Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data Execution Prevention DEP blocks Windows Explorer


  • Please log in to reply
3 replies to this topic

#1 CreeDo

CreeDo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 25 February 2009 - 03:03 PM

Howdy, I hope you can help me with this. I think some key windows files are infected. Maybe all executables :/
I was hoping it's possible to clean it without reinstalling windows.
Here's what I know so far:

Before I stupidly installed this virus I know I was clean as I had just reinstalled the OS.
So I think it's just one virus but maybe it's several packed into 1 exe.

I am getting detections for the "Crypt.u.gen" virus with avira, and I think other programs detected a similarly-named problem.
I also had at least 1 characteristic registry entry for the "About:Blank" virus.
I have now scanned for viruses and cleaned up everything I could with the following programs,
all the latest versions and fully updated:

Combofix
MalwareBytes AntiMalware
SuperAntiSpyware
AdAware
...and one or two others that seemed to apply to my situation when I googled it.

Currently I am running Avira Antivirus, which I couldn't install before but now I can (more on that below)
All the other programs gave me a clean bill of health, but I still have an error on boot.
I've had other errors from previous reboots, and right now they seem to be gone, but I've had things come back when I wasn't expecting.

1. When windows starts, I get an error from DEP and it blocks windows explorer.
Sometimes, weirdly, I was permitted to run it and my computer seems fine. Right now I can't.

2. Before I was also getting "Run a dll as an app" errors, and I was able to see suspicious processes like 99.sys
or rundll33.exe. Those are seemingly gone now.

3. While all other installs worked fine, avira antivirus gave me a crc error during the install. It unpacks the installer files successfully
but won't run setup.exe. I redownloaded the file with the same result. Per google, I had 2 possibilities.
A. I just needed to clean the registry with something like Registry Mechanic, then delete all references to Avira software manually
B. My whole computer and all executables are hosed and the only fix was to reinstall windows.
After desperately avoiding that option, I have finally come to a place where it will let me install avira (maybe because
I can't run explorer. I'm running individual stuff like firefox from the task manager).

4. I can't run media player classic, it just crashes and I get the error reporting box.
I can run a lot of other stuff but weirdly not this, even if I DL a slightly newer version and try running that.

===========================
So, I guess my big question is... Avira is beeping like crazy giving detections for lots of regular programs (both windows
stuff like explorer.exe, run32.dll, etc... and stuff I installed).
I did set it to the highest level of threat detection.
Some of the found results have a blurb saying it's probably a false alarm, others say that the heuristic malware detection
found suspicious code, and (only a few) others flat out label it as a virus (Crypt.U.Gen)

Can a virus attach itself to these programs while still allowing them to function? Can these zillions of executables be infected
and must be deleted/replaced? Or is the heuristic detection giving me tons of false alarms?
I kind of worry it's the first one, meaning reinstall windows right? I think combofix and at least one other program pointed to explorer.exe
or an explorer.exe registry entry.

What should I do when avira finishes? I told it to ignore all the detections for now (like 250 and climbing).
Just give up now and start reinstalling windows and all my programs? I will cry.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:53 PM

Posted 25 February 2009 - 03:50 PM

BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Louis

#3 CreeDo

CreeDo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 25 February 2009 - 04:21 PM

oops, I should have looked at the forum names more closely. Thanks for the heads up. I reposted there with amended info.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:53 PM

Posted 25 February 2009 - 05:12 PM

Thanks, good luck :thumbsup:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users