Posted 06 July 2011 - 08:36 PM
First before anyone tells me to try to run these tools I have tried. I have posted here a week ago and no one responded. If you guys cant help then please post that and I will reformat the machine and re-install.
I thought someone might be interested this is a very unique issue that I cant find a way to run the tools. The issue is that if you run gmer.exe or rkill.exe or any other .exe it gives you a "program too big to fit into memory error" in the command prompt. Trying to run DDS.scr or anything .scr gives you "this is not a valid win32 application" A .com etension and a.bat extension gives the same "not a valid win32 application"
I tried to run HijackIt.msi, or any .msi I get a XP software restriction error. Basically I cannot run anything.
I tried to run ESET online scanner and it became re-infected rather quickly even while ESET was running.
Finally I tried running avira rescue cd to no avail. Apparently they have changed all file associations and permission etc. I looked at the local security policy and I dont see any software restrictions.
I was able to get malewarebytes to run in safe mode, and it appears to have removed the XP antivirus 2012 as I can work with it. But connecting it up to the internet it gets re-infected.
Right now I have it in a DMZ hanging off my ASA so it wont affect anything else, but I cant hook it up to the internet it will just get infected again. One process i saw come up was yki.exe and then the XP antivirus 2012 stuff would pop up. Looks like there might be a Apache server configured as well.