Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ADWCleaner is not a valid windows32 application; internet blocked and high CPU


  • This topic is locked This topic is locked
22 replies to this topic

#1 alexis11

alexis11

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 31 August 2017 - 04:31 PM

Hi -

 

There's something bad in my XP SP3 computer. It started slowing down badly, with high CPU usage (60-70% without activity, going up to 100% with normal activity). It won't allow me to go to the internet using Firefox (I downloaded a new one) or IE.

 

Malwarebytes finds nothing unusual (even after running RKill which I brought over on a USB drive). I tried to open up ADWCleaner, downloaded from this site (where it says it's good for XP)but I get the error message found in the words of this topic title, and it won't open.

 

Farbar recovery scan tool is stuck on "Backing up registry, should take just a few seconds" for the past hour or so. [Edit: Farbar recovery scan tool is running now after reboot ...].

 

I just feel if I could get ADWCleaner to run (instead of receiving the error window, "ADWCleaner is not a valid Windows32 extension"), I might be in good shape.

 

Can anyone suggest something else please?

 

Thank you -


Edited by britechguy, 31 August 2017 - 07:44 PM.
Moved from BSOD to Am I Infected


BC AdBot (Login to Remove)

 


#2 JoshRoss

JoshRoss

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:03:15 PM

Posted 01 September 2017 - 07:59 AM

Can you try booting into Windows "Safe mode" and try using Adwcleaner and Malwarebytes there? See if you can do a scan in the first place.



#3 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:11:15 PM

Posted 01 September 2017 - 11:00 AM

1. Download and run RKill https://download.bleepingcomputer.com/dl/8a353e03b53ac60455bcf67a021644cf/59a97d39/windows/security/security-utilities/r/rkill/uSeRiNiT.exe   (it has obfuscated name in case if malware tries to stop it from running)

 

2. Start adwcleaner, then go to tools (toolbar on the left) > options. Now, under "Reset" tab check all of the tickboxes and hit "ok".

 

 Then run a scan with it and click "clean all threats" when it finishes. Don't reboot yet. If you do then run RKill again. 

 

3. Download and run a scan with Zemana https://www.zemana.com/en-US/ThankYou/Download?source=download&ProductID=2&IsFree=False&IsPortable=True | then hit "clean" when it finishes scanning. 

 

4. Run a scan with malwarebytes | https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/dl/344// |, clean.

 

5. Download and run JRT https://download.bleepingcomputer.com/dl/52107fea0fcb611e53602b5d5edf2950/59a97cfe/windows/security/security-utilities/j/junkware-removal-tool/JRT.exe

 

Then reboot. After  you're done then update us whether your problem is fixed, if not then somebody will help you further. Hope this helps. 



#4 alexis11

alexis11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 01 September 2017 - 12:24 PM

Thanks guys.

JoshRoss: Safe Mode sign in is blocked apparently. The password that I use to sign in in "non-safe mode" is rejected.

Daniel_Boringcliffe: I can't perform your step #2: I get a message window "ADWCleaner is not a valid Windows32 application", and it won't run.

Any other ideas anyone please?

#5 alexis11

alexis11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 01 September 2017 - 12:27 PM

I should add, because I forgot to mention it in my original post: Along with slowing down and high CPU usage, one off the early signs of a problem was recurrent BSOD issues.

#6 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:11:15 PM

Posted 01 September 2017 - 02:05 PM

Run RKill again

Try running MBAR https://downloads.malwarebytes.com/file/mbar/

Reboot

Then try downloading a new adwcleaner executable  https://toolslib.net/downloads/finish/1/ | and rename it to something different from its original name, then try to execute it. If it runs then scan (with checking tickboxes I've mentioned earlier) and then remove whatever it finds.

 

Which AV do you use ? If you don't have any at the moment then consider installing Avast (free, good protection) or Eset (paid, more features, lighter on the system) 

 

If this won't help then either wait for somebody from malware response team to help you or backup your important data and reinstall your OS.

 

You can also try scanning with Eset online scanner https://download.eset.com/com/eset/tools/online_scanner/v2/2.0.17/esetonlinescanner_sky.exe

 

Enable detection of potentially unwanted applications when it prompts you to, then click "advanced" and enable detection of potentially unsafe applications as well, then hit "scan" and go watch TV or something (it will take some time to finish)

 

If it finds something then click "remove threats" or "clean threats", then reboot and try running adwcleaner again.

