Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

exicutables won't open


  • This topic is locked This topic is locked
21 replies to this topic

#1 Joetech

Joetech

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 05 March 2011 - 12:09 PM

I saw it starting to download. I think it was Antispyware 2011, My firewall (sygate)caught it and stopped it. now my Aviva spyware won't operate, Sygate won't open, Add and Remove won't open. My regscubxp won't open. I also have a regscrub on a flash drive and it won't open. In fact absolutely no .exe file will open off the desk top or from 'programs' I get the popup "Open With" wizard. I was able to open Firefox but non of the reg cleaners or Malwares are listed. I tried to re-download Malwarebyte and Superantispyware I get them to download but they won't execute. I searched this sight but didn't find the a similar problem or maybe I am not searching for the right thing. I can't find a 'new' program.
Please help. I got a browser hijacker last year that was a major problem to remove but someone hear was a great help.

Edited by hamluis, 05 March 2011 - 12:54 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Joetech

Joetech
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 05 March 2011 - 12:30 PM

Update: I went through the control panel. with all, except the following I get the message "C:\windows|system32|rundle32.exe not found". The only items in the Control panel that work are:
taskbar, Prints and faxes, Adm Tools, Fonts, Folder options, Netwrok Connection, Scanners and Cameras, Schd Tasks,

#3 joseibarra

joseibarra

  • Members
  • 1,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:11:01 AM

Posted 05 March 2011 - 12:32 PM

It sounds like your Windows file associations have come undone. This means that XP no longer knows what to do with files by looking at the file extension (like .exe for executables, .doc for MS documents, etc.).

If you did not do it yourself, something did it for you - most likely malicious software.

Go to this WWW site by Doug Knox:

http://www.dougknox.com/

On the left, click the Win XP Fixes, File Association Fixes, and read the directions at the top of the page.

Download the EXE File Association Fix to your desktop, unzip the file and apply it using the instructions from the top of the page, then reboot.

Run the following scans for malicious software and then fix any remaining issues:

Download, install, update and do a full scan with these free malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

If you still think your system is infected, you need to post in the Am I Infected forums (for concentrated help :wink:)

Edited by joseibarra, 05 March 2011 - 12:34 PM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#4 Joetech

Joetech
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 05 March 2011 - 08:18 PM

I tried to download and did as you said but it won't open the files. I get that same 'open with' wizard and them it jsut stops. At first it couldn't find the zip central and told me to download a new one. I did but now it it says it is not a zipped file and it isn't. When I try to open Doug's fixes, the exe one, it won't open because it is and exe. So it is a catch 22. I can't fix the exe files connection because the fix is an exe. Now what? Thanks for any help you can give me. I ran, in safe mode Superantispyware, a full scan. All I got was a bunch of cookies. Still the same problem.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 06 March 2011 - 12:26 PM

Hello Joetech,

Does SuperAntispyware in safe mode still run? Do you have Malwarebytes Antimalware installed (or did you manage to install it as instructed above)?

As for the DougKnox fixes, while they are usually reliable, I do not recommend to run any registry fix, manual or automated, without first making a backup. In case something goes wrong, you always can restore then. You can use for example Erunt.

BACKUP THE REGISTRY
---------------------------
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe


Likewise I do not recommend the usage of any registry cleaner. In best case they do not improve anything, in worst case they can do a lot of damage, in other words, its not worth the risk.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Joetech

Joetech
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 08 March 2011 - 08:47 PM

Yes I ran Superantispyware and Malwarebyte in safemode. Neither found any infections. I think I managed to stop the download of this junk in time but not fast enough to stop it from screwing up the .exe files. I haven't done the Dougknox.com exe fix yet. When I went to open his file it asked me to make 6 boot disks in the A: drive (yes I still have a 3.5 floppy drive as a JIC) I need to find some disks now around here somewhere. I hope the drive still works. Haven't used it for years. Can I make it burn a CD bootdisk?

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 09 March 2011 - 02:28 AM

If you can still open MBAM and SAS in safe mode, it means most likely that not the exe file extension is broken, but something else.

However, for the exe file fix from dougknox, you don't need to create xp floppies. Can you please link me to the fix you downloaded?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Joetech

Joetech
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 10 March 2011 - 10:35 PM

Don't know what I downloaded but I did it again and it wasn't the same as I thought. So I'll try again tomorrow. However, it worries me that you think this will not correct the problem. If I run this file from Doug will it do anything harmful? If this isn't the problem then what is it or what can I do test to find it?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 11 March 2011 - 04:53 AM

If you are not sure, just link me to the one you downloaded now. As long as you back up your registry first, we can always restore the registry.
However, if the problem is not corrected with the fix, it just overwrites the existing data with exactly the same data.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Joetech

Joetech
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 12 March 2011 - 11:57 AM

Ignore my reply of 08 March 2011. I found and ran Dougknox exe fix after backing up my registry with erdnt. None of my desktop icons work and pops up a "open with" wizard. So I have to browse for the proper program. With my Aviva antivirus this is a problem because there are about 6 different .exe files. With Firefox, my default browser, it asks me every time if I want to save the file and when I say yes it goes to 'download'. Its not saving anything. Again when I go to the control panel I can't open it. I get "application not found "C:\windows\system32\rundl32.exe" I was going to remove my aviva and just reload it but: A) I can't remove the old one and B) the exe of the new download won't open and I get the open with wizard again.
I a word: I am still at square one.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 12 March 2011 - 12:31 PM

Don't worry, since you made a backup, we can use that to restore things. What version of Windows is this?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Joetech

Joetech
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 12 March 2011 - 02:51 PM

this is XP sp3. This problem seems to be the same as one posted by JH&A. Should I try the same remedies?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 12 March 2011 - 03:18 PM

To clarify, did things get worse than before the DougKnox fix? If so, we will first restore the registry backup, to make things a bit more workable.
If not, we'll look at some more detailed scans to see what exactly the problem is.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Joetech

Joetech
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 13 March 2011 - 08:14 PM

Nothing changed. Before and after the the Dougknox file run. It did nothing. Also note that I do have a recovery option. I think that's what its called. When I first turn on the computer it delays for a second and goes to the XP and boots. I first tried to do the recovery thing but it wanted to know what to load. I tried a few dates but it didn't like any of those.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 14 March 2011 - 05:05 AM

In that case, lets do some more detailed scanning. I'll move this topic to a more appropriate forum.

You can download files on a clean computer and transfer them to your problem-computer, but in order to make sure possible autorun malware does not spread, please use Flash Disinfector to protect your clean computer.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


OTL
-----
Please right click the following link and select "save file/target as...". Save the file to your flashdrive as otl.com:
  • Put the flashdrive in your sick computer.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users