Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue virus removed, but lingering effects, can't install run exe files.


  • Please log in to reply
10 replies to this topic

#1 Freekill111

Freekill111

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 16 December 2011 - 06:46 PM

Hey,

I did the walk through for removing the rogue virus (windows 2012 virus). The shield icon and the virus it self seem to be gone, but I still have a major problem. Exe programs no longer work. For example, I place Starcraft 2 into the disc tray (its not installed), and I can't get past the auto run window. Task manager says that the blizzard installer is running, but then it closes. I tried reinstalling Battlefield 3 and the same thing takes place, it won't execute the install. Also, most of my documents and a few programs (such as AVG) are missing as well.

I was having the same problem with trying to run directx, but one of the registry tools in the virus removal guide fixed it.

All of my system restore points have vanished, I've also tried a factory restore (no disc), but can't seem to find the required F-key during startup.

Thanks for any help you can give me. Let me know what information I can give you to help me solve this.

Windows 7 home premium, i3-550.

Edit: Unhide replaced all of my missing documents. But files are still not running.

I'm trying to run xp_exe_fix.Reg, but it's not working. "Not all data was successfully to the registry. Some keys are open by the system or other process". Maybe its a XP only file (not working with windows 7).

I've tried two free registry "fixers", still can't open .exe files.

Edited by Freekill111, 16 December 2011 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 16 December 2011 - 09:06 PM

Hello,Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Let's also do another malware scan..

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Freekill111

Freekill111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 16 December 2011 - 09:19 PM

exeHelper by Raktor
Build 20100414
Run at 20:17:10 on 12/24/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

-----------------------

Problem still persist. I can see the program try to start in the task manager. For instance, it will say "battlefield 3" for about 5 seconds then close.

ESET is running, I will post the results as you suggested shortly.

Edited by Freekill111, 16 December 2011 - 09:22 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 16 December 2011 - 09:34 PM

It may still be malware ,,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Freekill111

Freekill111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 December 2011 - 02:25 PM

Hey,

I ran the anti virus twice last night, both times it froze up around 80% with 0 infections showing :(.

This morning I got a error log when I tried to open a exe file. Does this help? Please help I'm home for Christmas with nothing to do and really wish I could be gaming, plus I have a mini semester that requires online work!



PLATFORM VERSION INFO
Windows : 6.1.7600.0 (Win32NT)
Common Language Runtime : 4.0.30319.239
System.Deployment.dll : 4.0.30319.1 (RTMRel.030319-0100)
clr.dll : 4.0.30319.239 (RTMGDR.030319-2300)
dfdll.dll : 4.0.30319.1 (RTMRel.030319-0100)
dfshim.dll : 4.0.31106.0 (Main.031106-0000)

SOURCES
Deployment url : file:///C:/Users/Shank/AppData/Roaming/Microsoft/Windows/Start%20Menu/Programs/Startup/CurseClientStartup.ccip

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of C:\Users\Shank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip resulted in exception. Following failure messages were detected:
+ Exception reading manifest from http://clientupdate.curse.com/CurseClient.application: the manifest may not be valid or the file could not be opened.
+ The 'link' start tag on line 1 position 365 does not match the end tag of 'head'. Line 1, position 432.

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [12/25/2011 1:16:21 PM] : Activation of C:\Users\Shank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip has started.

ERROR DETAILS
Following errors were detected during this operation.
* [12/25/2011 1:16:28 PM] System.Deployment.Application.InvalidDeploymentException (ManifestParse)
- Exception reading manifest from http://clientupdate.curse.com/CurseClient.application: the manifest may not be valid or the file could not be opened.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirect(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifest(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.ProcessOrFollowExtension(Uri associatedFile, String textualSubId, String deploymentProviderUrlFromExtension, String& errorPageUrl, TempFile& deployFile)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Xml.XmlException
- The 'link' start tag on line 1 position 365 does not match the end tag of 'head'. Line 1, position 432.
- Source: System.Xml
- Stack trace:
at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args)
at System.Xml.XmlTextReaderImpl.ThrowTagMismatch(NodeData startTag)
at System.Xml.XmlTextReaderImpl.ParseEndElement()
at System.Xml.XmlTextReaderImpl.ParseElementContent()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
at System.Xml.XmlCharCheckingReader.Read()
at System.Xml.XsdValidatingReader.Read()
at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 17 December 2011 - 08:59 PM

Why is the clock on yor computer at Dec.25,2011?? Can you set it properly and try the scans or any exe file again.
How to Change Date and Time in Windows 7
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Freekill111

Freekill111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 December 2011 - 10:26 PM

I read that the virus will stop attacking after a week. I was getting desperate.

Still showing no virus on multiple scanners, and exe. files are still not working.

Any other ideas? Is there any way to do a factory restore without a CD?

Edited by boopme, 17 December 2011 - 10:36 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 17 December 2011 - 10:49 PM

Did you reset the clock and see if the ece files work.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Freekill111

Freekill111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 December 2011 - 11:49 PM

Yeah I reset the clocks. Exe. files show under process in the task manager for like 5 seconds then they close.

Yeah I reset the clocks. Exe. files show under process in the task manager for like 5 seconds then they close.

#10 Freekill111

Freekill111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 December 2011 - 11:55 PM

Is there any way I can do a factory system restore or find additional restore points? The only restore point showing is after the virus.

I think this is a loss cause, I've spent about 10 hours over the last three days trying to figure this out.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 18 December 2011 - 12:08 AM

I don't think so, but you can ask in the Win forum.

We can also try Avira AntiVir Rescue System

Please download the Avira AntiVir Rescue System .

Place a blank CD in your burner and double-click on the rescue system package (rescuecd.exe) to burn it to a CD/DVD which you can then use to boot your computer and run a scan. For detailed instructions, refer to the Tutorial for Avira Rescue CD. If you encounter problems running Avira AntiVir Rescue System, you can get further assistance at the Avira Tools Support Forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users