Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Personal Antivirus and rootkit infection

  • Please log in to reply
2 replies to this topic

#1 Mahatma


  • Members
  • 2 posts
  • Local time:12:43 PM

Posted 02 October 2009 - 03:07 PM

I have a customer who brought me a machine with Personal Anti virus on it. It also showed signs of a rootekit infection any time you click any kind of spy or mal ware utility. It would come up with a window that said "This application or DLL is not a valid windows image. Please check against your install disk". There was no uninstall for the personal antivirus so I went to the program file dir. and deleted the directory and the file. Then I scanned the drive with Norton's 360. It came up with one virus-ed file and disposed of it. No every exe pops up the (invalid windows image) screen. I was able to install malware bites but can not run it even with a changed name. I was able to run the DDS.scr file and get a DDS.txt and a Attach.txt file. I was able to also download and run hijack this and get a log file.

I read one post where it was advised to just reload a similar machine. This has a lot of technical programs with the settings correct in it and I hate to reload it. It seems to work OK except for the error screen on most exe's. It pops it up then the program runs. Do I have the files that need to be posted to see if this can be fixed??

BC AdBot (Login to Remove)


#2 Mahatma

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:43 PM

Posted 02 October 2009 - 06:56 PM

I fixed this. Thank you.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,756 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:43 PM

Posted 02 October 2009 - 09:36 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista users can refer to these links: Create a New Restore Point in Vista and Disk Cleanup in Vista.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users