Jump to content

An infected PC that seems impossible to repair


Recommended Posts

Hi,

I don't know if what I am about to describe is a virus, malware or a variant. I look upon Malware as a non-destuctive intervention of the normal behavior of your Operating System with intent to harvest your assets, like passwords, banking info, credit card data, et al. A virus usually wants to damage your OS and/or data, generally speaking. I know, generalizations <g>.

The following is happening to a good friend using a Windows XP system with access to the Intenet via Verizon FIOS.

(1) The Windows XP boots up/logs-on with no message or indication as to what has its full control.

(2) Not sure if the infection was from the Internet Browser (probably), email, or a trojan in a program.

(3) Bottom line, no .EXE or .COM program will run, except for Firefox and maybe a few other executables.

(4) Any attempt to run Malware Bytes, System Restore, Task manager, Registry Editor, and virtually every other program generates an error message something like: THIS PROGRAM WILL NOT START.

(5) Email works, Firefox works, Downloads work, Copy, Cut and Paste work, renaming a file works, etc.

(6) Tried to rename Malware Bytes to FIREFOX.EXE, and it will not run, nor will renaming the REGEDIT program or SYSTEM RESTORE to FIREFOX.EXE.

(7) I downloaded EXE_FIX.REG to fix the registry if that is a problem and it will not execute.

(8) I rebooted to SAFE mode and the same problems exist.

(9) I rebooted to SAFE mode and signed on as Administrator, and same problem exists.

(10) I was wondering if GROUP POLICIES and some scripting was behind the infection but I can't get to that data and I somehow doubt it is the cause. This feels like a sinister infection with a targeted attack on the OS, FWIW.

QUESTION:

Since FIREFOX.EXE works in the MOZILLA folder, why can I not put Malware Bytes in that folder and rename it to FIREFOX.EXE and have Malware Bytes install?

Could it be that the Malware has a copy of Firefox in a protected space and that is what runs when the Firefox Shortcut is executed and not whatever you have named FIREFOX.EXE in the Mozilla directory.

Unfortunately, my friend is living in another state and I communicate via phone. I think he is getting ready to regen from his Windows XP disc and kiss this problem goodbye. If anyone has a solution, let me know and I can try it with him. This friend is about a 2 on a range or 0-10 rating his computer skills so I can't have him take out the drive, place it in an external enclosure and run Malware Bytes from another Windows system.

Thanks,

Gary Parent

Link to post
Share on other sites

Welcome Gary Parent -

The FAQ area Here lists at Issue #4 a chance of a quick solution -

4 :ISSUE: I need to get the latest database onto a computer that cannot access the Internet.

SOLUTION: You can manually copy the database from a working computer using a flash drive or CD onto the infected PC. Our database file is stored in the following locations.

Windows XP and 2000

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Windows Vista and Windows 7:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

You can also download a manual update from Here - NOTE: This manual update will always be way behind in version level compared to updates from within the program -

Unfortunately, as they are badly infected, the answer I have left below is the one that is the main one that they should aim for when they can -

As we don't work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow the directions Here, skipping any steps you are unable to complete. Then post a NEW topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via Here

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You - :rolleyes:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.