[Dickie74]

Hi

I wasn't really sure where to post this query.

I recently had the Google Redirect problem which was sorted out with help from the Geeks to Go anti-malware forum.

I have a new problem now (maybe related to the above?). When my PC starts up, I often get an error from Avast Version 4.8 Home Edition (Error log 10050) saying that they cannot be run. My firewall (Sunbelt Personal firewall - free edition)also brings up an error saying that an error has occured and it has to close. I am also unable to connect to the internet when this happens, although my PC shows that I am connected to my wireless network. I may have to reboot 4 or 5 times then it works as normal, but then happens again the next day - the number of reboots it takes to get it working is increasing!

I have tried Windows XP system restore a few times and this sometimes works, but not everytime. It's very frustrating.

Any ideas? Any help appreciated.

Thanks.

Dickie

[Advertisements]

Hey there Dickie,

A. First we will need to perform a permissions reset, as the malware very likely corrupted the permissions of some files.

1. Download and install SubInACL from Microsoft. Install SubInACL in the default location.
2. Click Start > Run > type cmd and click OK
3. In the cmd prompt, type notepad reset.cmd and click yes to open Notepad.exe and create a new text file named reset.cmd
4. Copy and paste the following contents into reset.cmd:

cd /d "%programfiles%\Windows Resource Kits\Tools"

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

5. Save and close reset.cmd.
6. In the cmd prompt, type reset.cmd and press enter to run the SubInACL tool. This will take several minutes to complete.

B. When this is finished, please next remove all antivirus and firewall software next via Start > Control Panel > Add/Remove Programs.

C. Next, please download the AVAST cleanup utility and run it.

Reboot as many times as you are asked to, and when you're finished, move on to step D.

D. Next, we will next need to perform a system file check to ensure no critical system files are corrupted.

1. Click Start > Run > type sfc /scannow
2. Let the scan complete and have your Windows XP installation CD handy in case it is requested.

Please let me know the results when you are finished with these steps.

~os

Edited by othersteve, 21 November 2009 - 01:43 PM.

[othersteve]

Hey there Dickie,

A. First we will need to perform a permissions reset, as the malware very likely corrupted the permissions of some files.

1. Download and install SubInACL from Microsoft. Install SubInACL in the default location.
2. Click Start > Run > type cmd and click OK
3. In the cmd prompt, type notepad reset.cmd and click yes to open Notepad.exe and create a new text file named reset.cmd
4. Copy and paste the following contents into reset.cmd:

cd /d "%programfiles%\Windows Resource Kits\Tools"

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

5. Save and close reset.cmd.
6. In the cmd prompt, type reset.cmd and press enter to run the SubInACL tool. This will take several minutes to complete.

B. When this is finished, please next remove all antivirus and firewall software next via Start > Control Panel > Add/Remove Programs.

C. Next, please download the AVAST cleanup utility and run it.

Reboot as many times as you are asked to, and when you're finished, move on to step D.

D. Next, we will next need to perform a system file check to ensure no critical system files are corrupted.

1. Click Start > Run > type sfc /scannow
2. Let the scan complete and have your Windows XP installation CD handy in case it is requested.

Please let me know the results when you are finished with these steps.

~os

Edited by othersteve, 21 November 2009 - 01:43 PM.

[Dickie74]

Hey Steve

Thanks for your quick reply.

I don't have a Windows installation CD - Windows came preinstalled, my PC is from Dell. Will this make a difference?

Dickie

[othersteve]

Hey Dickie,

Try this really quickly when you get the chance:

Click Start > Run > type C:\i386

If you get an error message, the folder does not exist. But if no error appears, let me know before you reach Step D, and I can perform a registry edit for you that will instruct the sfc to use that directory as the system file restoration folder.

~os

[Dickie74]

Morning Steve

Just logged on this morning, the first time AV/firewall and internet not working, so I turned off and tried again. The second time, I got a warning message: ls360 tray - %s not found in archive. I then tried typing C:\i386 into run as you mentioned, and it brings up a ls360 folder. I then searched within this folder, and found 7,559 files with 95 folders.

Does this mean anything?

Dickie

[Dickie74]

Hi Steve

Just been trying to go through your steps, can I clarify something?

I've carried out step A 1 to 4, but when I click on the reset.cmd file to run it, the cmd screen flashes in front of me and nothing else happens (you mention it should take several minutes to complete.) Just wanted to clarify to make sure I am clear and I get it right!

Many thanks

Dickie

PS - did you see my precious post? Is this any help?

Edited by Dickie74, 22 November 2009 - 04:11 PM.

[Broni]

I suggest that you start a new topic in the Malware Removal and Spyware Removal area.

Before you start a new topic click on this link --> Malware and Spyware Cleaning Guide, Please read before starting a new topic. This will give you a few preparations to make, as well as instruction for posting your OTListIt2 log.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

[othersteve]

Hey Dickie,

Sorry for the late reply; had a busy day today.

Yes, we still should perform these steps after all's said and done, but I agree with Bruno that your next step probably ought to be a visit to the Malware forum.

Let me know if you need help when you return.

~os

[Dickie74]

Steve/Broni

No problems, I thought that this was the best place to go; I did have a problem a few weeks back and got help from the Malware Removal and Spyware Removal forum, but I wasn't sure that this might be related to it. I'll start a new topic back over there.

Steve - thanks for your help so far!

Dickie

[othersteve]

Hey Dickie,

It's no problem at all. It's tough to diagnose certain types of issues over here that seem to be malware related because we are not allowed to offer that sort of advice on this forum. All it will take is a quick check of your logs by an expert over there and then we can proceed with troubleshooting here if your problem persists.

~os

[Dickie74]

Hey Steve

Great, thanks again. I've just gone through the Malware and Spyware Cleaning Guide and started the topic again over there.

Dickie

[rshaffer61]

Thanks for the update and we will continue to monitor this topic and await the results of the malware issue.

[Dhanushka]

A. First we will need to perform a permissions reset, as the malware very likely corrupted the permissions of some files.

1. Download and install SubInACL from Microsoft. Install SubInACL in the default location.
2. Click Start > Run > type cmd and click OK
3. In the cmd prompt, type notepad reset.cmd and click yes to open Notepad.exe and create a new text file named reset.cmd
4. Copy and paste the following contents into reset.cmd

Which function perform from this?