Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data Execution Prevention DEP blocks Windows Explorer


  • Please log in to reply
1 reply to this topic

#1 CreeDo

CreeDo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 25 February 2009 - 04:20 PM

Howdy, I hope you can help me with this. I think some key windows files are infected. Maybe all executables :/
I was hoping it's possible to clean it without reinstalling windows. Here's what I know so far:

I am getting detections for the "Crypt.u.gen" virus with avira, and I think other programs detected similar sounding ones.
I also had at least 1 characteristic registry entry for the "About:Blank" virus.
I have now scanned for viruses and cleaned up everything I could with the following programs, all the latest versions and fully updated:

Combofix
MalwareBytes AntiMalware
SuperAntiSpyware
AdAware
...and one or two others that seemed to apply to my situation when I googled it.

All programs except Avira (the best one, from what I hear) give me a clean bill of health.
But Avira says a ton of executables are infected with Crypt.u.gen.
On my first scan, I told it to ignore them (a lot of them were key files like run32.dll that I didn't feel safe deleting)
Even now, I'm not running a scan, but every few seconds avira pops up suggesting an exe has this virus,
and right now I'm deleting everything I can (some of them are programs I installed but can live without,
others are clearly created by the virus like VRxxx.tmp or whatever.

1. When windows starts, I get an error from DEP and it blocks windows explorer.
Sometimes, weirdly, I was permitted to run it, but I still occasionally get DEP errors about it.
I ran a fix that said to disable system restore, then re-enable it. I think it helped? Right now I can run
explorer.exe but I can't remember if it ran ok from first boot or if I had to do it with task manager.
My overall error count is slowly decreasing.

2. Before I was also getting "Run a dll as an app" errors, and I was able to see suspicious processes like 99.sys
or rundll33.exe. Those are seemingly gone now.

3. While all other installs worked fine, avira antivirus gave me a crc error during the install.
One google result suggested my whole computer and all executables are hosed and the only fix was to reinstall windows.
Somehow after all these scans I was allowed to install and run it.

4. I can't run media player classic, it just crashes and I get the error reporting box.
I can run a lot of other stuff but weirdly not this, even if I DL a slightly newer version and try running that.

=====

So what should I do? Delete all these exes Avira is detecting? I set its detection heuristics at high,
and it even says 'this might be a false alarm' about some file. But most of them have a warning
about having malware-like code. And several are outright labelled whatever.u.gen virus.

Can I replace the handful of windows files that it detects? Is it even possible to have a functioning explorer.exe but
it's still a dropper or whatever for this virus? Should I just bite the bullet and reinstall?

BC AdBot (Login to Remove)

 


#2 CreeDo

CreeDo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 26 February 2009 - 12:47 AM

lol, the dozens of people working hard to figure this out can quit...
The crypt.u.gen virus infects every single executable on all hard drives.

I found this out the hard way when did full reformat and fresh OS install.
I got to the familiar fresh XP install with low res green hills wallpaper, I went to install my ethernet card which I'd backed up on another drive... and boom, device manager crashes and a thousand pieces of junk pop up.
3 drives in my case = sucks to be me.

Various programs couldn't repair them, either because they don't know how or I had too many av products installed and they hassled each other.

So, I'm reinstalling ethernet driver that I dled from a neighbor's pc, and now I get to be up all night :thumbsup:

Edited by CreeDo, 26 February 2009 - 12:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users