Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

application cannot be executed [Solved]


  • This topic is locked This topic is locked

#1
duke0466

duke0466

    Member

  • Member
  • PipPip
  • 21 posts
I am running AVG 9.0
I have Malwarebytes
I Have spybot
I have CC cleaner

Left my computer on overnight, this morning any .exe I attempt cannot be executed because .exe infected.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets try this

Please download RKill.com to your desktop
Double click the programme to run it
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate

THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
duke0466

duke0466

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
downloaded and attempted to run Rkill. Black windows appeared and almost instantly I got a security message. Application cannot be executed. pev.rkexe is infected
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you try this ?

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate
  • 0

#5
duke0466

duke0466

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
now security warning says: the file rkill.com is infected. when I double click rkill in my desktop, the black window appears quickly, and then disappears. Is it running? Nothing appears to be happening. I can't even Control/alt/del. Task manager appears and disappears quickly.

Edited by duke0466, 20 February 2010 - 11:22 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It may be - can you access safe mode ?

Could you now run OTS please
  • 0

#7
duke0466

duke0466

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
the OTS screen appears quickly, and then it too disappears. The security window also says OTS.exe is infected. Even leaving the security window open does not seem to help. Not sure how to access safemode.

Edited by duke0466, 20 February 2010 - 11:28 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you access safe mode ?
  • 0

#9
duke0466

duke0466

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
how do I access safe mode?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reboot the computer and as soon as it starts continually press F8 until a menu appears, on that menu select safe mode
  • 0

Advertisements


#11
duke0466

duke0466

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTS scan is now running. Could not open in safe mode. Kept getting the dreaded blue screen. Opened under normal settings
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that means we will need to repair safe mode later
  • 0

#13
duke0466

duke0466

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Attached File  OTS.Txt   154.18KB   349 downloads

I'm on the wifes computer writing this. My computer is getting bombed with antivirus soft messages. Will not allow me to access this site. Security alerts are popping up everywhere.

Edited by duke0466, 20 February 2010 - 12:26 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets kill the darn thing now - this may take a few minutes to run

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Processes - Safe List]
YY -> fcvlsftav.exe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:5555
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:5555
< HOSTS File > ([2009/11/16 18:50:05 | 000,351,393 | R--- | M] - 12096 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> 91.212.127.226 osguard-pro.microsoft.com -> 
YN -> 91.212.127.226 osguard-pro.com -> 
YN -> 91.212.127.226 www.osguard-pro.com -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "gekjxsuu" -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe [C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe]
YY -> "Tzibidetay" -> C:\WINDOWS\uduxivuxeruxile.DLL [rundll32.exe "C:\WINDOWS\uduxivuxeruxile.dll",Startup]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "gekjxsuu" -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe [C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "gekjxsuu" -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe [C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe]
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\] > -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> www.update_microsoft.com [https] -> Trusted sites
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
YN -> NameServer -> 93.188.165.99,93.188.161.88
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {2DE162A0-1EFE-4005-AC32-A42AE97CE852}\\NameServer -> 93.188.165.99,93.188.161.88   (Dell Wireless 1390 WLAN Mini-Card)
YN -> {6CA486CD-7FC2-434D-903C-92E78AF4E34B}\\NameServer -> 93.188.165.99,93.188.161.88   (Broadcom 440x 10/100 Integrated Controller)
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YY -> C:\WINDOWS\system32\sdra64.exe -> C:\WINDOWS\system32\sdra64.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> Reg Error: Key error. [CDBurn]
[Files/Folders - Created Within 30 Days]
NY ->  sqnypu -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu
NY ->  cshost.dll -> C:\WINDOWS\System32\cshost.dll
NY ->  93 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  Bpudevevukovik.dat -> C:\WINDOWS\Bpudevevukovik.dat
NY ->  Wtuxejefifinoh.bin -> C:\WINDOWS\Wtuxejefifinoh.bin
NY ->  wklnhst.dat -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\wklnhst.dat
NY ->  93 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
NY ->  400 C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp
NY ->  381 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#15
duke0466

duke0466

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I cannot access any web-site on my computer now.
http://av-protect.mi...lock.php?r=57.6
appears in the explorer toolbar. Can this be disabled?
windows security alerts are popping up every second.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP