Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot install ComboFix or any Anti Virus Software


  • Please log in to reply
9 replies to this topic

#1 jpoling

jpoling

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 24 February 2009 - 10:09 PM

Hello, I am new to this forum so hopefully I don't screw this up. Okay here are the problems. Upon loading the desktop active desktop shows it failed. I cannot install any antivirus software. When I try to install the files I simply get no response. I have tried 6 different options Malware Bytes, SuperAntiSpyware, TrendMicro, BitDefender, Spybot and ComboFix. I was just trying to get anything to run a scan and nothing will work or even install. The desktop image is locked from editing. I now have Charter Communications Security blocking misc .exe (wcxc8mlfbc.exe)and .tmp( 9A12.tmp) programs while I am trying to access the internet. I noticed in msconfig there are many startup files that have garbled titles that continue to appear after being removed. System lock ups are happening frequently. When I try to access the C:\Windows folder or connect to the internet an internet explorer or firefox window opens looking for onlinenotify.net. Does anyone know whats going on?

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:43 AM

Posted 24 February 2009 - 10:42 PM

http://www.threatexpert.com/report.aspx?md...9b73d39d373916b

A malicious backdoor trojan that runs in the background and allows remote access to the compromised system


I would suggest making preparations for posting in the HJT forum


http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Chewy

No. Try not. Do... or do not. There is no try.

#3 jpoling

jpoling
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 24 February 2009 - 11:01 PM

Okay I will start right away.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:43 AM

Posted 24 February 2009 - 11:03 PM

If you need help with any of the steps, that's why we're here
Chewy

No. Try not. Do... or do not. There is no try.

#5 jpoling

jpoling
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 24 February 2009 - 11:05 PM

I think I should be good to go. When should I post it on the HJT area?

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:43 AM

Posted 24 February 2009 - 11:30 PM

As soon as possible, try not to make any changes or use any powerful tools
Chewy

No. Try not. Do... or do not. There is no try.

#7 jpoling

jpoling
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 01 March 2009 - 06:14 PM

For anyone with similar problems I finally figured out what needed to be done. I had to log into safe mode and change the .exe extension settings in the registry. I apologize for not having the exact route to alter the settings but I am sure you can do a simple Google search on that topic (.exe registry settings) just as I did. After that I was able to install Combofix in safemode. Unfortunately I was unable to get the program functioning fully until I took care of another couple of viruses. If anyone is having problems with Internet Explorer not showing anything properly I just went in and restored the default settings and that seemed to do the trick. Well sorry for being so vauge if anyone has questions please ask and I will do my best to remember what I did to resolve that particular issue that is if I had something similar to what you have obviously.

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:43 AM

Posted 01 March 2009 - 06:37 PM

Have you run a full scan with Malwarebytes in normal mode?
Chewy

No. Try not. Do... or do not. There is no try.

#9 Jon BGood

Jon BGood

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 11 March 2009 - 12:50 PM

I had the same issue today - jpolling's discovery greatly helped.

Apparently the new versions of the rootkit change the .exe association settings in the registry
so any programs - Spybot, Combofix using .exe extensions can not start.

I just wanted to add to the thread - that you can go and download this registry fix, go into the command prompt
type "regedit" then click file - import the registry file into your registry, reboot and you'll be in good shape
to run Combofix again.

Here is the URL that provides the registry fix for lost .exe associations

http://filext.com/faq/broken_exe_association.php


Cheers

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 AM

Posted 11 March 2009 - 01:59 PM

Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable. ERUNT is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

you'll be in good shape to run Combofix again.

Please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users