Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem "Application cannot be executed. The file is infected"


  • Please log in to reply
30 replies to this topic

#1 janell377

janell377

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 01 December 2009 - 02:03 PM

I am using Windows XP.

Every time i try and open up any programs this window pops up and many more "buy virus protection" adds

I also can't run ANY virus scanner i have. The task manager won't open. and I can't go into safe mode when i boot the computer up.

Anything i download will not open. The only thing i can open is the internet browser.

I also did a system recovery 2 days ago because i had the same problem, and everything was fine until just now. All i did after the recovery was reinstall all the programs i use on a daily basis like microsoft office, photoshop, kodak, HP printer, and other little programs. I have not opened up any e-mails i did not know.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 AM

Posted 01 December 2009 - 02:28 PM

Please download Malwarebytes Anti-Malware (v1.41) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe. If that did not work, rename it explorer.exe.
  • Double-click on the renamed file to start the installation.
  • If that still did not work, then try changing the file extension. <- click this link if you do not see the file extension
    If using Windows Vista, refer to these instructions.
  • Right-click on explorer.exe and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on explorer.com (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe and rename it to wuauclt.exe.
  • Double-click on wuauclt.exe to launch the program.
  • If that did not work, then change the .exe extension in the same way as noted above.
  • Double-click on wuauclt.com (or whatever extension you renamed it) to launch the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 01 December 2009 - 04:34 PM

Okay i downloaded the malwarebytes and it installed it. I then had both of the boxes checked after the installation and after i clicked finished, the program would not opened. About 3 times in a row the window popped up about it being executed and infected.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 AM

Posted 01 December 2009 - 05:14 PM

Its a bogus alert by the malware to make you think the file is infected.

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Now try performing a Quick Scan in normal mode with Malwarebytes Anti-Malware and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 01 December 2009 - 05:50 PM

I downloaded the Rkill file (first one) and the black box did show up for a couple of second.

I then proceeded to try and open the malware program to try and run the scan, but it is still not letting me even open the program. The warning pops up and i clicked both YES and NO and either way had no success of opening it so i can scan. Is there another way to open it???

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 AM

Posted 01 December 2009 - 09:47 PM

You can try downloading and using the VIPRE Rescue Program - the size of the downloaded application is large. This is a utility designed to scan and clean a computer which is so badly infected that most programs cannot run. Virus definitions are included and the program is self-running once executed. All scans include Rootkit Detection. Be sure to print out and follow the instructions provided on the same page.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 02 December 2009 - 10:25 AM

I downloaded the program but it said i needed quick time, so i did that and that was unable to run.

Would it be better if i did another system recovery and then get an application that could get rid of it for good. Because i did a system recover 2 days ago and apparently it was not completely gone since it came back.

And if i do that what program would be the best to get rid of that??? Lastly as a regular virus scan would you say spybot is good?

Thanks for your help!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 AM

Posted 02 December 2009 - 11:23 AM

Would it be better if i did another system recovery

If you mean System Restore, you can always try that route. Keep in mind that System Restore will back up the good as well as malicious files, so when malware is present on the system it gets included in restore points.

However, you may be able to roll back to a point where the infection may not be as severe which allows you to run some of your scanning tools.

mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 03 December 2009 - 02:10 PM

Ok i did the system recovery and began right away with scanning using the Malwarebytes Anti-Malware program.

Next I did the Quick Scan and it found 11 infected items.

Then i clicked remove all selected items

Here is the log
_____________________________________________________________________________________________________


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

12/3/2009 11:09:17 AM
mbam-log-2009-12-03 (11-09-17).txt

Scan type: Quick Scan
Objects scanned: 107020
Time elapsed: 14 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\60W9F6FM\firewall[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242475685.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242476151.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242574050.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242590588.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242606724.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\st_1242635420.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 AM

Posted 03 December 2009 - 03:19 PM

Your Malwarebytes Anti-Malware log indicates you are using an outdated database version.
The database shows 2775. Last I checked it was 3285.

Please update it through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. This time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

    C:\Program Files\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 03 December 2009 - 04:51 PM

Here is my complete scan results. I will now be rebooting and doing the 2nd scanning part you told me to do.


Malwarebytes' Anti-Malware 1.41
Database version: 3288
Windows 5.1.2600 Service Pack 2

12/3/2009 1:50:31 PM
mbam-log-2009-12-03 (13-50-31).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 269502
Time elapsed: 1 hour(s), 24 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Compaq_Administrator.JANELL\Local Settings\Temp\572.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\NoAdware\nutilities.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0000364.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0000365.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#12 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 03 December 2009 - 08:22 PM

Ok the other scan finally finished and the start-run-paste the code would not work so i had to go into the folder itself and i believe this is what you wanted.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=56841fd3628f1a41b43dc3f2cc426046
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-04 01:08:54
# local_time=2009-12-03 05:08:54 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3586 16764889 100 88 0 263094300 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=143640
# found=7
# cleaned=7
# scan_time=11155
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\bin\wbug\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\NoAdware\NoAdware5.exe probably a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\I386\APPS\APP17286\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\I386\APPS\APP17286\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0001087.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0001088.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 AM

Posted 03 December 2009 - 10:16 PM

How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 03 December 2009 - 10:23 PM

There hasn't been any problems yet, but i'll post more if there is. When i did the first system recovery and without getting rid of the problem it was 2 days before the pop ups and errors would show up. But hopefully this time it is fine for good. I'll continue to do both the super anti virus program and the malware one on a regular basis.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 AM

Posted 03 December 2009 - 10:29 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users