Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Police Pro


  • Please log in to reply
22 replies to this topic

#1 compaqkoci

compaqkoci

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 08 September 2009 - 02:50 AM

So i left for a few days and come back to a failing computer. Its slowly gotten worse and worse. At this point i am running in safe mode, since i don't want the problem to get any worse.
Im pretty savy with a computer, and the only reason i find myself on here is i just simply can't get it fixed. The common WPP problems i have are as listed. Cannot open any application, msconfig, new program, or any of the many good anti-spware/malware programs.
All these programs all say that they are "not a valid Win32 application".
I have also downloaded RootRepeal and OTL but neither will open, the same Win32 box opens. I have never used these apps, but i seen some threads about WPP and had some of your pros require the logs for research. I tried to download and get these on, but i can't.
I ran Spybot S&D, Malwarebytes, and Eset Nod32 for defenses. On Windows XP Pro.
Hopefully i can get back on my computer soon, my EQ double experiance weekend is almost gone :flowers:

I appreciate any help you guys can give me!


P.S.
No im not on a compaq :thumbsup:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 AM

Posted 08 September 2009 - 08:55 AM

Hi and welcome.. I am moving this to the Am I Infected forum from XP as you are.
You have a rootkit.
As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.

Now ... Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 compaqkoci

compaqkoci
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 08 September 2009 - 02:59 PM

Downloaded, Could not get to work. Came up with the invalid Win32 App message. Running in safemode Atm.

Also i am having the google search re-direct websties and such. Im getting by copying and pasting. But thought i should mention it

Edited by compaqkoci, 08 September 2009 - 06:34 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 AM

Posted 08 September 2009 - 08:32 PM

Ok we have to go for the guns.
b]System Repair Engineer[/b]
  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Copy & paste the contents of that file as a reply to this topic
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 compaqkoci

compaqkoci
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 08 September 2009 - 09:32 PM

Downloaded program, got it to unzip, but when i tried to open i got the same Win32 App error message.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 AM

Posted 08 September 2009 - 09:55 PM

We are getting close to reformatting.
Let;s do The VIPRE Rescue Program
The VIPRE Rescue Program is a command-line utility that will scan and clean an infected computer that is so infected that programs cannot be easily run.


Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 compaqkoci

compaqkoci
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 09 September 2009 - 01:48 AM

Downloaded VIPRE, could not open, the same Win32 error comes up.

#8 compaqkoci

compaqkoci
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 09 September 2009 - 02:54 AM

Hey i had an idea if it comes down to it, would i be able to put in the hard drive into another tower as a slave and use malwarebytes and spybot to delete them. Then atleast maybe be able to get some programs to clean up the registry? Just a thought. Is there a program that allows you to quarrantine the entire drive untill scanned?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 AM

Posted 09 September 2009 - 09:02 AM

That should work well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 chamilton

chamilton

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 09 September 2009 - 11:31 AM

Hi, just skimmed through the topic about police pro. I do not understand a lot of it but I know that I need some real help. My dad's desktop computer is inoperable at this time because of an infection with police pro and we are all on the same network. how do I protect my laptop and my mom's laptop until we get this fixed? when booting up the desktop within the first 60 seconds of seeing the desktop image I am overrun with multiple error messages and eventually the police pro window shows up and says that we have multiple infections. nothing shuts police pro off and I am not able to access any programs or applications. what is my first step to take right now?

will try the Win32kDiag.txt utility as suggested above and then I will need some help with the next step

Edited by chamilton, 09 September 2009 - 11:52 AM.


#11 compaqkoci

compaqkoci
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 09 September 2009 - 02:19 PM

OK first off please make another thread and be patient for someone to help you. Bumping will only make it go slower so please be patient. In the new thread you need to describe what kind of errors you got, what programs did not work, etc.. Also Spyware of Antivirus programs you were running before the crash. They will also need your OS , such as (XP Pro, or XP home). And most importantly! Don't mess around on that computer untill you get help from some experianced since it will only get worse and you might have to go through more steps later. Don't turn it on at all. As for protecting your other computers. enable the firewalls, Download Malwarebytes Anti-Malware, and Spybot S&D. both are free. Update and scan other computers. Before you do that even, unplug the ethernet cable from the comp to the modem, if its wired. I haven't had a problem on my Lan, but why not make sure. This should get you started and remove some of the questions so the real pros can help you! :thumbsup:

#12 compaqkoci

compaqkoci
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 09 September 2009 - 02:28 PM

That should work well.



Ok as for that program to make it safe for my friends computer? :thumbsup:


Don't you love those lightbulb moments.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 AM

Posted 09 September 2009 - 03:06 PM

Yes I do love em :thumbsup:

It is safe for the other PC.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 compaqkoci

compaqkoci
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 09 September 2009 - 03:35 PM

Awesome, just finishing up spybot startup on friends computer. im a nervous nancy now called all my friends to do updates :thumbsup:

Will pop in the hard drive as slave and hopefully it just works flawlessly

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:49 AM

Posted 09 September 2009 - 03:39 PM

Ok cool let us know..

To the others in this thread ...It is easier for all involved to have their own thread.

Edited by boopme, 09 September 2009 - 03:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users