BleepingComputer.com: Recovering? from XP Home Security

I was having a problem with "XP Home Security" (started in this thread). I am running XP (SP3) on my Toshiba Satellite A100, and have Avast! Antivirus and Malwarebytes' Anti-Malware. Besides the three days when I tried to update malware protection programs, I have been without internet access and have been restricted to using a public library and a USB drive (otherwise I would have been able to promptly reply to the help post in the other thread).

Since I hadn't seen any replies on this forum, I continued looking online - not being able to use the internet on my own computer (since its overall function seemed impaired and I didn't want to risk further infections), I found recommendations to try CCleaner, and Malwarebytes' Anti-Malware. Both of these I installed in safe mode (Administrator) since nothing would install and many functions including the browser and firewall would only resume "qgy.exe" which "XP Home Security" was masquerading under. Both of these ran, seemed to solve the problem for the moment, then XP Home Security would begin popping up when I rebooted into normal mode. Eventually I was able to directly plug the laptop in and could use Safe Mode with Networking. This allowed Malwarebytes' Anti-Malware and Avast! Antivirus to update. The latter never found anything but after another day and another try Malwarebytes found an infected file under "C:\Documents and Settings\toshiba a100\Application Data" and removed it.

Now I don't see any sign of XP Home Security when I boot in either mode, but the firewall which XP Home Security disabled can't be re-enabled. Trying to open it in the Control Panel opens an error window stating "C:\Windows\system32\rundll32.exe" Application not found. However, I looked myself in that directory and rundll32.exe is still there. I browsed for a solution to this and discovered an alternate directory in my computer that should also have rundll32.exe, and tried to copy it. The file size was exactly the same. I thought to try downloading a program to scan and repair Rundll32.exe files, but then I discovered that executable files won't run - instead the computer acts as if it's an unknown file and opens the "Open with: Choose the program you want to use to open this file". I cannot open the windows Firewall, nor directly run any other programs.

However, I can run programs with a right-click menu extension (such as Avast! Antivirus or Malwarebytes). Since I'd recently updated Malwarebytes, I knew that the computer COULD connect to the internet, so I tried to open Firefox to search for a solution. The same window appeared, but I selected Firefox and it opened a Firefox window with gibberish that I assume is the shortcut's code. Typing into the URL then began browsing as normal (and allowed me to complete what searches I needed). However, I still can't run programs directly or reestablish the firewall due to the "Application not found" or "Choose the program you want to use".

Also, if any are still curious I tried to follow "SweetTech"s suggestions, but in safe mode I received an error "This program is not configured to run in safe mode" with Rootkit UnHooker, and in normal windows it gives the same "Choose the program you want to use". The only good news is that the week before XP Home Security hit, I backed up what data I had on the laptop's HDD, so reformatting is an option.

Mithlas, on 04 June 2011 - 09:54 PM, said:

remove and fix xp home secruity

follow this guide and it should remove your problem also from your malwarebytes log post here so we can look at it

This post has been edited by herg62123: 05 June 2011 - 12:55 AM

Running "Fix NCR" seems to have repaired the problems. The firewall finally reset without problem and all of the executables that I've tried are running normally.

Thank you and the other assistants on this forum, I've been using the site for a couple years but until this hit had never had to post myself until this hit.