Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Antivirus 2012. Malewarebytes removed, still gets re-infected. Cannot run DDS or GMER


  • Please log in to reply
5 replies to this topic

#1 miwitte

miwitte

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 July 2011 - 01:20 PM

I was able to get malewarebytes to run in safe mode, and it appears to have removed the XP antivirus 2012 as I can work with it. If i try to run rkill or GMER I get a "program too big to fit in memory" on the cmd prompt and it closes. If I use the .com or .scr, i get "this application is not a valid win32 application". I tried to run HijackIt.msi, or any .msi I get a XP software restriction error. Basically I cannot run anything. I tried to run ESET online scanner and it became re-infected rather quickly even while ESET was running. Finally I tried running avira rescue cd to no avail. Apparently they have changed all file associations and permission etc. I looked at the local security policy and I dont see any software restrictions.

Right now I have it in a DMZ hanging off my ASA so it wont affect anythign else, but I cant hook it up to the internet it will just get infected again. One process i saw come up was yki.exe and then the XP 2012 stuff would pop up. Looks like there might be a Apache server configured as well.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:12 AM

Posted 02 July 2011 - 07:03 PM

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 miwitte

miwitte
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 July 2011 - 07:59 PM

Problem is that I cannot run any of the tools. I cannot run a .exe, a ,scr, a ,com a .msi pretty crazy..

I am about to just wipe it its not mine and I have way too much time invested and they really dont have too many computers. I wanted someone to look as this is one that has locked everything down.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:12 AM

Posted 02 July 2011 - 08:11 PM

Let's try something....
See, if this will fix your file association issue....

Download and run exeHelper.

  • Please download exeHelper from Raktor to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named log.txt will be created in the directory where you ran exeHelper.com
  • Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 miwitte

miwitte
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 05 July 2011 - 12:16 PM

so it says not a valid win32 application. Tried renaming it to .scr or .bat same thing. if renamed to .exe it will give me a "program too big to fit in memory" error in the cmd prompt that pops up..

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:12 AM

Posted 05 July 2011 - 03:04 PM

You'll have to follow my reply #2, create new post in malware removal forum and simply state your issue.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users