(***) is not a valid win32 application...

I'm about to rip my hair out.

I got a pop up the other day saying something about how Windows Security Alerts detected some virus. Like an idiot, I clicked "OK" without thinking. Now, I have a constant pop-up from some supposed security alert center asking me to buy it. UNlike other rogue anti-spyware viruses I've had, though, this one won't let me do ANYTHING.

I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced Systemcare. It won't let me open anything .exe save for Internet Explorer. I have tried running all of these in Safe Mode. This doesn't work either. I have surfed the web and found numerous supposed "fixes," but once I download them, I can't use them as the error message pops up once again telling me that it's not a valid Win32 application. I've tried system restore, and it tells me that system restore was shut off by the administrator.

Please someone help me. I don't want to have to completely redo EVERYTHING if I don't have to.

Thanks in advance.

Reply to
Arianna
Loading thread data ...

[ you may have to rename mbam.exe in Safemode to something else if its being blocked. Change to myzap.exe for example ] also post in alt.comp.anti-virus for more tips
Reply to
tommy

Hate to be the bearer of bad news, but your machine is well beyond the threshold of "you should redo EVERYTHING."

There is a certain liberty in being that screwed. Even if you could get any cleanup tools to run to allow you to do something with the machine, at best you'd have a machine that _might_ be stable, and that you definitely shouldn't trust.

Get your data off the disk (booting into a bootable rescue cd of some flavor), reinstall Windows from original optical media and include a reallocation of the disk (delete the partition, recreate the partition) and reformatting.

Reply to
Todd H.

Arianna,

Although I agree with Todd, I'd give ComboFix a try, before anything else. You can download it from

formatting link
Don't worry, ComboFix is not spyware or anything. I have personally tried it and it saved me a lot of time.

Good luck!

Giorgos

Reply to
geoar75

Arianna wrote in news: snipped-for-privacy@DoNotSpam.com:

"fixes,"

The solution to your problem can be found here:

formatting link
L

Reply to
Lacromone Escavantes

some good information here

formatting link
note: when I have problems like yours, I use safe mode, where I use Task Manager to kill as many virus processes as possible until I can run Malwarebytes. You have to kind of know a fair bit about which processes are suspect. Usually ones that have a lot of nonsense consonants are suspect for one thing.

Reply to
tommy

The usual nonsense. *sigh*

formatting link
Please understand that, no matter how much skill you think you have, you still can't be certain that you got rid of all malware if you don't have a known-good baseline to compare against.

Besides, CCleaner a powerful tool? Don't make me laugh. The tool doesn't check even half of the locations from where Windows automatically starts stuff.

... whereas processes with names like "service.exe", "explore.exe", "exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly harmless and nothing to worry about ...

*doublesigh*

Names. Don't. Mean. Anything. At all. When will people begin to understand this simple fact?

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

In the last month I've run into 4 computers that were infected in a manner that would not let me run ANY known anti-malware tools and that I could not find the malware either.

I removed the drive and checked it from another computer with working anti-malware tools and little was detected, replace it in the machine, it was still infected with the same anti-malware tool blocking malware.

I tried all of the tools suggested here and some not commonly suggested, even if I could get them to install the would not run or updates.

I fell back to my standard, wiped the drive and reinstalled from scratch in a clean environment.

Reply to
Leythos

I should have included a link that would help identify suspect processes. Here's one, there are many many more:

formatting link
"No generalization is worth a damn, including this one"

Mark Twain

Reply to
tommy

yes, some cases call for reinstallation . Here's a link for that:

formatting link
It does sound like her case might need it. She should seek a qualified tech in her area.

Reply to
tommy

*sigh*

Here's a little exercise for you:

  1. Create a copy of NOTEPAD.EXE in %SystemRoot%.
  2. Rename it to exp1orer.exe (notice how it's written with "one" instead of "ell").
  3. Run it.

Now answer yourself some questions:

Did renaming notepad to exp1orer somehow magically turn notepad into explorer? If not, why would you think a program's name meant anything in the first place?

How do you identify the location of the program binary if you're using taskmgr.exe? The Windows Task Manager does not show the paths of executables in any Winddows version up to at least XP. And if you can't identify the location, what makes you think you could distinguish malware from a legit system binary?

