Jump to content

I need help, no exe programs will run


Recommended Posts

Hey people,

I need some help. I am pretty good at removing malware but I have one that is kicking my rear. I ran Malwarebytes, AdAware, Hijack this and got some stuff off. Before I could get Spybot to work, the malware Started killing all exe programs except for solitaire. I can watch any .exe program start in Task manager with a *32 at the end of it and then it just disappears, No errors, nothing.

I have tried the .exe fixes, checked the registry for the %1, etc, to no avail. I can't even get the HP laptop to run the restore program because, you guessed it, it is an .exe! I can't burn the restore disks or anything.

Another quirk of this system, System Restore points have been turned off by the "system Administrator" even though my user account is the only admin. Also certain control panel functions have been "turned" off. Clicking on them yields nothing. I also can't uninstall programs using Add/Remove programs. It is like certain things have been blocked. Certain admin privileges have been turned off.

All this happens wether in safe mode or not. File permissions have been changed on the C: drive.

I have tried renaming malwarebytes, spybot, etc. Some of the other tools like Defogger, Inherit,exe, MGTools, dds.scr, Security Task Manager, rkill.com, SREngLdr.exe but they will not run. I suspect a rootkit, but I can't run rootkit revealer. I even slaved it to an external drive and ADAware found another trojan and cleaned it up, but still did not help my lack of admin problems.

Any IDEAS???? I can't post any Hijackthis logs because it will not run.

Hey people,

I need some help. I am pretty good at removing malware but I have one that is kicking my rear. I ran Malwarebytes, AdAware, Hijack this and got some stuff off. Before I could get Spybot to work, the malware Started killing all exe programs except for solitaire. I can watch any .exe program start in Task manager with a *32 at the end of it and then it just disappears, No errors, nothing.

I have tried the .exe fixes, checked the registry for the %1, etc, to no avail. I can't even get the HP laptop to run the restore program because, you guessed it, it is an .exe! I can't burn the restore disks or anything.

Another quirk of this system, System Restore points have been turned off by the "system Administrator" even though my user account is the only admin. Also certain control panel functions have been "turned" off. Clicking on them yields nothing. I also can't uninstall programs using Add/Remove programs. It is like certain things have been blocked. Certain admin privileges have been turned off.

All this happens wether in safe mode or not. File permissions have been changed on the C: drive.

I have tried renaming malwarebytes, spybot, etc. Some of the other tools like Defogger, Inherit,exe, MGTools, dds.scr, Security Task Manager, rkill.com, SREngLdr.exe but they will not run. I suspect a rootkit, but I can't run rootkit revealer. I even slaved it to an external drive and ADAware found another trojan and cleaned it up, but still did not help my lack of admin problems.

Any IDEAS???? I can't post any Hijackthis logs because it will not run.

Update: I tried Process Explorer and RootReveal in regular and safe mode - no luck. How can I stop it from killing it in memory? I tried running 100 times (holding down enter) hoping one would slip through but no luck.... Hey I'm grasping for straws here...

Link to post
Share on other sites

The PC owner said just to reformat and wipe out all data. Let me know if anyone finds out how to beat one of these instances where no .exe will run to completion. I did notice that it (exe) will start and then end in Task Manager. Also I noticed in Resource Manager in Windows 7 that when I started it (exe program) it would start and then say it was Terminated. Do you guys know how to find out what is terminating these programs? What kind of program can intercept these programs and then kill them? I would like to know. I know it was a rootkit because a Rescue boot disk from Kasperky didn't find anything, but there was a file that was "password protected" however when perfoming a search for that file I was told it did not exist. So there was definitely something hiding on there. Oh yeah the user was using Limewire and MP3 Rocket (file-sharing sites) so I have no doubt that is where they got infected. The friend also brought me their other computer, which wasn't infected as bad, but it did replace the hosts file with an infected hostfile everytime you tried to rewrite the hosts file.

Thanks for Malwarebytes, for all you do.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.