Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xxx.exe Is Not A Valid Win32 Application


  • This topic is locked This topic is locked
9 replies to this topic

#1 dangerfield

dangerfield

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 22 May 2008 - 02:11 AM

Hi,

I really need help.

I seem to have become infected with some kind of virus that is slowing the system right down and has blocked pretty much all of my anti-virus and malware software.
If I try and run these programs I get the message "xxx.exe is not a valid win32 application".

I read the "this topic" above and followed everything, however

> dss.exe didn't seem to run correctly, it gave me the ".. I will inform you when I am finished" message, I clicked ok and it was gone
and then after a few seconds the system froze, including mouse. This released after a few seconds and nothing else happened. I tried
a few times.

> I scanned my computer with the Kaspersky Online Scanner. It told me that the scan was fine. I have posted the report below.

If anyone can offer any help it would be really appreciated.

Dangerfield.

Thursday, May 22, 2008 4:16:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 792525
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\danger\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 36104
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 02:56:44

Infected Object Name Virus Name Last Action
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\ASPSess.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_70c.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_cc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\DOCUME~1\danger\LOCALS~1\Temp\~DF8ED0.tmp Object is locked skipped
Scan process completed.

BC AdBot (Login to Remove)

 


#2 dangerfield

dangerfield
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 22 May 2008 - 02:13 AM

In addition, I can not turn on a firewall as I get the same message when opening SYGATE, and Windows Firewall has a problem and can't open.

#3 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 22 May 2008 - 02:19 PM

Hi, Welcome to Bleeping Computer Forums!

My name is Renato Mejias, and I will help you to solve your problems :thumbsup:.

You might want to save this page on your favorites, so you can find it again when you return.

Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#4 dangerfield

dangerfield
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 22 May 2008 - 04:13 PM

That's great and I really appreciate it.

So, what should I do next?

#5 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 23 May 2008 - 09:31 AM

Hi,

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#6 dangerfield

dangerfield
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 24 May 2008 - 05:41 AM

I followed these instructions and ran combo fix.. I tried it 10/11 times, each time it would get further into the process and a few times almost finished but would always end up hung...

The 12 time I restarted it it went BLUE SCREEN OF DEATH on me and now I get the message " Unmountable_boot_volume" every time I try and start the computer. :thumbsup:

I tried booting into the recovery mode from the XP Disk and chkdsk but it told me the boot system had one or more unrecoverable errors.

Has the virus or COMBO FIX destroyed the disk?

#7 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 26 May 2008 - 05:59 AM

Hi,

Has the virus or COMBO FIX destroyed the disk?


ComboFix is not programmed to go anywhere near the partition table.

Please try to use Partition Table Doctor to fix the boot sector.

http://www.ptdd.com/

PS: Look the instructions on that site.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#8 dangerfield

dangerfield
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 26 May 2008 - 03:48 PM

thanks.. as a lot of time has now passed I decided to just reinstall windows..
I really appreciate your time and efforts..
:thumbsup:
you can close this thread..

#9 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 May 2008 - 08:42 AM

Hi,

thanks.. as a lot of time has now passed I decided to just reinstall windows..


Yes maybe the best choice. :thumbsup:

Anyway, I will give some instructions to keep your computer safe.

Please do eight steps:

Step 1: Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into

Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are

currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Step 3: Use an AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

Step 4: Update your AntiVirus Software
It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Step 5: Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in it is default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Step 6: Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Step 7: Install an Anti Spyware software
It is very important to be safe. Look this list and choose one to install:

Virus, Spyware, and Malware Protection and Removal Resources

Step 8: Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum.

Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

Edited by RenatoMejias, 27 May 2008 - 08:42 AM.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#10 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:04:22 PM

Posted 03 June 2008 - 10:48 AM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users