Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cannot run DDS or GMER

  • This topic is locked This topic is locked
1 reply to this topic

#1 miwitte


  • Members
  • 23 posts
  • Local time:05:33 PM

Posted 06 July 2011 - 08:36 PM

First before anyone tells me to try to run these tools I have tried. I have posted here a week ago and no one responded. If you guys cant help then please post that and I will reformat the machine and re-install.

I thought someone might be interested this is a very unique issue that I cant find a way to run the tools. The issue is that if you run gmer.exe or rkill.exe or any other .exe it gives you a "program too big to fit into memory error" in the command prompt. Trying to run DDS.scr or anything .scr gives you "this is not a valid win32 application" A .com etension and a.bat extension gives the same "not a valid win32 application"

I tried to run HijackIt.msi, or any .msi I get a XP software restriction error. Basically I cannot run anything.

I tried to run ESET online scanner and it became re-infected rather quickly even while ESET was running.

Finally I tried running avira rescue cd to no avail. Apparently they have changed all file associations and permission etc. I looked at the local security policy and I dont see any software restrictions.

I was able to get malewarebytes to run in safe mode, and it appears to have removed the XP antivirus 2012 as I can work with it. But connecting it up to the internet it gets re-infected.

Right now I have it in a DMZ hanging off my ASA so it wont affect anything else, but I cant hook it up to the internet it will just get infected again. One process i saw come up was yki.exe and then the XP antivirus 2012 stuff would pop up. Looks like there might be a Apache server configured as well.

BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:07:33 AM

Posted 07 July 2011 - 04:42 PM

Your other topic is here: http://www.bleepingcomputer.com/forums/topic406443.html

Please be patient. There are nearly 400 unanswered topics in this forum at present and the current average wait time to receive help is 14 days.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users