ADWCleaner is not a valid windows32 application; internet blocked and high CPU

Hi -

There's something bad in my XP SP3 computer. It started slowing down badly, with high CPU usage (60-70% without activity, going up to 100% with normal activity). It won't allow me to go to the internet using Firefox (I downloaded a new one) or IE.

Malwarebytes finds nothing unusual (even after running RKill which I brought over on a USB drive). I tried to open up ADWCleaner, downloaded from this site (where it says it's good for XP)but I get the error message found in the words of this topic title, and it won't open.

Farbar recovery scan tool is stuck on "Backing up registry, should take just a few seconds" for the past hour or so. [Edit: Farbar recovery scan tool is running now after reboot ...].

I just feel if I could get ADWCleaner to run (instead of receiving the error window, "ADWCleaner is not a valid Windows32 extension"), I might be in good shape.

Can anyone suggest something else please?

Thank you -

Edited by britechguy, 31 August 2017 - 07:44 PM.
Moved from BSOD to Am I Infected

Can you try booting into Windows "Safe mode" and try using Adwcleaner and Malwarebytes there? See if you can do a scan in the first place.

1. Download and run RKill https://download.bleepingcomputer.com/dl/8a353e03b53ac60455bcf67a021644cf/59a97d39/windows/security/security-utilities/r/rkill/uSeRiNiT.exe   (it has obfuscated name in case if malware tries to stop it from running)

2. Start adwcleaner, then go to tools (toolbar on the left) > options. Now, under "Reset" tab check all of the tickboxes and hit "ok".

 Then run a scan with it and click "clean all threats" when it finishes. Don't reboot yet. If you do then run RKill again. 

3. Download and run a scan with Zemana https://www.zemana.com/en-US/ThankYou/Download?source=download&ProductID=2&IsFree=False&IsPortable=True | then hit "clean" when it finishes scanning. 

4. Run a scan with malwarebytes | https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/dl/344// |, clean.

5. Download and run JRT https://download.bleepingcomputer.com/dl/52107fea0fcb611e53602b5d5edf2950/59a97cfe/windows/security/security-utilities/j/junkware-removal-tool/JRT.exe

Then reboot. After  you're done then update us whether your problem is fixed, if not then somebody will help you further. Hope this helps. 

Run RKill again

Try running MBAR https://downloads.malwarebytes.com/file/mbar/

Reboot

Then try downloading a new adwcleaner executable  https://toolslib.net/downloads/finish/1/ | and rename it to something different from its original name, then try to execute it. If it runs then scan (with checking tickboxes I've mentioned earlier) and then remove whatever it finds.

Which AV do you use ? If you don't have any at the moment then consider installing Avast (free, good protection) or Eset (paid, more features, lighter on the system) 

If this won't help then either wait for somebody from malware response team to help you or backup your important data and reinstall your OS.

You can also try scanning with Eset online scanner https://download.eset.com/com/eset/tools/online_scanner/v2/2.0.17/esetonlinescanner_sky.exe

Enable detection of potentially unwanted applications when it prompts you to, then click "advanced" and enable detection of potentially unsafe applications as well, then hit "scan" and go watch TV or something (it will take some time to finish)

If it finds something then click "remove threats" or "clean threats", then reboot and try running adwcleaner again.

Besides, did you scan with other software I've mentioned earlier ? Zemana, Malwarebytes, JRT ? If not then do it, it may help.

Edited by Daniel_Boringcliffe, 01 September 2017 - 02:20 PM.

Run RKill again

Try running MBAR https://downloads.malwarebytes.com/file/mbar/

Reboot

Then try downloading a new adwcleaner executable  https://toolslib.net/downloads/finish/1/ | and rename it to something different from its original name, then try to execute it. If it runs then scan (with checking tickboxes I've mentioned earlier) and then remove whatever it finds.

 

Which AV do you use ? If you don't have any at the moment then consider installing Avast (free, good protection) or Eset (paid, more features, lighter on the system) 

 

If this won't help then either wait for somebody from malware response team to help you or backup your important data and reinstall your OS.

 

You can also try scanning with Eset online scanner https://download.eset.com/com/eset/tools/online_scanner/v2/2.0.17/esetonlinescanner_sky.exe

 

Enable detection of potentially unwanted applications when it prompts you to, then click "advanced" and enable detection of potentially unsafe applications as well, then hit "scan" and go watch TV or something (it will take some time to finish)

 

If it finds something then click "remove threats" or "clean threats", then reboot and try running adwcleaner again.

 

Besides, did you scan with other software I've mentioned earlier ? Zemana, Malwarebytes, JRT ? If not then do it, it may help.

 

I will try what you suggest, thank you Daniel_BoringCliffe.

Sorry, I did mean to reply to your earlier question - after running RKill I ran Malwarebytes, and it found nothing. I also ran Trend Micro Security Agent, and it found nothing also.

Thank you again -

Edited by alexis11, 01 September 2017 - 04:49 PM.

