Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.exe files not working


  • Please log in to reply
8 replies to this topic

#1 tettra

tettra

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 28 January 2009 - 04:03 AM

hello, I've been working on this problem for a good while, hope someone here may be able to help me. last night I had a messege on my pc (can't remember if it was spybot or a windows program) saying that my computer was under the attack of a keylog program. I proceed to do some virus scans with spybot and avg. avg only reported tracking cookies while spybot reported multiple trojans. I started getting meseges repeatdly from spybot saying a program was attempting to change the values on some reg files. After constanly hiting deny, it finnaly stoped. then i noticed that all my shortcuts on my desktop turned to unknow types one after anther. kinda worried at this point I waited for the last virus scan to end and restarted my computer. now the only files that work are firefox, winrar, picture files, wordpad files, and .flv movie files(vlc was unaffected). I have all my data backed up, but cannot prefor a system recovery or restore. My computer did not come with a windows xp cd so I'm screwed on reinstalling it looks like.
I already took some advice from anther post on and ran a virus scan with http://housecall65.trendmicro.com/ and currently preforming anther as I type. the first scan found some more tracking cookies, 2 adwares, and a trojan. curently on this scan i got the same adware "VIRTUMUNDO". My exe files are now LNK files if that helps at all.
I also tried various reg fixs from this site http://www.dougknox.com/xp/file_assoc.htm, but i am getting a error messege when i try to import them. had to pull up regedit through dos promt.

my control panel is broke too......

just kinda in limbo now on this, I don't know what else to try, any help would be apreciated

BC AdBot (Login to Remove)

 


#2 tettra

tettra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 28 January 2009 - 04:48 AM

ok further digging i found out that most of my programs still work (no luck with windows media player) but the file extenions are missing. still unable to run exe files unless a file type of that exe is used (I.E. songs open up VLC, but I canot open VLC)

#3 tettra

tettra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 28 January 2009 - 06:07 AM

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ulead.com.tw/uleadAP/push/dopus...amp;TYPE=320103
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: run_startmenu.cmd
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231706329734
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll vjtkxx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5611 bytes

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:18 PM

Posted 28 January 2009 - 09:33 AM

Well...if I had a number of unknown problems on a system...and I had been laboring over a considerable time period to deal with each one...unsuccessfully...I'm pretty sure I'd do the clean install routine.

I don't believe in alchemy...sometimes you just have to say "I need a good base to begin with", rather than "I need to solve all of these problems and make it better."

It happens...but I don't think it happens very often when malware situations are at the root.

As for your lack of apparent reinstall media...that can be overcome if you want to do so.

If you have a valid key/license, all you have to do is either borrow or have someone burn you a copy of their Microsoft XP CD. Lack of a valid key/license cannot be overcome.

If a "brand-name" system, you can probably obtain recovery/reinstall disks from them.

System manufacturer and model?

Louis

#5 tettra

tettra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 28 January 2009 - 11:03 AM

I have the xp license on the pc, so i guess i can try and burn a copy to disk. model is a older emachine pc which is a branch of gateway btw. I dunno if they have recovery software or not though.
thought i made some progress with the matter, but i got back to square 1 real fast. I did the dos command to try and get to system recovery. it acted like it was gonna load but hung. then I tried a dos command that was suppose to reset the windows files (forgot the command somthing like syn scandisk)
Windows is starting to give me errors now instead of just doing nothing so i guess it helped a little bit. whenever I click on the system restore option now i get a error saying
"C:\\windows\system32\restore\rstrul.exe
this file does not have a program associated with it for preforming this action. Create an association in the folder options control panel."

Thank you by the way for responding, I was close to trying to come up with a way to buy vista T.T.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:18 PM

Posted 28 January 2009 - 03:17 PM

I don't use XP's System Restore function, so there's not a lot I can tell you about that.

You may want to take a look at a couple of the posts at http://www.google.com/search?hl=en&q=s...amp;btnG=Search

Louis

#7 MochaBeauDog

MochaBeauDog

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 January 2009 - 03:20 PM

Can you boot in Safe Mode? If so does it work ok then?

#8 tettra

tettra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 28 January 2009 - 10:09 PM

ok back, sorry for the delay. I couldn't load in safe mode, the pc would lock up.

after seraching online for a copy of windows with out luck i tried the system recovery option through dos promtp and was able to reinstall xp from it. Thanks for the help guys, I apreciate it alot. I dunno if this will help anone else but i did these commands through dos to start the recovery.

cd\windows\sminst\start start.exe /run

just got done reinstalling myself and everything is in prper order, any advice on programs to stop events like this in the future? been using avg and spybot myself. do you think I need more?

#9 pastorn1

pastorn1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 29 January 2009 - 05:39 PM

Hi tettra
Try Malwarebytes antispyware program.
I got Virtumonde in my computer and it is almost impossible
to get rid of. The only soft that did the trick was Malwarebytes.
I also used Spy Bot Search and Destroy before, but it only took away some of the
virtumondo files.

Regards Pastorn




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users