Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not A Valid Win32 Application


  • Please log in to reply
15 replies to this topic

#1 Britarchivist

Britarchivist

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 05 April 2008 - 09:13 PM

So....Im not quite sure how to get rid of the virus that is causing this not a valid win32 app since it wont allow me to open and antivirus programs.


Probably infected other computer I am working on unknowingly...I have tried CCleaner and superantispyware but get the same not a valid....
did scandefrag, nothing obviously wrong in the JHJT log...
I download everything from reputable sites.
I know I haad that invalid win32 thing before and then downloaded superantispy and did some tweaks of the command prompt and SASW found a worm.
The sucky thing is we both have dialup, so I am trying to avoid having to wait hours upon hours for stuff to download and then not work because of the win32thing.

Edited by Orange Blossom, 05 April 2008 - 10:34 PM.
Moved to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Britarchivist

Britarchivist
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 06 April 2008 - 08:33 PM

??

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 AM

Posted 07 April 2008 - 11:41 PM

Hello Britarchivist,

What is your operating system: Windows XP, Vista, etc.?

What security programs do you have installed besides SUPERAntiSpyware? Please name them.

Do you remember what you were doing shortly before you started getting those error messages?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 Britarchivist

Britarchivist
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 08 April 2008 - 05:55 PM

hey
I have windows XP.
It is my hunch that in upgrading from 98se to XP I got the problem. I wasnt aware of having this problem with 98se.
WHen I had 98 I had AVg antivirus, but when I updated it for windowsXP I was continuely told that the installation files were corrupt, even though I got it from a safe site.

I cant think of anything specific I was doing when I started to get the error messages. I know I dont get the on all my programs.
Soon after getting XP I kept getting DLL problems for my two photo editing programs and had to completely uninstall, run CCleaner and reinstall to get them to work. They work fine now.

I was able to DL and run SASW without any problems.
When I ran it it fouhd and quarenteened system32/urdvxc.exe

I didnt see anything odd using HJT or screening through belarc

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:29 AM

Posted 09 April 2008 - 12:54 AM

Hello Britarchivist,

When I ran it it found and quarantined system32/urdvxc.exe


Can you please post the log from SUPERAntiSpyware when it quarantined that file?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 Britarchivist

Britarchivist
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 09 April 2008 - 09:29 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/03/2008 at 00:16 AM

Application Version : 4.0.1154

Core Rules Database Version : 3430
Trace Rules Database Version: 1422

Scan type : Complete Scan
Total Scan Time : 00:35:26

Memory items scanned : 334
Memory threats detected : 0
Registry items scanned : 6179
Registry threats detected : 0
File items scanned : 22991
File threats detected : 1

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\URDVXC.EXE

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 09 April 2008 - 11:14 PM

How is the PC running now ? What antivirus program is installed?

Please note that you are infected with a Backdoor /IRC Trojan. This is a serious infection and you shoud consider this PC security as compromised.

This is what it does/can do:
set up an FTP server
- set up a proxy server
- spread via Yahoo Instant Messenger and MSN Messenger by sending messages automatically
- port scanning
- packet sniffing
- log keypresses
- steal information from Protected Storage
- format hard drives
- disable certain anti-virus and firewall security software
- steal credentials for on-line sites such as e-gold,WorldPay and PayPal
- start a remote shell (RLOGIN)
- download and execute files from a remote location
- access the internet and communicate with a remote server via HTTP
- harvest information from clipboard
- take part in Distributed Denial of Service (DDoS) attacks


Many malware experts would recommend a Reformat as the only sure solution to having a trustworthy PC free of this infection. If you have kept financials,Credit Card Numbers, passwords for banking on this {C you must consider them stolen and need to be changed.
We can try to help clean this PC but there is no guarantee. You will need to decide how you wish to proceed.
Please read When should I re-format? How should I reinstall?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Britarchivist

Britarchivist
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 15 April 2008 - 06:27 PM

It seems to be running fine now, but I know that doesnt neccessarily mean anything other than at the moment its ok.
It IS running faster.
How do I figure out where it is coming from?
What is a good antivirus?
I have been trying to DL AVG antivirus but it keeps telling me that the files in it are corrupt and then it wont open up.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 15 April 2008 - 08:22 PM

Ok, well at least it's behaving better. First go thru Control Panel and remove AVG from there. Then go to our link Freeware Replacements For Common Commercial Apps and either download it again from there or choose another,perhaps AVast. These are good clean links. keep the super you've just used and update it weekly and before a scan. Also keep this next tool (Mbam)I want you to run and post a log back with.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Edited by boopme, 15 April 2008 - 08:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Britarchivist

Britarchivist
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 17 April 2008 - 06:35 PM

Malwarebytes' Anti-Malware 1.11
Database version: 639

Scan type: Full Scan (C:\|)
Objects scanned: 79768
Time elapsed: 18 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 17 April 2008 - 06:57 PM

So is it good now? Have you installed an Antivirus and scanned with that?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Britarchivist

Britarchivist
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 17 April 2008 - 08:55 PM

I dont know, Ill have to go to the library tomorrow to DL an antivirus....I only have dialup...LOL.
The only good thing I can say about dialup is I know DSL is more succeptable to crap bec of always being online.

Whats the best antivirus?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 17 April 2008 - 09:20 PM

I would suggest again for you to download an AV from the link in post 5. I'll suggest you try Avast. They are all free in that link so you can try them. Of course remember to only have ONE, AV installed.
Here's the link again.

http://www.bleepingcomputer.com/forums/topic3616.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Britarchivist

Britarchivist
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 22 April 2008 - 06:02 PM

I need the license number for it. it finally downloaded but needs the liscense number.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 22 April 2008 - 08:37 PM

Please go here at Avast and fill in the form.
Registration of avast! 4 Home Edition
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users