Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7


  • Please log in to reply
29 replies to this topic

#1 dmrichar

dmrichar

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 20 May 2010 - 08:52 PM

Hi, I have Windows 7 and was trying to download combofix on to my computer to clean up possible viruses. So I downloaded the file to my computer but it will not open the file. It says that it is not Win32 valid application. Please help!!!!

BC AdBot (Login to Remove)

 


#2 DSTM

DSTM

    "Bleepin' Aussie Addict"


  • Members
  • 2,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY-AUSTRALIA
  • Local time:05:23 PM

Posted 20 May 2010 - 09:53 PM

Combofix is not your normal Antivirus Program.

You would be well advised to seek supervision,before running Combofix. :thumbsup:















#3 dmrichar

dmrichar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 21 May 2010 - 11:32 AM

Well I was on the internet and clicked on a site. Then it said I have 5 viruses on my computer and I needed to download something to fix and clean the viruses off of my computer. And if I did not do that my computer would crash. So I downloaded it but it would not open with me having Windows 7. So I want to make that I don't have any viruses on my computer because when I clicked out of the site my computer did not crash. Also, it was not a warning from my antivirus program McAfee. It was from Windows security or something like that.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 21 May 2010 - 03:14 PM

Hello, not know where you were they may have been bogus locations.. I will think you have a 64 bit system with that reply about ComboFix as it will not run on 64.

Let's run these and see what they say.

Start with TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Now a Safe mode scan with SAS:

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dmrichar

dmrichar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 22 May 2010 - 08:54 PM

My computer will not let me open any exe apllications so I can't even complete the first step.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 22 May 2010 - 09:18 PM

Can you boot to Safe mode with Networking??
then try.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dmrichar

dmrichar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 22 May 2010 - 09:46 PM

How do you do that?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 22 May 2010 - 09:54 PM

My bad... How to start Windows in Safe Mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dmrichar

dmrichar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 22 May 2010 - 10:11 PM

I put my computer in safe mode and it still will not open the application.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 23 May 2010 - 02:16 PM

Ok ,we have a tough one here.. we will try this . IF after this you can run TFC,MBAM and SAS do so.

Eun TDDS Killer
  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


If no good there then run OTL below. I think it will sneak past the malware. After running OTL Create a new topic here and post the OTL log. Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.

Let me know if that went well.


Use OTL

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 dmrichar

dmrichar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 24 May 2010 - 10:41 PM

Neither one did not work. When I downloaded TDDSKiller it would not let me extract the files and the OTL was exe application and it would not open that one as well.

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:23 AM

Posted 25 May 2010 - 12:36 PM

Hi dmrichar!!.. :thumbsup:..

Hi, I have Windows 7 and was trying to download combofix on to my computer to clean up possible viruses. So I downloaded the file to my computer but it will not open the file. It says that it is not Win32 valid application. Please help!!!!

No, please don't use the tools you know nothing about!.. ComboFix is a very powerful tool - it should not be run unsupervised!.. Scans with updated antivirus programs should be enough, in most cases...

Well I was on the internet and clicked on a site. Then it said I have 5 viruses on my computer and I needed to download something to fix and clean the viruses off of my computer. And if I did not do that my computer would crash. (...) Also, it was not a warning from my antivirus program McAfee. It was from Windows security or something like that.

Ok, please learn more about rogue antivirus programs: Information on Rogue Programs & Scareware - they will claim there are infections present on your computer... It's important you learn how to recognise a fake information of this sort... Watch out for fake virus alerts

Ok, let's try this instead (now with .com extension):

Note: if OTL runs successfully, please post the log at Virus, Trojan, Spyware, and Malware Removal Logs subforum, not here (however, post a link to this topic in that newly created thread)...

Download OTL.com by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 dmrichar

dmrichar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2010 - 09:58 AM

It still will not let me open the download on my computer. I do not know what to do.

#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:09:23 AM

Posted 26 May 2010 - 11:25 AM

Hi again dmrichar!!.. :thumbsup:..

It says that it is not Win32 valid application.


It still will not let me open the download on my computer. I do not know what to do.

Too little details...

Please give me answers to the questions below:

- if you tried to run OTL.com, did you get an error/warning of some sort??..
- if you know, is it a 32bit or 64bit system??..
- do you have a possibility to download a tool from another computer and then transfer it to the one being (probably) infected?..
- can you open exe files which are already on your computer (have not been downloaded recently)??..
- do you experience any fake antivirus warnings on your computer??..
- what security programs do you use (antivirus, firewall)??..
- do you use any download accelerator??..
- do your browsers work?..

The reason why I ask is because I'm not really sure if malware is involved here... If this is malware, it's very aggressive... If it's not malware, I'd suspect either a firewall or download accelerator "breaking" downloads (hence the files downloaded won't open, and you get "it is not Win32 valid application" error)...

Once I get answers to the questions above, I'll be able to help you...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#15 dmrichar

dmrichar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 May 2010 - 02:46 PM

When I clicked on the file OTL, my computer saved the file but it would not open with the error not a valid win32 application coming up. As far as I know, I've never been able to open any exe files on my computer. The only file I was successful able to open was my antivirus software which is thru McAfee. But at first I had a problem getting it on my computer so i searched the internet and found an answer. So it said to right click on the file and click on properties and under the general click on Unblock and the file should open. And that worked for that situation but it has not worked any other time. I have Windows 7 64 bit system. My internet is working fine as far as I know. I have not received any fake antivirus warnings on my computer. I do not know what a downlaod accelerator is????




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users