 

Besides, did you scan with other software I've mentioned earlier ? Zemana, Malwarebytes, JRT ? If not then do it, it may help.


Edited by Daniel_Boringcliffe, 01 September 2017 - 02:20 PM.


#7 alexis11

alexis11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 01 September 2017 - 04:25 PM

Run RKill again

Try running MBAR https://downloads.malwarebytes.com/file/mbar/

Reboot

Then try downloading a new adwcleaner executable  https://toolslib.net/downloads/finish/1/ | and rename it to something different from its original name, then try to execute it. If it runs then scan (with checking tickboxes I've mentioned earlier) and then remove whatever it finds.

 

Which AV do you use ? If you don't have any at the moment then consider installing Avast (free, good protection) or Eset (paid, more features, lighter on the system) 

 

If this won't help then either wait for somebody from malware response team to help you or backup your important data and reinstall your OS.

 

You can also try scanning with Eset online scanner https://download.eset.com/com/eset/tools/online_scanner/v2/2.0.17/esetonlinescanner_sky.exe

 

Enable detection of potentially unwanted applications when it prompts you to, then click "advanced" and enable detection of potentially unsafe applications as well, then hit "scan" and go watch TV or something (it will take some time to finish)

 

If it finds something then click "remove threats" or "clean threats", then reboot and try running adwcleaner again.

 

Besides, did you scan with other software I've mentioned earlier ? Zemana, Malwarebytes, JRT ? If not then do it, it may help.

 

I will try what you suggest, thank you Daniel_BoringCliffe.

 

Sorry, I did mean to reply to your earlier question - after running RKill I ran Malwarebytes, and it found nothing. I also ran Trend Micro Security Agent, and it found nothing also.

 

Thank you again -


Edited by alexis11, 01 September 2017 - 04:49 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:15 PM

Posted 01 September 2017 - 05:26 PM

...I tried to open up ADWCleaner, downloaded from this site (where it says it's good for XP)but I get the error message found in the words of this topic title, and it won't open...

fr33tux, one of the AdwCleaner developers, has advised v7.x is no longer compatible (supported) with Windows XP. If you attempt to run AdwCleaner on Windows XP, it will result in the error..."Not a valid 32-bit application."

Compatible with Windows 7, 8, 8.1, 10 in 32 & 64 bits

ToolsLib AdwCleaner

Grinler is aware and the BC download page will be updated to reflect this when he gets the chance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 alexis11

alexis11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 02 September 2017 - 12:04 AM

Thank you, Quietman7.

I found the page with older versions of ADWCleaner, https://toolslib.net/downloads/viewdownload/1-adwcleaner/history/ .

Did you think the best thing for me to do is just keep trying successively older versions tool I find one that opens in XP?

Or is it better to use another tool instead?

Thank you -

#10 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:11:15 PM

Posted 02 September 2017 - 03:49 AM

Yes, try an older version. Besides that, did any of the tools I've mentioned earlier find something ? If not then there exists a possibility that your system is broken in some other way than running some kind of a malware.

 

To verify that there are no malware processes present you can download process explorer https://download.sysinternals.com/files/ProcessExplorer.zip |, enable VirusTotal uploading under options > virustotal.com > check virustotal.com  and see if any of the processes are detected ( a number larger than 0 ). 

 

http://prntscr.com/gg4kix - like this.

 

If it is a malware then I think that it is a rootkit of some sorts. If MBAR haven't found it then it is either new or very sophisticated, in which case you can wait for somebody from malware response team to help you, or non existing.

 

Are you sure that you still can't run Farbar ? Besides that, which process uses high CPU usage and what is wrong with Firefox? Can it start but does not connect to the internet or does it not start in the first place ? Does it display some kind of an error message ? 


Edited by Daniel_Boringcliffe, 02 September 2017 - 04:10 AM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:15 PM

Posted 02 September 2017 - 09:04 AM

...I found the page with older versions of ADWCleaner, https://toolslib.net/downloads/viewdownload/1-adwcleaner/history/ .

