Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 Dreleek


  • Members
  • 1 posts
  • Local time:08:12 PM

Posted 25 January 2008 - 10:19 AM

Ok, I used combofix to clean my computer of some maleware and it worked. However, now I cant open QuickBooks and the .NET Assembly Registration Utility keeps encountering a problem and closeing.

This is what happened:

1. Ran Combo Fix - it worked - then deleted all of the combofix files.
2. Noticed that the QB Database Server Manager needed to close because it encountered a problem.
3. Tried to open QB and found that it wouldn't.
4. Then the Microsoft .NET Assembly Registration Utility also encountered a problem and needed to close.
5. I tried to repair QB through the add/remove programs utility and during the repair it gave me two error messeges...
A. Error 1328. Error applying patch to file C:\Config.Msi\PT118.tmp
B. Error 1328. Error applying patch to file C:\Config.Msi\PT11B.tmp
I tried to find the folder and files it was talking about and I couldn't anywhere on my PC.
6. I then tried to use the QB reboot.bat file to register all of the .dll files and that didn't do anything either.
7. I uninstalled QB completely and then reinstalled it, that also did nothing.

I am Running Windows XP and QB 2008 Premier Edition.

I have looked on a dozen forums to find out how to fix this and I cant find anything, I really need some help!
Please if you know anything let me know!

Edited by Dreleek, 25 January 2008 - 10:25 AM.

BC AdBot (Login to Remove)


#2 Papakid


    Guru at being a Newbie

  • Malware Response Team
  • 6,663 posts
  • Gender:Male
  • Local time:07:12 PM

Posted 25 January 2008 - 11:46 AM

Well, this may sound like hindsight and beside the point to you , but no one should ever use ComboFix without the direct supervision and helpful guidance of a trained malware removal specialist. Even tho I also like to try to figure out my problems on my own, there is good reason for the disclaimer that tells you not to run CF by yourself, which you chose to ignore.

I'll give you a few. One is even tho whatever symptoms you had may have gone away, it doesn't mean necessarily that you're malware free. Malware is very sophisticated nowdays and usually add a new twist, so something else may have been added that CF didn't know about and thus wouldn't address that could possibly add yet more malware to your system.

If you had posted the proper logs and given a description of what was happening in the HijackThis Logs and Malware Removal forum we would know better what we are dealing with. For example, there are extortionware out there that will encrypt such sensitive data that QB deals with and demand payment from you so that you can get access back. Without the hard data of the logs, that you say you have now deleted, we have very little to go on as far as hard evidence if this were to be the case.

So my suggestion as a first step is to follow the instructions in the following topic to get a HijackThis log posted: Preparation Guide For Use Before Posting A Hijackthis Log

Give a description of your problem as you did here and we can get an idea if anything else is hanging around. We can also get input from ComboFix's author--if CF is doing something that affects other programs like QB he wants to know about it, but we need to see data from logs.

If you do so please post a link back here.

I'm far from an expert on Business apps and never run QB, but know a bit about software. So if you do want to go ahead on your own with resolving this I can tell you that CF aggressively deletes temporary files and folders (as malware uses them extensively), so the reason you're getting the errors for the repair is probably because the .tmp files listed no longer exist.

The Config.Msi is related to the Microsoft Installer. If reinstalling QB gave no joy, MSI may be borked and I would look into possibly reinstalling The .NET framework also as well as visiting Windows updates. IOW, get your environment working correctly and updated before attempting to install.

More info on the MSI folder here: http://www.pchell.com/support/configmsifolder.shtml

Someone else may have some better and specific ideas for you.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users