Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected. Cannot Get Any Anti-spy To Run...Need Help


  • Please log in to reply
12 replies to this topic

#1 midwestjp

midwestjp

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 05 August 2009 - 07:43 PM

I have been battling a pretty bad infection for the last couple of days and I am at my wits end. The two main issues seemed to be with braviax.exe and Windows Anti Virus Pro (svchast.exe). Originally I could not get any of my typical anti-spyware programs (Ad-aware & Spybot Search & Destroy) to run. I also have Windows Defender and upon boot both in safe and normal modes produces the following error:

ERROR "Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search help and support for how to start a service manually."

So i searched the internet and came across SDFix. I ran that and at first I thought it had brought life to my computer. Windows defender started running, Hijackthis started to act like it was going to work and then I went to delete the broken links on my desktop associated with the mal-ware and everything went back the way it was. Only difference was I was no longer getting the red circle/white x in the systray saying I was infected!. But something is obviously wrong still because I cannot get any anti-spy to work. At this point I was able to run a full scan through AntiVir and it appeared it had found several bad things still and acted like it fixed them but still nothing was working.

So here I am I have completely removed AntiVir to make sure it would not interfere with the multiple programs I have found upon scouring the forums. I have tried the aforementioned anti-spy programs, Hijack this wont even install (well it appears to install but just places a broken link on the desktop that produces the error below), neither will combofix. Malwarebytes installs fine but closes after it starts to scan and I also tried Dr.Web Cureit! that also installs and performs the quick scan but when trying a Complete scan pops up the window for the free trial but then the scan has closed. Pretty much all of them either do nothing, close after starting the scan or produce the following message once installed and opened:

ERROR "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Now is a good time to point out that the only thing that seems to have installed and run was SuperAntiSpyware it ran and scan found quite a bit and fixed them but the issues still remain. I also just tried it again and now that program is broken like the others producing the same error "windows cannot access..."

I also ran MGTools and I do have the MGlogs.zip file that I can access if that is helpful.

Only other thing I think i can mention is the internet is taking to false places when i try to search for some of these programs. Luckily i have my work computer to download programs and work with this forum. Oh and I was still getting the Widows Anti Virus Pro running in my services. I ran a registry search on svchast.exe and deleted two main keys that popped up in the search that were labeled Windows Anti Virus Pro.

I've never been hit this hard and I would appreciate any help you guys could give me.

Operating System: Windows XP 32-Bit

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 ComputerNutjob

ComputerNutjob

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 05 August 2009 - 09:07 PM

My friend, Windows Antivirus Pro, I believe, is a ROGUE ANTIVIRUS. They are misleading programs that say they are reliable antivirus programs, while actually, they can do some, or all, of the following things:

Urge you to buy the full version of their software with annoying, repetitive alerts.
Give users false-positive reports of "malware" on the computer.
Actually install malware onto your system, and will not remove it UNTIL you purchase the software.
Steal credit card information when/if you pay for them.
Prevent access to reliable security sites.
Will not uninstall.

For removal instructions, please wait for a BC Advisor to help you.

Edited by ComputerNutjob, 05 August 2009 - 09:12 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:00 AM

Posted 05 August 2009 - 09:12 PM

Even better idea use the our guide..Remove Windows Antivirus Pro (Uninstall Guide)


http://www.bleepingcomputer.com/virus-remo...s-antivirus-pro
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 midwestjp

midwestjp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 05 August 2009 - 09:26 PM

I looked over your guide before I posted but my biggest issue seems to be that I cannot get any anti-spyware apps to run at all including malwarebytes or hijackthis. I think the initial issue started with Windows AV Pro but i think there is something else going on. There seems to be no traces of Windows AV Pro anymore but I am still having issues.

Thanks for your replies.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:00 AM

Posted 05 August 2009 - 09:36 PM

OK, Did you kill the 2 items with Task manger already? Windows Antivirus Pro and Windows Antivirus Pro.exe

let's try Fatdcuk's fix.

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and select Quick Scan

At the end of the scan click Remove Selected and then reboot.


Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 05 August 2009 - 09:38 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 midwestjp

midwestjp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 05 August 2009 - 10:16 PM

Ok i found the mbam.exe and renamed it. Ran it and chose the quick scan option and about two seconds into it it just closed. Try to access it again it now says the error in my original post about how windows cannot access...