...I tried to open up ADWCleaner, downloaded from this site (where it says it's good for XP)but I get the error message found in the words of this topic title, and it won't open...

Compatible with Windows 7, 8, 8.1, 10 in 32 & 64 bits

Yes, try an older version. Besides that, did any of the tools I've mentioned earlier find something ? If not then there exists a possibility that your system is broken in some other way than running some kind of a malware.

To verify that there are no malware processes present you can download process explorer https://download.sysinternals.com/files/ProcessExplorer.zip |, enable VirusTotal uploading under options > virustotal.com > check virustotal.com  and see if any of the processes are detected ( a number larger than 0 ). 

http://prntscr.com/gg4kix - like this.

If it is a malware then I think that it is a rootkit of some sorts. If MBAR haven't found it then it is either new or very sophisticated, in which case you can wait for somebody from malware response team to help you, or non existing.

Are you sure that you still can't run Farbar ? Besides that, which process uses high CPU usage and what is wrong with Firefox? Can it start but does not connect to the internet or does it not start in the first place ? Does it display some kind of an error message ? 

Edited by Daniel_Boringcliffe, 02 September 2017 - 04:10 AM.

...I found the page with older versions of ADWCleaner, https://toolslib.net/downloads/viewdownload/1-adwcleaner/history/ .

Did you think the best thing for me to do is just keep trying successively older versions tool I find one that opens in XP?

Or is it better to use another tool instead...

 

...I found the page with older versions of ADWCleaner, https://toolslib.net/downloads/viewdownload/1-adwcleaner/history/ .

Did you think the best thing for me to do is just keep trying successively older versions tool I find one that opens in XP?

Or is it better to use another tool instead...

I do not recommemd using older outdated versions of security software unless there are no other alternatives. In this case you can use Zemana AntiMalware free, Malwarebytes 3.0 free or RogueKiller Anti-malware free...all of which supports Windows XP and targets potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware just like AdwCleaner.

 

 

Thank you Quietman7 and Daniel_Boringcliffe.

 

I have run Malwarebytes 3.0 free after running RKill, and it came up with zero problems. Thanks for explaining that Malwarebytes is functionally similar to AdwCleaner.

 

At this point the questions running through my mind are:

 

1. If Malwarebytes 3.0 free has turned up nothing, should the next step be trying the other ones in case they find something Malwarebytes didn't (Zemana AntiMalware free, RogueKiller Anti-malware free)? Or is that likely to be unproductive if Malwarebytes 3.0 free didn't find anything after running RKill?

 

2. Is there still a role for Mbar by Malwarebytes (or did RKill perform a similar function)?

 

Thanks for you guys' help so far, and for any further suggestions.

(I don't see how to edit my previous post, sorry)

I wanted to add:

Daniel_Boringcliffe, I was wondering where in the process you thought it was correct to run  https://download.sysinternals.com/files/ProcessExplorer.zip  as from your previous post? (Right after MBar?). (PS: Your pic/printscreen was blank on my computer, I'll check on another computer later today - thank you for making that!).

Other answers to your questions, Daniel_Boringcliffe:

1) I will check Farbar again later today.

2) I will post what the highest CPU processes are later today as well.

3) Both Firefox and IE have the same response when I double click on them: absolutely nothing happens on the screen. This is a more recent event than the other problems, because at one point Firefox was functional (but very slow), and I downloaded a new version from Mozilla to see if that would help with the slowness, intermittent BSODs, and high CPU. At some time after that, trying to open it became unsuccessful entirely.

Thank you!

 

 

1. If Malwarebytes 3.0 free has turned up nothing, should the next step be trying the other ones in case they find something Malwarebytes didn't (Zemana AntiMalware free, RogueKiller Anti-malware free)? Or is that likely to be unproductive if Malwarebytes 3.0 free didn't find anything after running RKill?

No. They can potentially find something that Malwarebytes missed. 

 

 

Daniel_Boringcliffe, I was wondering where in the process you thought it was correct to run  https://download.sysinternals.com/files/ProcessExplorer.zip  as from your previous post? 

Elaborate, please.

RKill is a specialized tool created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer primarily designed to terminate suspicious processes (not specific malware) and reset various registry configuration settings that prevent anti-malware and anti-virus tools from running. When RKill is able to terminate malicious processes and reset certain registry keys, that action usually allows other tools to perform scans and clean up routines to remove the infection. Some of these settings include incorrect EXE, .COM, & .BAT file associations in the Windows Registry if changed by malware or a legit program.

Since RKill is not designed to be a comprehensive malware removal tool, using it is not required in all situations. If you cannot run other security tools, a scan with Malwarebytes 3.0 or similar tool should be completed immediately after running RKill. If you are able to run other security tools without them terminating, there is no need to run RKill. However, if RKill is run separately without or after other security tools, it's log can provide useful information to help diagnose the presence of malware or report other issues as the developer added some basic enumeration to the tool for various infections.