Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Antivirus Pro


  • Please log in to reply
65 replies to this topic

#1 kenlenard

kenlenard

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 16 August 2009 - 08:27 PM

This is on my daughter's PC and she is constantly running into these issues. It's an XP machine with McAfee running. Today I saw a window for Windows Antivirus Pro and knew immediately it was BS. I found that I could stop the application from running in Task Manager and also kill a process called svchast.exe. I also found a bunch of files in the C:\WINDOWS\SYSTEM32 folder to remove. One original symptom was that you could not run ANY application without the system telling you that you didn't have permission. Eventually I got past that and now the system asked what application I want to use to "open" the program (the window you might get when you open a file with an unusual extension). I already have CCLEANER, SuperAnti-Spyware and Malware-Bytes installed on my system but cannot run them. I also get a message that C:\WINDOWS\SYSTEM32\rundll32.exe cannot be found although I see it in that folder. Anyone know anything about removing this? Thanks!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 16 August 2009 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:15 AM

Posted 16 August 2009 - 09:00 PM

Please see this guide: Remove Windows Antivirus Pro (Uninstall Guide)

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 16 August 2009 - 09:26 PM

Animal: Thank you for the response. I actually did see that page originally and I followed that process. The problem comes up when I try to run Malware-bytes... the system comes up with an OPEN WITH... window. I just tried it again and when it asked what application to use, I browsed to MALWARE-BYTES and clicked on that. After a minute, the MALWARE-BYTES screen came up and started to scan. But within about 2 minutes, the window disappeared as if a virus or trojan had terminated it. I can't really start any application without the OPEN WITH... box coming up. :thumbsup:

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:15 AM

Posted 16 August 2009 - 09:40 PM

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
  • Double-click on mysetup.exe to start the installation.
  • If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the report in your next reply.

Note: MBAM uses Inno Setup instead of the Windows Installer Service to install the program. If installation fails in normal mode, try installing in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 16 August 2009 - 10:21 PM

Okay... I cannot rename files on my system. Actually, I can rename some files, but not others. I read on another site that the issue could be C:\WINDOWS\SYSTEM32\rundll32.exe. I renamed that file and downloaded another one from what appears to be a trustworthy source. But now my system says, "rundll32.exe... application could not be found". But it's in the proper folder. I get this message when the PC starts up and also if I try to go into Control Panel to add/change programs.

#6 pablo49

pablo49

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern california
  • Local time:07:15 AM

Posted 16 August 2009 - 10:49 PM

If you have access to a working PC, download and burn a bootable antivirus CD. This link has some suggestions: http://www.techmixer.com/free-bootable-ant...-download-list/

#7 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 17 August 2009 - 08:15 AM

Thank you Pablo.

Also... does anyone know if WKIX32.EXE is a suspect file? It resides in the C:\Docs & Settings/Username/Local Settings/Temp directory and I notice that whenever I try to launch a program and get the OPEN WITH... box, the filename WKIX32.EXE shows up in that box.

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:15 AM

Posted 17 August 2009 - 07:42 PM

does anyone know if WKIX32.EXE is a suspect file?


Given the location, I would have to say yes
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 17 August 2009 - 10:23 PM

This entire time, I have had my McAfee telling me that I had security issues and when I clicked FIX, it would stall or just return to the same screen not telling me that it did anything. I would occasionally get an error also, telling me that McAfee couldn't continue due to an error. But today I clicked FIX and it came back saying that everything was okay. I reinstalled MBAM and it launched. It started to scan and I walked away for 1 minute and when I came back, the window was gone... something must have terminated it. I still get the OPEN WITH... box when I try to launch anything including CCLEANER, SUPER-ANTI SPYWARE or MBAM.... even REGEDIT won't start. I copied the WKIX32.EXE to another name (like WKIX33.exe) and another WKIX32.exe popped up in it's place. Would Windows do that or is that the virus doing that? :thumbsup:

#10 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 18 August 2009 - 06:47 AM

Also... I have tried to rename MBAM and also tried to make a copy of it and it tells me that I do not have permissions to do this. I no longer get the Windows Antivirus Pro screens and I have web access so maybe I should just leave it since it appears that it's only blocking virus-removal programs at the momemt. I plan to do a full scan with McAfee today to see what it finds. This bug will not let me run anything like Combofix, Ccleaner, Super-Anti Spyware or MBAM.

#11 kayakboy

kayakboy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 18 August 2009 - 01:15 PM

I've had a similar problem over the last couple days in that every attempt to run a program brought up the 'Open With' dialog. I reset the file extension associations for 'Applications' and was able to get by this.

#12 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 18 August 2009 - 07:01 PM

I've had a similar problem over the last couple days in that every attempt to run a program brought up the 'Open With' dialog. I reset the file extension associations for 'Applications' and was able to get by this.

Hmm... how did you do this? That's not really my area. Thanks for the reply, I appreciate it.

#13 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 August 2009 - 10:30 AM

Guys: First off, thank you to everyone for your replies and help. Thanks to the Doug Knox scripts, I was able to allow REGEDIT to run and his script to reset the .exe permissions seemed to run. After doing some of that, I restarted and got the first "clean" restart I have had in a while (no rundll32.exe issues, McAfee started up for the first time in awhile, etc). My only outstanding issue is where I go to start something like MBAM and Windows tells me that it cannot access the specified file, program or path... I may not have permissions to run the program. There doesn't appear to be any registry keys left or any other applications, processes or folders related to Windows Antivirus Pro. But there is clearly a switch that has been set for permissions. There was a link to a process where the permissions can be set by going into Control Panel and modifying the Folder Options. But... my control panel does not have a Folder Options icon. I would like to get past this last part so I can run MBAM and hopefully get rid of this thing completely. Thanks again... truly appreciated.

#14 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:15 AM

Posted 20 August 2009 - 06:14 PM

Did you try this?

Taking ownership of file or folder in XP:
http://support.microsoft.com/kb/308421
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#15 kenlenard

kenlenard
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 August 2009 - 10:19 AM

Mark: Thanks for that. I walked through that and it allowed me to start MBAM, which is good. The problem is that once I get MBAM started, something shuts it down within about 2 minutes. For this to happen, I assumed that a process must be running that saw MBAM running, recognized it and closed it. I went through my processes one-by-one and looked to see if it was suspicious and if it was, I killed it. This last time, I ran MBAM in Safe Mode (very few processes running) and it still gets shut down by something. I have been successful renaming MBAM and starting it, but again... it gets closed shortly after scanning. Also, I found something on MAJORGEEKS about running RootRepeal which I downloaded. But it just runs forever (overnight!) without doing anything.

Edited by kenlenard, 21 August 2009 - 10:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users