Also, I think I have gotten rid of the Windows AV Pro. Those items you mentioned are not showing up in the task manager and the antipyPro_12 is not showing up in my services. I had also deleted all registry keys pertaining to svchast.exe. So unless its hiding somewhere else I may be looking at something else that is keeping all these anti-spyware programs from running.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:00 AM

Posted 05 August 2009 - 10:51 PM

Use Process Explorer to see what's running at startup.

Please download and run Process Explorer v11.33
Click on File then Save As, create a log.
Copy and paste it into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 midwestjp

midwestjp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 06 August 2009 - 04:46 PM

Here is the Log created from Process Explorer:

Process PID CPU Description Company Name
System Idle Process 0 96.88
Interrupts n/a Hardware Interrupts
DPCs n/a 3.13 Deferred Procedure Calls
System 4
smss.exe 900 Windows NT Session Manager Microsoft Corporation
csrss.exe 948 Client Server Runtime Process Microsoft Corporation
winlogon.exe 980 Windows NT Logon Application Microsoft Corporation
services.exe 1024 Services and Controller app Microsoft Corporation
svchost.exe 1184 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2352 WMI Microsoft Corporation
svchost.exe 1296 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1452 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 2340 Windows Security Center Notification App Microsoft Corporation
wuauclt.exe 4084 Windows Update Automatic Updates Microsoft Corporation
svchost.exe 1496 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1556 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1720 Generic Host Process for Win32 Services Microsoft Corporation
LEXBCES.EXE 312 LexBce Service Lexmark International, Inc.
LEXPPS.EXE 344 LEXPPS.EXE Lexmark International, Inc.
spoolsv.exe 392 Spooler SubSystem App Microsoft Corporation
svchost.exe 228 Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 624 Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 676 Bonjour Service Apple Inc.
CTSVCCDA.EXE 744 Creative Service for CDROM Access Creative Technology Ltd
svchost.exe 1620 Generic Host Process for Win32 Services Microsoft Corporation
nvsvc32.exe 2024 NVIDIA Driver Helper Service, Version 169.06 NVIDIA Corporation
svchost.exe 264 Generic Host Process for Win32 Services Microsoft Corporation
MediaServer.exe 376
MsPMSPSv.exe 1208 WMDM PMSP Service Microsoft Corporation
WLService.exe 1220 WLService GEMTEKS
WMP54G.exe 1344 WMP54GS Utility Cisco Linksys Corporation
ZuneBusEnum.exe 1596 Zune Bus Enumerator Service Microsoft Corporation
ZuneNss.exe 1748 Zune Network Sharing Service Microsoft Corporation
alg.exe 3604 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1036 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 564 Windows Explorer Microsoft Corporation
rundll32.exe 1428 Run a DLL as an App Microsoft Corporation
hpztsb09.exe 1520 HP
CTSysVol.exe 1836 CTSysVol.exe Creative Technology Ltd
CtHelper.exe 1844 CtHelper Application Creative Technology Ltd
CTDVDDET.exe 1884 CTDVDDET Creative Technology Ltd
ctfmon.exe 1904 CTF Loader Microsoft Corporation
procexp.exe 3128 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:00 AM

Posted 06 August 2009 - 09:35 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop:(You may need to renme this if it wont run)
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all six boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 moonflowerblossom

moonflowerblossom

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 09 August 2009 - 11:07 AM

I've been following this tread.... having the same issues. I renamed the program, and it installed on my computer fine, but now I can't get the program to run. When I start it up, a windows thing comes up saying, "Malwarebytes Anti Malware has stopped working". I was kind of hoping this would be the answer, but now I can't get it to work either!! What should I do?

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:00 AM

Posted 09 August 2009 - 11:11 AM

Hello moonflowerblossom :thumbsup:

You should start your own thread. This will eliminate confusion and allow us to assist you better :flowers:

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 midwestjp

midwestjp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 10 August 2009 - 08:19 AM

I appreciate all the help you guys have given me but I had issues with RootRepeal not working as well this weekend. Given I was under time constraints and had some spare time this weekend, I decided to just go ahead and reformat my system drive and load Vista. Thanks again for all your guys helps though.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:00 AM

Posted 10 August 2009 - 10:43 AM

Understandable and many times the best solution... Thanks for lwtting us know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users