Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows system and other programs not working


  • This topic is locked This topic is locked
6 replies to this topic

#1 Hunter-MX

Hunter-MX

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 15 February 2009 - 01:29 PM

Hello to all. New to the forum. Here is the issue...

When booting in normal Windows Vista Home Premium, Sony Vaio laptop, many programs will not open. receive an error of "This service cannot be started, either because it is disabled or because it has no enabled devices associated with it"

My first clues was attempting to open a winzip file. Further investigation showed several other programs affected as well.

When I went to Windows services I am unable to make any changes in anything. Cannot update, cannot create user accounts, system services, nothing.

When I downloaded several additional recommended spyware and cleaning tools they will not open, showing the same error as above, although a select few will.
All scans with available tools come up empty, both in normal and safe modes. Online scans also empty. downloaded and ran Combofix, knowing the risk, it would not open in normal but ran in safe mode, again no results.

When booted into safemode however everything will function there that is enabled.

Please let me know what other information is needed. I am not new to computers but I am new to asking for help. I can usually find my way out of most situations but this one has me perplexed. Thanks

PLEASE don't ignore this because I ran Combofix. The program was found in a google search and I did not know using it would affect my ability to receive help with this issue.

Edited by Hunter-MX, 15 February 2009 - 03:53 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 15 February 2009 - 08:28 PM

Hello I feel we have a Vundo infection. i want to try to Run SAS and/or MBam. SAS runs stronger in Safe mode and since you are doing well there we'll try that. Run from your regular user account.
Here are some tips too get MBAM to run. Renaming and running from the CD may also work if SAS has difficulty.

TIPS
Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.



If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


SAS instruction

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

MBAM Instruction
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Hunter-MX

Hunter-MX
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 15 February 2009 - 10:44 PM

Thank you for the reply. To start at the top, I am totally unable to install or uninstall any programs. The situation seems to be getting progressively worse. I do have internet access. I had installed MBAM before it got this bad. It will not run in normal but will in safe mode. Downloaded SAS but am unable to install it. I tried everything in tips to get them to install or run but always receive the same error..."This service cannot be started, either because it is disabled or because it has no enabled devices associated with it"

downloaded ATF and was able to run it in safe mode as well.

Running MBAM in safe mode showed 0 infections.

Not sure what my next move should be. My firewall has been disabled, I cannot access any windows services. Again thank you for the time and if you can continue to guide me I will be eternally grateful.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 17 February 2009 - 01:34 PM

Hi sorry for the delay. i have been trying to find an alternative.
Looks like this PC's infested into the registry. The two options left are getting some kind of log to the HJT team or a full wipe of the drive. bleak I know. So let's see if we can produce a log. Some of these may sneak past the malware.

Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Hunter-MX

Hunter-MX
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 18 February 2009 - 12:10 AM

Thank you for getting back to me, sorry for my impatience. I am unable to run either program listed. Am I about out of options?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 18 February 2009 - 09:58 AM

i have another...
If you cannot get DDS to work, please try this instead.

Please download runscanner.zip and save to your desktop.
Create a new folder on your hard drive called Runscanner (C:\Runscanner) and extract (unzip) the file there.
(click here if you're not sure how to do this.)
Double-click Runscanner.exe to launch.
Select Beginner mode and click Ok.
Select Do a full scan and save a log file (default is Full Scan) to start.
Please be patient and do not use your computer during the scan.
When the scan is complete, a window will open asking you to save runscanner.run. Click Cancel.
Another window will open asking you to save runscanner.log.
Save it to your desktop and "Save as type: Runscanner log file [*.log].
The log file will automatically open in Notepad.
Go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
Copy and paste the contents of the log file into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Exit Runscanner when done.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If Runscanner did not work, then reply back here.


Oh and another..
Download and install WinPatrol.
*During installation, it will create "Scotty the dog" icon in your system tray.
*Right click on the icon and choose Options.
*Under the Options tab click on Hijack Log.
*WinPatrol will scan your system and create a hijackthis log for you.
*When the scan is complete, notepad will open with a file named HijackPatrol.log
*Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
*Exit WinPatrol when done.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 AM

Posted 18 February 2009 - 03:57 PM

As per your PM to me I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users