Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help: Serious Malware infection from Antispy Protector 2009


  • Please log in to reply
8 replies to this topic

#1 BuddhaBrutha

BuddhaBrutha

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 28 August 2009 - 06:04 PM

I Ďm experiencing some serious problems with my computer. About three weeks ago Icomputer noticed this program pop up on my computer AntiSpy Protector 2009 . I immediately started Malware Bytes to get rid of this program but all it did was change into another progam called Windows Antivirus Pro. I read the article on the front py Prtector 2009, and here is a list of problems Iím having:

1. I receive this message whenever Iget to the desktop screen Ė Windows cannot find `logon.exe`. Make sure you typed the name correctly, and then try again. To search for a file click the Start Button and then click search.

2. Also while this message in number 1 is showing, these pop-ups are occurring C:\WINDOWS\System32\ntvdm.exe and C:\WINDOWS\System32\desot.exe about three to four windows.

3. I can only open Internet Explorer all other programs like HiJack This, Malware Bytes, I-tunes, etc. donít open and I get to following pop-up: Canít load VDM IPX/SPX support Program too big to fit in memory.

4. Also, This program keeps popping up every 30 seconds (Windows Antivirus Pro)

5. Lastly, when I try and start my computer in safe mode, I get a blue screen with this message:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this the first time youíve seen this stop error screen, restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check our hard drive to make sure it is properly configured and terminated. Run CHKDSK/F to check for hard drive corruption, and then restart your computer.

Sorry this is so long but I wanted you guys to know exactly what was going on. Also, I donít have any virus protection on the computer and my computer is a Dell Dimension E510. Can my computer be fixed?

BC AdBot (Login to Remove)

 


#2 fireeye1

fireeye1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 29 August 2009 - 02:32 PM

Exact same problem. it will run firefox but all other programs it blocks. ...including Webroot.

will not run MalwarBytes even if filename is changed....

ran in safe mode and but it still would not allow me to open any programs.


Did you find a fix?....

#3 BuddhaBrutha

BuddhaBrutha
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 30 August 2009 - 11:08 AM

Exact same problem. it will run firefox but all other programs it blocks. ...including Webroot.

will not run MalwarBytes even if filename is changed....

ran in safe mode and but it still would not allow me to open any programs.


Did you find a fix?....


No, no one has replied to help.

#4 fireeye1

fireeye1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 30 August 2009 - 10:38 PM

ok...well i still have this apparent rootkit virus..... BUT i was able to run my (Malwarebytes and WebRoot) programs....by right clicking the exe file and selecting Run As.... and choosing administrator.....

scanning now and hopefully will be headed in the right direction...


hope this helps...

#5 fireeye1

fireeye1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 30 August 2009 - 10:49 PM

Malwarebytes found a registry data infection..... and it looks like it could be the culprit....i remove it after this posting and we will see what happens....

Here is the info Malwarebytes found..



VENDOR: BROKEN.OPENCOMMAND

CATEGORY: REGISTRY DATA

ITEMS: HKEY_CLASSES_ROOT\EXEFILE\SHELL\OPEN\COMMAND\

OTHER: BAD:(C:\WINDOWS\SYSTEM32\DESOT.EXE "%1" %*) GOOD: ("%1" %*)

ACTION TAKEN: No Action Taken

#6 fireeye1

fireeye1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 30 August 2009 - 10:56 PM

BINGO! I can now open all of my programs.....

After removal I was asked to Restart...and now I can use all programs as normal.


I hope you have the same luck.

Blessings,
Fireeye

#7 BuddhaBrutha

BuddhaBrutha
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 31 August 2009 - 06:56 AM

Thanks for replying Fireeye, but running as administrator didn't work because I don't remember the administrative password. Sad I know but it's been like 4 years since I've had this computer.

#8 BuddhaBrutha

BuddhaBrutha
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 31 August 2009 - 10:49 AM

Damn, is there anyone out there that can help me with this problem? If I'm screwed will the experts just tell me that so I can stop hoping for a solution. I'm in begging mode now

#9 fireeye1

fireeye1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 03 September 2009 - 11:56 AM

you could try running a password finder like this.... http://projectw.org/viewtopic.php?f=23&...p;hilit=Spotmau

you would have to run it in safemode....and that itself may not work based on the program info....

have you tried to find the file... VENDOR: BROKEN.OPENCOMMAND

CATEGORY: REGISTRY DATA

ITEMS: HKEY_CLASSES_ROOT\EXEFILE\SHELL\OPEN\COMMAND\

OTHER: BAD:(C:\WINDOWS\SYSTEM32\DESOT.EXE "%1" %*) GOOD: ("%1" %*)

ACTION TAKEN: No Action Taken


try to search it....perhaps by removing it...it will allow you to run your spyware/ rootkit killing programs.....



the other thing I saw was perhaps trying to partition your drive and load another version of XP (i.e. OS) to that new partition and your windows password would be blank....

I am still digging to find "the solution".... once you can run as admin I am pretty sure it will get rid of this bug....it worked for me and I had the exact same problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users