Did you think the best thing for me to do is just keep trying successively older versions tool I find one that opens in XP?

Or is it better to use another tool instead...

I do not recommemd using older outdated versions of security software unless there are no other alternatives. In this case you can use Zemana AntiMalware free, Malwarebytes 3.0 free or RogueKiller Anti-malware free...all of which supports Windows XP and targets potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware just like AdwCleaner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 alexis11

alexis11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 02 September 2017 - 11:45 AM

 

...I found the page with older versions of ADWCleaner, https://toolslib.net/downloads/viewdownload/1-adwcleaner/history/ .

Did you think the best thing for me to do is just keep trying successively older versions tool I find one that opens in XP?

Or is it better to use another tool instead...

I do not recommemd using older outdated versions of security software unless there are no other alternatives. In this case you can use Zemana AntiMalware free, Malwarebytes 3.0 free or RogueKiller Anti-malware free...all of which supports Windows XP and targets potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware just like AdwCleaner.

 

 

Thank you Quietman7 and Daniel_Boringcliffe.

 

I have run Malwarebytes 3.0 free after running RKill, and it came up with zero problems. Thanks for explaining that Malwarebytes is functionally similar to AdwCleaner.

 

At this point the questions running through my mind are:

 

1. If Malwarebytes 3.0 free has turned up nothing, should the next step be trying the other ones in case they find something Malwarebytes didn't (Zemana AntiMalware free, RogueKiller Anti-malware free)? Or is that likely to be unproductive if Malwarebytes 3.0 free didn't find anything after running RKill?

 

2. Is there still a role for Mbar by Malwarebytes (or did RKill perform a similar function)?

 

Thanks for you guys' help so far, and for any further suggestions.



#13 alexis11

alexis11
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 PM

Posted 02 September 2017 - 11:55 AM

(I don't see how to edit my previous post, sorry)

 

I wanted to add:

Daniel_Boringcliffe, I was wondering where in the process you thought it was correct to run  https://download.sysinternals.com/files/ProcessExplorer.zip  as from your previous post? (Right after MBar?). (PS: Your pic/printscreen was blank on my computer, I'll check on another computer later today - thank you for making that!).

 

Other answers to your questions, Daniel_Boringcliffe:

1) I will check Farbar again later today.

2) I will post what the highest CPU processes are later today as well.

3) Both Firefox and IE have the same response when I double click on them: absolutely nothing happens on the screen. This is a more recent event than the other problems, because at one point Firefox was functional (but very slow), and I downloaded a new version from Mozilla to see if that would help with the slowness, intermittent BSODs, and high CPU. At some time after that, trying to open it became unsuccessful entirely.

 

Thank you!



#14 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:11:15 PM

Posted 02 September 2017 - 12:03 PM

 

 

1. If Malwarebytes 3.0 free has turned up nothing, should the next step be trying the other ones in case they find something Malwarebytes didn't (Zemana AntiMalware free, RogueKiller Anti-malware free)? Or is that likely to be unproductive if Malwarebytes 3.0 free didn't find anything after running RKill?

 

No. They can potentially find something that Malwarebytes missed. 

 

 

 

Daniel_Boringcliffe, I was wondering where in the process you thought it was correct to run  https://download.sysinternals.com/files/ProcessExplorer.zip  as from your previous post? 

 

Elaborate, please.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:15 PM

Posted 02 September 2017 - 02:16 PM

RKill is a specialized tool created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer primarily designed to terminate suspicious processes (not specific malware) and reset various registry configuration settings that prevent anti-malware and anti-virus tools from running. When RKill is able to terminate malicious processes and reset certain registry keys, that action usually allows other tools to perform scans and clean up routines to remove the infection. Some of these settings include incorrect EXE, .COM, & .BAT file associations in the Windows Registry if changed by malware or a legit program.

Since RKill is not designed to be a comprehensive malware removal tool, using it is not required in all situations. If you cannot run other security tools, a scan with Malwarebytes 3.0 or similar tool should be completed immediately after running RKill. If you are able to run other security tools without them terminating, there is no need to run RKill. However, if RKill is run separately without or after other security tools, it's log can provide useful information to help diagnose the presence of malware or report other issues as the developer added some basic enumeration to the tool for various infections.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users