Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not a valid windows image


  • Please log in to reply
13 replies to this topic

#1 rocky hill angler

rocky hill angler

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 March 2009 - 07:08 AM

I have an error appearing when the computer first starts. It reads:
The applicaton or DLL C:\WINDOWS\system32\digeste.dll is not a valid Windows image. Please check this against your installation diskette.
The error seems to be detected by both Msascui.exe and Googletoolbarnotification as a bad image.
My macafee antivirus or spy bot are notdetecting anything wrong. The computer runs XP.
Any help would be appreciated. Thank you.

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 21 March 2009 - 07:59 AM

Hello rocky hill angler and welcome to BC! :thumbsup:

Let's see what we can do.

Create and Run batch script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".


    @Echo Off

    reg export "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders" SPlook.txt
    notepad SPlook

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input Check.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on Check.bat, and Black DOS window shall appear and then notepad shall open. This is normal, post back with the contents of notepad in your next reply. The log can also be found on your desktop.

Now run MBAM.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with both logs in your next reply.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 rocky hill angler

rocky hill angler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 March 2009 - 08:46 AM

Thanks for the help. Here is the check.bat output:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles]
"GSSAPI"="Kerberos"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL]
"EventLogging"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\DES 56/56]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\NULL]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\RC2 128/128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\RC2 40/128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\RC2 56/128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\RC4 128/128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\RC4 40/128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\RC4 56/128]
A
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Ciphers\Triple DES 168/168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Hashes]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Hashes\MD5]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Hashes\SHA]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\KeyExchangeAlgorithms]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\KeyExchangeAlgorithms\PKCS]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\system\currentcontrolAset\control\securityproviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\PCT 1.0]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\PCT 1.0\Client]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\PCT 1.0\Server]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\SSL 2.0\Client]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\SSL 2.0\Server]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\SSL 3.0\Client]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\SSL 3.0\Server]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\TLS 1.0\Client]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL\Protocols\TLS 1.0\Server]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest]
"Lifetime"=dword:00008ca0
"Negotiate"=dword:00000000
"UTF8HTTP"=dword:00000001
"UTF8SASL"=dword:00000001

I am continuing on with the Malwarebytes' Anti-Malware.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 21 March 2009 - 08:56 AM

Hello.

Let's fix this. Please backup your registry and then create the following registry script.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

How to Restore from the ERUNT Backup

Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.


Create and Run Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input SPFix.reg.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .reg file.

Doube-click on SPFix.reg, you will get a warning saying something like: "do you wish to merge/add the following information to the registry?". Please say Yes. Next you will get a confirmation telling you if it was merged sucessfully.

Tell me in your next reply if the reg script got merged sucessfully.

Reboot Your Computer Now. Let me know how it goes and tell me if you still get that error at startup?

EDIT: Run MBAM as well.

With Regards,
Extremeboy

Edited by extremeboy, 21 March 2009 - 08:57 AM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 rocky hill angler

rocky hill angler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 March 2009 - 09:52 AM

This is the out put for Malwarebytes:

Malwarebytes' Anti-Malware 1.34
Database version: 1880
Windows 5.1.2600 Service Pack 3

3/21/2009 10:50:19 AM
mbam-log-2009-03-21 (10-50-19).txt

Scan type: Quick Scan
Objects scanned: 123307
Time elapsed: 48 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd1ad1ea-b7da-4e3e-ad85-82e4684e1773} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rtjdwajj (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd1ad1ea-b7da-4e3e-ad85-82e4684e1773} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkjerykw (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hkjerykw (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkjerykw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1ad1ea-b7da-4e3e-ad85-82e4684e1773} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\qhkebni.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.



I am now about to run the .reg file and reboot.

Thanks.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 21 March 2009 - 10:22 AM

Hello.

Actually, the reg script isn't necessary anymore, but executing it won't do any harm either. MBAM took care of it already, I thought it didn't do that.. *smack myself*

Anyways, just reboot your computer afterwards and let me know how everything goes and if there are any more problems left.

Thanks.

With Regards,
Extremeboy

Edited by extremeboy, 21 March 2009 - 10:22 AM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 rocky hill angler

rocky hill angler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 March 2009 - 10:32 AM

It booted up with out any errors.
Does that mean it is fixed?
If so, I appreciate your time and your willingness to help.
Thank you.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 21 March 2009 - 10:41 AM

Hello.

Yup, it's fixed.

However, there were more infections on your computer other than that. To make sure you are free from malware. Here's what I would do. Run MBAM using a Full Scan.

After that run Kaspersky Online scan to see if it detects anything else.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requiresJava Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Good luck!

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 rocky hill angler

rocky hill angler
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 March 2009 - 04:34 PM

Here is the output from kaspersky.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 21, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 21, 2009 19:11:12
Records in database: 1946158
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 120847
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:12:42

No malware has been detected. The scan area is clean.

The selected area was scanned.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 21 March 2009 - 04:45 PM

Hello.

Looks good then. Please purge a system restore point now.

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 kenhil2

kenhil2

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 03 April 2009 - 08:40 AM

hello, i am having the same problem, not sure what i got infected with, but anytime i run any exe. file i get a error message pop up saying that its not a valid windows image file, i get a ton pop up every time i start my computer and after its started, anytime i run anything not already started up. everything works fine after i click ok on the error message, and i have installed and scanned my computer with mcafee, spyhunter 3, spybot search & destroy, malwarebytes and windows defender, all say i am clean besides the occasional bad cookie. i tried doing a clean boot but for some reason the windows startup disk i have apparently isn't the right one. only one that i have, only one i've ever had so i'm not sure how its the wrong disk. system restore also doesn't work. i've tried to restore to multiple saved points and every time i restart it just says it could not do a system restore. i am losing my mind, and really hoping i don't have to wipe my laptop clean and start over. any help would be greatly appreciated.

#12 kenhil2

kenhil2

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 03 April 2009 - 01:44 PM

help, anyone?

#13 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:03 PM

Posted 03 April 2009 - 01:59 PM

start a new topic.this one is old and you will get a quicker reply from the pros

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 03 April 2009 - 03:52 PM

Hello.

Yes, start a new topic. We don't continue someone else's topic on a different user.

This leads to confusion sometimes. Thanks for understanding.

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users