now lost the internet on this laptop. Most things I try are blocked (everything I touch becomes 'not responding') but I will attempt to get it back online. Until then, I can only retype on this computer what each logs say.

The Exehelper log basically says nothing. It just a few lines. It say 'checking for numerical processes, then sysguard process, bad processes, bad files and bad registry entries. All these lines end with three periods (...) and that is it. Then, it resets a few items: resetting filetype association for .exe, resetting for .com, resetting userinit and shell values, then policies. Again, all lines end with three periods. And then its finished.

The Mbam log also basically says nothing (again, this is the safe mode scan). Database version 4052. Quick Scan. Objects scanned: 113740. Took 4 mins, 45 seconds. All zeros for infected items list. And then 'no malicious items detected' for the next 7 items. And that's the end of the log.

The DDS log is more extensive. So, I looked it over carefully to note anything that is different from the log I already posted up above. Before, Microsoft Windows OneCare was the 5th running process. Now, it is NOT on the list. There are several differences in the Pseudo HJT Report. The beggining says:

ustart page = hxxp://www.google.com/

mstart page = hxxp://qwest.live.com

unInternet Settings, ProxyOverride = <local>

uSerachURL, (Default) = hxxp://www.google.com/search/?q=%s

***This is all quite different, and maybe shows why its not letting me get online?? The BHO lines listed next are identical. The TB lines are the same. URun and MRun are the same except for one URun that is now missing. That line was: [Download] "C:/users/susan/appdata/local/supportsoft/quickcare/susan/exec/ssget.exe" 120 "http://www.qwest.com/internethelp/quickcare/downloads/qcsetup_2_7.exe" "C:\users\susan\appdata\local\temp\qcsetup_2_7.exe

After that, another line is now missing: StartupFolder: C:\progra~2\micros~1\windows\startm~1\micros~3\officel2\EXCEL.EXE/3000

The IE's are all the same still. DPFs and the rest of that section are all the same.

For the next section, there is only one difference (this is the S2 - S4 log). The Microsoft Malware Protection log used to be an S3 and is now an S4. Also, the 5 digit code on the end is different. It changed to 53168.

The created last 30 is of course a bit different from the last few items that I have done. Find 3M is identical. And then its finished.

Sorry I can't post the logs properly. I'll try and figure out a way to add them to this log. I did run the computer in regular mode after running all these and nothing was changed. I couldn't get mbam to run still, even under its new name.

Link to post
Share on other sites

I understand you want to see the logs. As I said, the internet is now blocked on the computer. If you look at my last post, I was asking if I can safely use a jump drive to move the posts from the infected computer to my clean one so I can post those logs (downloading the info when in safe mode). But, you didn't give me an answer. So, again, can I use a jump drive, or how can I get the logs off of the infected computer?

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.