Jump to content

Really bad virus


Recommended Posts

Hi, my computer got infected yesterday and even though I ran system restore to two weeks before the virus showed up it is still on my computer and getting worse. I ran MWB and Windows Defender in safe mode and neither one of them picked up any problems. I tried to manually update MWB but am not allowed to. I also tried to download some other antivirus programs but when I try to install them, by clicking the icon I downloaded, I get an error message saying that it is not a valid Win32 application. The same message came up when I tried to use ComboFix. Now the virus is putting porn icons and other junk on my desktop.

The processes which are running are:

symlcsvc.exe

wscsvc32.exe

wmsdk64_32.exe

taskmgr.exe

rundll32.exe

cmd.exe

file.exe

helpctr.exe

helpsvc.exe

ehmsas.exe

wscntfy.exe

msmsgs.exe

CCSVCHST.EXE

FirefoxPreloader. . .

explorer.exe

dllhost.exe

sprtcmd.exe

ctfmon.exe

YahooMessenger.exe

wmpnetwk.exe

firefox.exe

mcrdsvc.exe

isch.exe

ViewpointService. . .

wmiprvse.exe

svchost.exe

PCMService.exe

WLTRAY.EXE

svchost.exe

ehtray.exe

SynTPEnh.exe

svchost.exe

MagicDisc.exe

svchost.exe

MsMpEng.exe

svchost.exe

AluSchedulerSvc. . .

svchost.exe

lsass.exe

services.exe

winlogon.exe

aspnet_state.exe

csrss.exe

alg.exe

svchost.exe

jqs.exe

MRT.exe

m.exe

svchost.exe

BCMWLTRY.EXE

WLTRYSVC.EXE

ehSched.exe

CCSVCHST.EXE

ehrecvr.exe

jusched.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

System

System Idle Process

Link to post
Share on other sites

I meant MBAM when typing MWB, sorry. Any help would be truly appreciated. I uninstalled Adobe Reader, Viewpoint Media Player, and Java after running MBAM again in safe mode. The last time, it did find and remove two files. Here is the log from that:

Malwarebytes' Anti-Malware 1.38

Database version: 2374

Windows 5.1.2600 Service Pack 3

7/31/2010 7:39:56 PM

mbam-log-2010-07-31 (19-39-55).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 253650

Time elapsed: 2 hour(s), 34 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\file.exe (Trojan.Agent) -> Quarantined and deleted successfully.

There is definitely still a virus, worm, or whatever on this machine, though. Any links from search engines are being redirected and random webpages are popping up from tabs that open by themselves. I can't download Avira antivirus, because of the whole "not a valid Win32 application" thing. Same for the Defogger and DDS.

Please help. Thanks

Link to post
Share on other sites

No matter what I try to do to get rid of this thing, if it involves any kind of .exe file, I get the same error message. ____.exe is not a valid Win32 application. It's beyond frustrating, and I tried changing the name of the file so that it didn't have .exe, but when it downloads to my desktop the .exe is back again. I don't even know if the file name has anything to do with it anyway. Anyway, I just figured I'd bump this and hope that I'd get lucky and someone would be able to help me out. Thank you for reading this.

Link to post
Share on other sites

Hi,

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Link to post
Share on other sites

Thank you for responding to my cries for help!

The only problem is that I get the same Win32 error message when I click on exeHelper.com from my desktop. :/

Another new development is that now after my computer has been on for 10 or 20 minutes I get the blue screen telling me that my computer has to shut down. I never wrote down the exact message, but if it would help I can do that and post what it says.

Link to post
Share on other sites

Hi,

Then I think it's probabbly best to work outside Windows.

Follow these first steps on another PC:

First, copy this scan.txt to a USB drive.

Please print these instruction out so that you know what you are doing.

OTLPEStd.exe

Size: 97,697,047b / 93.1Mb

MD5: E29EEBA00CCA665A2F04B8695469D986

  1. Download OTLPEStd.exe to your desktop.
  2. Ensure that you have a blank CD in the drive.
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  4. Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here.
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads. :D
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy.
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location.
  9. When asked "Do you wish to load the remote registry", select Yes.
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
  12. OTL should now start.
  13. Double-click on the Custom Scans/Fixes box and a message box will popup asking if you want to load a custom scan from a file.
    Select Scan.txt on your USB drive.
  14. Press Run Scan to start the scan.
  15. When finished, the file will be saved in drive C:\OTL.txt.
  16. Copy this file to your USB drive if you do not have internet connection on this system.
  17. Right click the file and select send to : select the USB drive.
  18. Confirm that it has copied to the USB drive by selecting it
  19. You can backup any files that you wish from this OS
  20. Please post the contents of the C:\OTL.txt file in your reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.