Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection unable to launch anything including anti virus software


  • Please log in to reply
12 replies to this topic

#1 Inept

Inept

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 18 July 2010 - 06:05 PM

Ok so as my username should lead you to believe I am completely inept with computers, which is not to say I don't use them a lot. I'm not one of the elderly I'm just not very good at the super technical and currently this forum is my last option.

So a brief overview of both my problem and my computer.

I run Windows XP SP3 on a boot camp equipped Imac and aside from the occasional brush in with malware etc I'm really quite happy with this set up.

This is not my first infection, previously I had a similar run in with the whole fraudulent program pop up spam classical (from my perspective) malware. A quick call to India and a new friend named Kumar was all this required. Kumar ended up using screen share to download a trial version of AVG anti virus and after a long scan and a few laughs at the results my problem was solved.

I was ecstatic and gave this guy every sort of recommendation to his superiors possible. I actually stayed on hold for hours just to sing his praises.

Now about a year or so after that Iím told my hard drive gave out and my only existing back up was ages old so after a lot of rebuilding here I am just finally settling into the same position I was before the hard drive being destroyed. Procrastination and some errors during the backup process that confound me to no end have prevented me from a more recent back up being made.
In short If I canít remedy this now Iím screwed.

So what sets this malware so apart from my last run in is that it blocks me from launching any applications. I use safari so I still have been able to get onto the internet because it seems to be auto launched by AIM, not sure if thatís the only way itíll work, but thatís all Iíve tried, but for everything else I get a bogus security window pop up and the characteristic BUMP sound of an windows error. This is of course including my antivirus software like Windows Defender and Malwarebytes. Recently on launch I see the window for a fraction of a second, but just like before it will almost immediately be blocked out by the infection.

Iíve been scrolling, searching, and reading these fine forums religiously and Iím still in the dark. Iím a little afraid to start my computer up again because on closing it will pause and do the whole ďwindows is installing updatesĒ thing at which time I cut the power from my surge protector fearing this is a manifestation of the malware itís self. I will however be willing to start once again and write down the malwareís exact name as well as the pop window security alert thing that stops me from launching programs if this is required.

That about sums up my situation I canít afford any thing else so I hope one of you can help me out.

-Inept

BC AdBot (Login to Remove)

 


#2 Inept

Inept
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 19 July 2010 - 12:01 AM

Bump

Sorry, but I really need a reply. Help please.

#3 Inept

Inept
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 19 July 2010 - 10:38 AM

Brief update
My internet is indeed blocked by the malware. It's abundantly clear because the warning says internet explorer when infact I'm using safari.
The specific message is Security Warning Application cannot be executed. The file (In my case) msacui.exe is infected. Do you want to activate your antivirus software now?

And the Infection it's self is Antimalware Doctor
My personal situation seems to match this website.

http://www.2-spyware.com/remove-applicatio...ty-warning.html

Looks like I'll be trying to use a flash drive to get the selected download onto my comp.

#4 gwilson25

gwilson25

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St. Louis
  • Local time:08:04 AM

Posted 19 July 2010 - 12:08 PM

Have you tried shutting down your computer and then starting your computer up in safe mode with networking? This would allow you to use the internet to download Malwarebytes Anti-Malware and other programs like that.

#5 Inept

Inept
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 19 July 2010 - 08:57 PM

I have tried safe mode, but received some problems in loading my drivers through that method. After a lengthy phone call with India, it would appear the malware is reproducing it's self, as we deleted, restarted four separate times with only a slight variation in the window popping up.

I have restored my ability to run applications, and we know what the files of the virus are, but no delete seems to stick. The last thing I was told was that his engineer was going to have to research it and we'd try again tomorrow.

