Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Plus Was2007 == No Desktop + System Restore == No Windows Installer


  • Please log in to reply
2 replies to this topic

#1 cricel472

cricel472

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 30 July 2007 - 03:56 AM

So, today while browsing with Internet Explorer 6.0 in Windows XP a site that didn't seem to be working in Firefox properly (my normal browser) I noticed a popup window appear in the background, for "golden casino" -- such things not being uncommon, I just ignored it. Except then... a command line window also appeared up for a split second and before I could react and close it, or at least read what it was doing, it was already gone. My heart sank as I knew something very, very bad was about to happen.

Very shortly thereafter, "Win Anti Spyware 2007" began downloading itself. I could not stop this process normally, tho I did terminate all strange processes immediately in the windows task manager. However, I still had no idea how to undo what had been done, so, hoping that a reset would be all it would take to stop this, I did that. When my machine came back on, I had no desktop icons (but I did have my wallpaper), no right click context menu, no start menu / taskbar, so basically nothing, although win anti spyware happily finished its installation... After that, the only thing I could do on my computer was ctl-alt-del for the task manager, where a few strange processes were which I canceled (I didn't write them all down). I tried to get explorer to open back up by running explorer.exe in the run box you can get from the task manager. This would pop up an alert window for a split second and then... nothing. So, after popping up that little alert window a million times, I read enough bits to understand that it had "yes" and "no" buttons and some comments about the system restore tool. As I had used system restore in times past when bad drivers had been installed for some cheap hardware I got, I figured this would be the ticket. So, I picked that ("no" was the button to give you this) and restored from this morning. My computer did at least appear to reset back to its old state, I was able to remove all visible parts of Win Anti Spyware 2007 (a few installation directories) but now, attempting to install some malware removal tools (ad-aware, spybot, etc), I always get an error "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode [I'm not], or if the Windows Installer is not correctly installed. Contact your support personnel for assistance." I attempted both method 1 and method 2 in the instructions from Microsoft: http://support.microsoft.com/kb/315346 (i.e. re-register then reinstall) but still I cannot install anything. I tried also to uninstall something, to see if it would work, and it doesn't. So, my machine now seems locked out of installing or uninstalling.

Are there any suggestions on what I can do to clean this mess up -- any or all of: the trojan that installed WinAntiSpyware2007, any remnants of WAS2007, perhaps an explanation why my desktop icons/etc disappeared (is explorer.exe corrupted?...), and of course the Windows Installer's glitch?

BC AdBot (Login to Remove)

 


#2 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:04:04 PM

Posted 30 July 2007 - 04:29 AM

Hey cricel472 and :thumbsup: to BC

I would read the following article found here and follow the steps for your operating system. This is just to see is the trojan only disabled access to the service. If it works, then try to install the antivirus/antispyware measure you were trying to download.

If not, the download the installer here and install it. Its the windows installer package. Then try installing the programs

Good luck! :flowers:
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#3 cricel472

cricel472
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 30 July 2007 - 08:00 AM

Your very quick response is much appreciated, however, I have already done all of that -- the microsoft instructions that I linked to cover all this and more. I attempted to re-register the Windows Installer service ("msiexec.exe /regserver") and even attempted to restart the service itself, which gave me this error: "Could not start the Windows Installer service on Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion." When those attempts both failed, I did the rename and reinstall of the installer as described in the microsoft KB article. I really think the trojan, or something it installed, did something to the installer program/service itself, perhaps changed where windows thinks the service is or something -- I cannot imagine how the service *after being reinstalled* could possibly continue in this fashion unless something deeper is affected here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users