Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, and can't run hijackthis, Mbam and other removal programs


  • Please log in to reply
4 replies to this topic

#1 Jason B

Jason B

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 12 September 2009 - 11:29 AM

Hi everyone,

I'm running Windows XP Version on a HP pc.

I started to suspect something was wrong when I tried to open Malwarebytes Anti-Malware for a routine check, but couldn't. So here's the summary of my symptoms. I can't access my Symantec Antivirus Corporate Edition 9. Norton's autoprotect is still enabled, but it will not open, so I can't run a full scan.

Since Symantec won't open and won't uninstall, I installed AGV 8.5, ran a scan then uninstalled it. Since I still can't open Symantec or windows defender, I still think I have a problem.

When I attempt to open Symantec, I get the following error:
C:\Program Files\Symantec AntiVirus\VPC32.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Can't run MBAM, HijackThis, Symantec Antivirus, Spybot Search & Destroy, or Ad-Aware. With MBAM and HJT, I can rename a copy the executable and it'll open, but it shuts down if I try to run a scan; and if I try to open, move, or rename that copy of the program subsequently, the operation will fail with the error, "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the file."

However, Process Explorer works and superantispyware, which I ran a full scan, but issues are still here. Also tried running RootRepeal, and it says "initializing, please wait" and never finishes, it went for 10 min like this so then I closed it out. I found two files in system32 that look like they shouldn't be there and I put them in the recycler bin, there were: UAChawcqldwqv.db and UACoknajylklf.dat

I hope one of you can offer some advice about what to do next, or what additional information would be helpful! Thanks a lot --

Edited by Jason B, 12 September 2009 - 11:57 AM.
Moved from HJT to a more appropriate forum. Tw


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:57 PM

Posted 14 September 2009 - 02:43 PM

See if this tutorial is any help
Post back if you need help

http://www.bleepingcomputer.com/virus-remo...dows-police-pro
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 14 September 2009 - 03:24 PM

Are you sure you pasted the right link? I don't have Windows Police Pro installed anywhere on this machine.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:57 PM

Posted 14 September 2009 - 07:43 PM

Windows Police Pro is a virus not a program
The symptoms you described sounds like you have it
Which is a nasty rootkit UAChawcqldwqv.db and UACoknajylklf.dat
Even if you deleted those, there is still plenty of hooks still there



Please download RootRepeal.zip and save it to your Desktop.
alternate download link 1
alternate download link 2
  • Unzip the file on your Desktop or create a new folder on the hard drive called RootRepeal (C:\RootRepeal) and extract it there.
    (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Disconnect from the Internet as your system will be unprotected while using this tool.
  • Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
    This will ensure more accurate results and avoid common issues that may cause false detections.
  • Click this link to see a list of such programs and how to disable them.
  • Open the RootRepeal folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
  • Click on the Files tab, then click the Scan button.
  • In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
  • When the scan has completed, a list of files will be generated in the RootRepeal window.
  • Click on the Save Report button and save it as rootrepeal.txt to your desktop.
  • A copy of the report with the date (i.e. RootRepeal report 07-30-09 (17-35-54).txt) is also saved to the root of your system drive (usually C:\).
  • Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
  • Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".
-------------------------


If that will not run, try this one:

1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 14 September 2009 - 09:32 PM

Thanks, Blender ended up helping me. I had another virus in the past that we worked on and was able to contact her.

(VERY) short rundown.

UACs.sys rk

Rotsc*** rk

Maxx++ rk

Busted eventlog.dll (causing several other errors such as inability to
re-install AV, or start windows firewall, start much of anything else that
require WMI to work right)

Superantispyware removed a bunch of junk & DrWeb removed stuff too.

Several other programs were broken as a result of permissions on files being
broke.

Fixed with inherit.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users