How exactly is malware running with admin privileges prevented from infecting/altering system binaries?

And since you seem to like quotes, I do have two of my own for you:

"Names. Don't. Mean. Anything. At all."

--me

"Please understand that, no matter how much skill you think you have, you still can't be certain that you got rid of all malware if you don't have a known-good baseline to compare against."

--me as well

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Any qualified technician will suggest to flatten and rebuild the box, because he's aware of the fact that he can't guarantee that he'd get rid of all malware otherwise.

formatting link
cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

I disagree. All cases where you've got confirmed malware on the system call for reinstallation from original media.

You can run cleanup routines. It might actually find things, it might even remove those things. Then again, it very well might not. Hiding from AV is not that hard.

The time investment is a barrier, sure, but what it comes down to is: Do you feel lucky?

Reply to
Todd H.

Read this : MBAM will not install or run(Fix) Maybe it will explain what I am talking about. You have some preconceived notions about such Malwarebytes "nonsense" :

formatting link

Reply to
tommy

Thank you for making perfectly clear that you didn't understand a single word of what I wrote.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Ansgar -59cobalt- Wiechers wrote in news:h8j6mm$33j$ snipped-for-privacy@news.eternal-september.org:

Just wanted to mention that System Info does show paths. This for both Win2k and XP.

System Info > Software Environment > Running Tasks

Although, if it can be spoofed then it's still useless.

Brian

Reply to
Skywise

Ok, I?m new here, I ran across this thread on Google trying to fix my father-laws pc.

You guys keep arguing about weather to fix it or not. That up to you i guess, however i dont feel like reinstalling someone?s junk pc!

Its probable that this is too late to help you but for the other larkers? this may help you.

Here is what i did.

  1. on a good pc i downloaded malware bytes
  2. Renamed mbam.exe to mbam.com
  3. click and install
  4. browse to install dir, c:\program files\malware bytes....
  5. Rename mbam.exe to mbam.com then dbl click run scan '
  6. remove all found issues (mine found 546!!!)
  7. rename mbam.com back to mbam.exe
  8. reboot.
  9. install whatever else pleases you and clean away

Good luck!

Reply to
cnichollststate.com.40czjb

Then perhaps you should leave it to someone who does.

No it doesn't. Because once a system got compromised you can never be sure that you found and removed all malware (unless you have a known- good baseline to compare against).

formatting link
cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Its techs like you that give others a bad name....

Ohhh got a virus? got an issue? no problem i will just erase everything and start over.... any idiot can reinstall windows!

I dont charge anything, so my goal is to help people out if i can, as long as it doesnt take too long.

If i can make an unusable pc work again without causing the user to loose all the data they didnt remember to backup, my job is done.

You are right, I "cant know for sure" if malware is still there. If i dont know its there and the pc is working normally and the owner is happy, then does grandma really give a crap as long as she can send email and browse the web?

So when a single mom, or whoever says hey, i get these nasty popups and my internet is so slow can you fix it? i say sure, pop in a usb drive full of tools and in a hour or so of playing around, the popups are gone and everything else operates as normal. She didnt have to try to tell me where all her files are, I didnt have to save all the emails that are important for her, i didnt need her to bring me all the windows, office, and other cds to put back on...

Sure reinstalling a pc may be nothing to assure your piece of mind.

But to sally public, the last thing they want to hear is sorry. I hope you had your crap backed up All they want to here is, here you go its just fixed... that?s a big deal to real person....

Reply to
cnichollststate.com.40danb

Almost correct: just idiots reinstall MS Windows.

Sensible techs backup their users' data before reinstalling with a boot-CD or something similar.

If grandma cares or not is not important. A compromised computer can be used to create loads of problems for _other_ people. For example: sending spam, participating in bot nets, used in denial-of-service attacks et c, ad infinitum. It's bad form putting a 'cleaned' computer you know has been compromised on the net.

More like reassuring other peoples' pieces of minds.

Compromised machines are also a big for all people in the other end. This would not be a problem if people adhered to decent security policies. One of them is to reinstall and patch a machine _before_ connecting it to _any_ net.

Reply to
Jon Solberg

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.