#6 gwilson25

gwilson25

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St. Louis
  • Local time:08:04 AM

Posted 20 July 2010 - 01:25 PM

Are you still unable to use the Internet? If are you able to use it, have you tried downloading Malwarebytes Anti-Malware? MBAM has worked wonders for my computer when it's been in trouble. If you are able to download it, make sure you check for updates on the program as well. When I updated the program, it found nearly three times as many infected files. Have tried using this removal guide? I downloaded the rkill.com program onto my computer, ran it, and was able to use any scan I wanted to use. It helped a lot in getting my computer into better condition. Hope this helped a little! Good luck with all endeavors to fix your computer!

#7 Inept

Inept
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 20 July 2010 - 06:11 PM

It looks like it may be too late for that gwilson25. After another day of trying to beat this thing, I was able to connect to the internet by removing the proxy servers etc, but not able to fully stop the choke hold the virus has on certain links, namely those that window tech support would have used to screen share. After another attempt of safe mode and a resulting apology screen my computer is now in an infinite loop, regardless of what I do. It just restarts, apologizes try's to boot normally and then receives a blue screen for a splint second, before repeating once again. We then tried to do a repair installation, which eventually froze, but on trying again it completely block me out from selecting the disk. After going between three different departments they dropped me. The technician apologized profusely, but said I would need to contact macintosh if I wanted to countinue trying. This is almost certainly because at this point it was clear I was using a mac.

So to sum it all up I just lost everything on my computer for the second time. The idea that some one would willingly make such a pointless thing as a virus just to try and trick old women into buying a fake antivirus program is beyond me. After two days on hold with tech support there's nothing they can do to save the computer, as it has literally taken over and corrupted the operating system. Would have been good to know before wasting 8 hours of my life, but I digress. Sure I'm angry, infact that doesn't even begin to cover it, I'm bleeping pissed off, but to be honest I pity who ever spent the better part of their life making things like this virus. Hope you enjoy burning in hell whoever you are.

#8 gwilson25

gwilson25

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St. Louis
  • Local time:08:04 AM

Posted 20 July 2010 - 08:41 PM

I'm sorry to hear that, Inept. I was just talking to my dad earlier about people who find it perversely entertaining to create viruses. I'll just say we completely agree with you. I hope a new computer/laptop doesn't set you too far back. Perhaps it would be a good idea to prepare your new machine with anti-spyware/malware/virus programs as soon as you have it hooked up; I know I'll be doing so everytime I get a new computer.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:04 AM

Posted 20 July 2010 - 09:06 PM

Hello are we too late to try this
Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Inept

Inept
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 22 July 2010 - 03:11 PM

Thanks for your reply boopme, but the virus blocks any attempt at using safe mode. I just had a highly skilled independent technician look at it and he confirmed that the bug was indeed preventing windows from booting in any form. There is some good news I suppose in that we are able to copy and backup data from the windows side of the partition simply by booting to the Mac operating system, selecting the windows drive and making a ďditch bagĒ of sorts. Itís not the ideal conclusion, but after all this, finishing second is at least some consolation.

I do however have a further question that will be necessary to finish backing up my data. I currently have a windows formatted very large fire wire external hard drive which is of course read only on the Macintosh side. The technician advised I purchase a cheap 62 dollar hard drive formatted for FAT-32 in order to insure I could both remove the data using the Mac side and then eventually deposit it back onto a windows operating system. After doing some research Iíve found that it is possible to convert a hard drive back to FAT-32. Does any one have any advice for converting a windows formatted hard drive for FAT-32 on a Macintosh operating system?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:04 AM

Posted 22 July 2010 - 03:45 PM

Hello, well at least you will be cleared of the junk.

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.

I would ask your question in the XP forum up top. You will get a quick and proper answer. That's not my area of expertise.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Donmecca

Donmecca

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 22 July 2010 - 05:40 PM

This may sound dumb, but have you tried renaming the .exe files for any of your malware or viruscheck programs? I had something a while ago that wouldn't let me run anything until I renamed the files.

#13 Inept

Inept
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 22 July 2010 - 07:27 PM

This may sound dumb, but have you tried renaming the .exe files for any of your malware or viruscheck programs? I had something a while ago that wouldn't let me run anything until I renamed the files.

Waaaaaay past that my friend. Sorry your a little late to the party.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users