Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Kaspersky, Clamwin, Spybotsd - Not A Valid Win32 Application

  • Please log in to reply
1 reply to this topic

#1 easyb


  • Members
  • 1 posts
  • Local time:12:00 PM

Posted 20 January 2008 - 11:46 AM

Got infected and trying to run removals. All get response like
"not a valid Win32 application"
Can run Hijackthis and Combofix. Logs attached.

Identified malware using AVG scan from a Ubuntu 7 live CD.

Seems that "c:\windows/system32/drivers/down" is being populated with nnnnnn.exe files of various sizes, repeatedly.
System Volume Information had infection, shared and cleaned (I think). Occasionaly I see such a file running in TaskManager and I kill it.

Most troubling now, cannot run malware removal programs like, Kaspersky, Clamwin, SpyBotSD.
Also, free disk space on C: increased some 7GB (120GB disk, had 5.3GB free before infection).

an update
1. Tried to run the removal program once more before sending the logs, THEY ARE ALL CAPABLE OF RUNNING
seems that the Combofix deletions DID help.
2. Free space on C: now up to 15GB

Would you please email *** if you have information, Thanks.

Thanks all for help

Mod Edit: Email address removed to protect against spam ~TMacK

Attached Files

Edited by TMacK, 20 January 2008 - 12:36 PM.

BC AdBot (Login to Remove)


#2 RichieUK


    Malware Assassin

  • Malware Response Team
  • 13,614 posts
  • Local time:06:00 PM

Posted 26 January 2008 - 04:02 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users