Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Installer Refuses To Work Hjt Log


  • This topic is locked This topic is locked
33 replies to this topic

#16 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 08 December 2006 - 12:26 PM

where will the log be?
Gordon Reid

BC AdBot (Login to Remove)

 


#17 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 PM

Posted 08 December 2006 - 12:29 PM

<LI>Once finished, click see report, then click Save report and save it to your desktop.<LI>


It should be on your desktop. :thumbsup:

#18 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 08 December 2006 - 12:54 PM

kk
for some reason report didn't save
rescanning about 40% complete
Gordon Reid

#19 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 PM

Posted 09 December 2006 - 10:10 PM

Pleas don't tell me that it's still scanning :thumbsup:

#20 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 10 December 2006 - 01:21 PM

Pleas don't tell me that it's still scanning :thumbsup:


yep stuck on C:\Program Files\Mozilla Firefox\firefox.exe

oh wait it has now changed to a different file

YAY
Gordon Reid

#21 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 12 December 2006 - 01:46 PM

I dont have the exact message, it came up while i was shutting down.

Something like

Windows File Protection
There are some windows files that are of an unrecognized version. This can cause reliability problems. It is recommended you insert your SP2 disk adn repair your installation of windows.



Should I just do that?
Will it solve my Windows Installer problem?
????????????????????????????????????
Gordon Reid

#22 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 PM

Posted 12 December 2006 - 03:07 PM

Hi Somoky299,


For your installer problem, this link might help.

For the Windows File Protection problem,

Goto start>run and type
sfc /scannow (notice the space between c and /), click ok. Insert your xp installation cd when asked.

It must be the installation CD, not the recovery CD.

further info on sfc /scannow how to: http://www.updatexp.com/scannow-sfc.html

=====================================================

Next,

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it

=====================================================

Reboot your computer in Safe Mode, following my earlier instruction.

=====================================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

=====================================================

You still haven't provided me with an online scan log. If you're having trouble with Panda, try

Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information from Kapersky in your next post.

Edited by amateur, 12 December 2006 - 03:07 PM.


#23 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 December 2006 - 12:00 PM

thank you
will do

might not be repling till after christmas cause me getting busy and i need to find sp2 disk

already been on the windows installer page. No help. only method left was to re-install xp sp2. sp me doing it

MERRY CHRISTMAS!

Edited by smoky299, 13 December 2006 - 12:02 PM.

Gordon Reid

#24 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 14 December 2006 - 03:49 PM

done the sfc /scannow thing today

didn't make any difference

will try the other things metioned over christmas
Gordon Reid

#25 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 PM

Posted 14 December 2006 - 04:11 PM

done the sfc /scannow thing today

didn't make any difference

Do you mean that you're still getting the
"There are some windows files that are of an unrecognized version. This can cause reliability problems. It is recommended you insert your SP2 disk adn repair your installation of windows." message on shutdown?

Please read this:
http://support.microsoft.com/kb/222193

#26 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 15 December 2006 - 01:04 PM

the windows installer messages come up still

doing kas[ersky
Gordon Reid

#27 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 20 December 2006 - 12:13 PM

Kaspersky Log can be found here

http://www.johnstone-high.com/kaspersky%20report.html

Edited by smoky299, 20 December 2006 - 12:15 PM.

Gordon Reid

#28 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 PM

Posted 20 December 2006 - 02:44 PM

The Kaspersky log indicates that you are using a p2p file sharing program. Please note that as long as you're using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. There was a time when P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

Using Windows Explorer, navigate to and delete the following files and folders:

C:\Program Files\FilePipe P2P\giFT
C:\Program Files\FilePipe P2P\simplevlc.dll

Also delete:

regkey.bat and the regkey.txt inside the folder named My Stuff,
index(2).hta and index.hta inside the folder named My Downloads on your desktop

==========================================

Run Ccleaner again.

==========================================

Post a fresh HijackThis log please.

#29 smoky299

smoky299
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 23 December 2006 - 02:46 PM

thanks

deleted those files
Gordon Reid

#30 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:23 PM

Posted 23 December 2006 - 04:59 PM

Hi,

I am pasting your pm here for easier follow up.

Thanks for your help on Windows Installer.

I have repaired my installation of XP and Windows Installer now works.

Just my start-up takes ages.

Got System Mechanic to fix that.

Hope you have a merry christmas!

Gordon


All sounds good. :thumbsup: I think you're all set to go now.



Create a new System Restore point to prevent reinfection from old restore points.



Go to Start>Run and type sysdm.cpl. Press Enter

  • Select the System Restore Tab

  • Place a check in "Turn off System Restore on all drives"

  • Click Apply

  • next, uncheck the same checkbox.

  • Click Apply

  • Click OK



You can also find instructions on how to disable and re enable system restore here:

Windows XP System Restore Guide



And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)



Make your Internet Explorer more secure - This can be done by following these simple instructions:



From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialise and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.



Avoid illegal sites, because that's where most malware is present.



* Don't click on links inside popups.

* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.

* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.



Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.

If you haven't got an antivirus, you can download and install one of the following ones wh;ich are free for personal use: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.



AVG Free here

AntiVir here

Avast here



It is essential to keep the anti-virus program fully updated.

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.



If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.



Keep your pestware-scanners up-to-date and do regular scans with them.



To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them already):

AdAware here

Spybot here Remember to "immunize" after each update

Windows Defender here



Install realtime pestware-scanners and keep them up-to-date.



The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:



SpywareBlaster here Remember to "enable all protection" after each update.

SpywareGuard here



If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.



A firewall will prevent unauthorized contact between your computer and internet.

If there is no firewall installed on your computer, you can download and install one of the following free firewalls:

ZoneAlarm here

Sygate here

Kerio Personal Firewall here

Outpost here

Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!



Test your firewall here to make sure that it's working properly



Install these programs, to make surfing with Internet Explorer safer:



A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing. To provide privacy, select disable advanced features when installing.



IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.



SiteHound by Firetrust

here:



Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer.

SiteHound will alert you when you enter a site which is known to contain:

Fraudulent claims or scams

Offensive material

Security vulnerabilities

Spyware or Adware

Spam related material

or other content deemed to be unsafe

Specifically, SiteHound blocks these categories:



Adult Spyware Spam Advertising Phishing Possible scam or fraud Misleading or False Advertising

Pharming Rogue or Suspect Product Adware Malware or Virus



Install and use an alternative browser to surf on the internet.



Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.

Here are some good alternative browsers:

Mozilla Suite here

Mozilla Firefox here

Opera here

Netscape here

Important: You can not uninstall Internet Explorer.

First of all, it's part of Windows and you'll need it to download and install Windows Updates.

Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.



But above all, keep all your software UP-TO-DATE at all time!!



Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place


Merry Christmas and a Happy New Year with safe surfing! :flowers:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users