Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Office2010 and Acrobat


  • Please log in to reply
1 reply to this topic

#1 hopsten

hopsten

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 November 2010 - 04:21 PM

Hello,
I'm having trouble with Office 2010 Pro and Acrobat. Presumably the reason is a virus. Can someone please help me or give a hint what to do?


After uninstall Office 2010 Beta and install Office 2010 pro the Adobe Acrobat 9.0 did not work.

I deinstalled acrobat and tried to install, but
then allways the installtion breaks with error report:
"Zugriff auf die Netzwerkadresse \Startup war nicht möglich"
Iff I try once more there is also shown the error no. 1606.

Test with with
ccleaner, no success
kv16, no success


Scan with AVG

"E:\Programmsammlung\downloads_torrent\Microsoft Office 2010 Enterprise Corporate Serial Activation Updateable.rar:\Microsoft Office 2010 Enterprise Corporate Edition (No Serial or Activation Needed; Fully Updateable)\SetupFinal.EXE";"Trojaner: Crypt.OOS.dropper";"Infiziert"
"E:\Programmsammlung\downloads_torrent\Microsoft Office 2010 Enterprise Corporate Serial Activation Updateable.rar";"Trojaner: Crypt.OOS.dropper";"Infiziert"
"C:\System Volume Information\_restore{48068B52-0717-49FA-9F28-CFC7AD320323}\RP558\A0471355.exe";"Trojaner: FakeAV.FID";"In Virenquarantäne verschoben"
"C:\System Volume Information\_restore{48068B52-0717-49FA-9F28-CFC7AD320323}\RP558\A0471354.exe";"Trojaner: FakeAV.FID";"In Virenquarantäne verschoben"
"C:\System Volume Information\_restore{48068B52-0717-49FA-9F28-CFC7AD320323}\RP558\A0471352.exe";"Trojaner: IRC/BackDoor.SdBot4.PEL";"In Virenquarantäne verschoben"
"C:\System Volume Information\_restore{48068B52-0717-49FA-9F28-CFC7AD320323}\RP558\A0471356.exe";"Runtime-komprimiertes Objekt: fsg";""
"C:\System Volume Information\_restore{48068B52-0717-49FA-9F28-CFC7AD320323}\RP558\A0471353.exe";"Runtime-komprimiertes Objekt: fsg";""


Scan with MalwareBytes

The Report:
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 195660
Laufzeit: 13 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\RECYCLER\S-1-5-21-2025429265-117609710-839522115-1003\Dc1.exe (Trojan.Downloader)
-> Quarantined and deleted successfully.


Then once more without success:
ccleaner
kv16
Total Uninstall
Revo Uninstaller
WinMaximizer
http://support.microsoft.com/kb/310747/de
http://support.microsoft.com/kb/886549 (microsoft fixit)




Registry:
To elimate Error 1606 on installing Acrobat I tried as shown
http://kb2.adobe.com/cps/402/kb402867.html
Sulution No. 2: Backup and delete Microsoft Office registry key.


But it is not possible to delete the complete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office complete.

Allways Office / Common / Smart Tag / Actions / {B7EFF951-E52F-45CC-9EF7-57124F2177CC} /
with ab Standard REG_SZ nothing
and ab Solution REG_SZ {15727DE6-F92D-4E46-ACB4-0E2C58B31A18}
can not deletet.

Before trying to delte Office there are under Actions also
{16A933D2-A296-49D5-96FC-C7C2DAEE88B4}
with ab Standard REG_SZ nothing
and ab filename REG_SZ C:\PROGRA~1\GEMEIN~1\MICROS~2\SMARTT~1\LISTS\BASMLA.XSL
and
{3CC385AC-95CC-4A75-BF35-AB36AE645BCF}
with ab Standard REG_SZ nothing
Test with Combofix was good, but installing acrobat still not possible.

What can I do more?
Please give me some help.

With many kindly regards
hopsten

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 PM

Posted 09 November 2010 - 09:34 PM

Hello, I am moving this from Intro's to the Am I Infected forum.

Please run another scan
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users