Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Application cannot be executed, all .exe files won't start


  • Please log in to reply

#1
Murrycurry

Murrycurry

    New Member

  • Member
  • Pip
  • 1 posts
I copied this from another topic, since I have the exact same problem, and I couldn't find a solution in the previous topic.

"I've downloaded the MalwareAnti-bites thing, but can run it due to a pop up that says that it is infected. I was thinking about restarting and running from safemode but i don't know if that'd solve this problem.

The only thing this virus will allow me to open is Firefox and IE. I'll also get a pop-up from time to time reading:


--------------------

Attention ! Spyware Alert
Vulnerabilities found.

Your computer is infected by spyware - 34 serious threats have been
found while scanning your files and registry. It is strongly recommended
that you disinfect your computer and activate realtime secure protection
against future intrusions.

Why do you need realtime spyware protection ?

Upgrade to full version of antivirus software to clean your computer
and prevent new security and privacy attacks. You will be able to
download daily updates and get online protection against Internet attacks.

(two buttons below reading 'Activate your antivirus software' and 'Stay unprotected.'


----------------------


I'm not sure if its the virus, or windows trying to tell me, but I've been Alt-F4ing it away.
Anyone have any idea whats going on?"

I managed to run combofix, and here's the log from it:

ComboFix 10-04-21.01 - Marie 2010-04-21 21:24:52.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.894.484 [GMT 2:00]
Körs från: c:\documents and settings\Marie\Skrivbord\Combo-Fix.exe
AV: *On-access scanning disabled* (Outdated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program\FunWebProducts
c:\program\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program\Internet Explorer\msimg32.dll
c:\program\MyWebSearch
c:\program\MyWebSearch\bar\2.bin\MWSBAR.vir
c:\program\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program\MyWebSearch\bar\3.bin\F3BROVLY.DLL
c:\program\MyWebSearch\bar\3.bin\F3CJPEG.DLL
c:\program\MyWebSearch\bar\3.bin\F3DTACTL.DLL
c:\program\MyWebSearch\bar\3.bin\F3HISTSW.DLL
c:\program\MyWebSearch\bar\3.bin\F3HTmlmu.dll
c:\program\MyWebSearch\bar\3.bin\F3HTtpct.dll
c:\program\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
c:\program\MyWebSearch\bar\3.bin\F3POPSWT.DLL
c:\program\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
c:\program\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program\MyWebSearch\bar\3.bin\F3RESTUB.DLL
c:\program\MyWebSearch\bar\3.bin\F3SCHMON.EXE
c:\program\MyWebSearch\bar\3.bin\F3SCrctr.dll
c:\program\MyWebSearch\bar\3.bin\F3SHLLVW.DLL
c:\program\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
c:\program\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
c:\program\MyWebSearch\bar\3.bin\M3HTML.DLL
c:\program\MyWebSearch\bar\3.bin\M3IDLE.DLL
c:\program\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
c:\program\MyWebSearch\bar\3.bin\M3MSG.DLL
c:\program\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
c:\program\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
c:\program\MyWebSearch\bar\3.bin\M3OUtlcn.dll
c:\program\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
c:\program\MyWebSearch\bar\3.bin\M3SKIN.DLL
c:\program\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
c:\program\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
c:\program\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
c:\program\MyWebSearch\bar\3.bin\MWSBAR.DLL
c:\program\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
c:\program\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
c:\program\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program\MyWebSearch\bar\Cache\000B70D5
c:\program\MyWebSearch\bar\Cache\002C0EEE.bin
c:\program\MyWebSearch\bar\Cache\002C1111.bin
c:\program\MyWebSearch\bar\Cache\002C1305.bin
c:\program\MyWebSearch\bar\Cache\002C14BA
c:\program\MyWebSearch\bar\Cache\0112D711
c:\program\MyWebSearch\bar\Cache\0112E0B6.bin
c:\program\MyWebSearch\bar\Cache\0112E346.bin
c:\program\MyWebSearch\bar\Cache\01130064.bin
c:\program\MyWebSearch\bar\Cache\01130D54.bin
c:\program\MyWebSearch\bar\Cache\01130F87.bin
c:\program\MyWebSearch\bar\Cache\01131553.bin
c:\program\MyWebSearch\bar\Cache\01133A5F.bin
c:\program\MyWebSearch\bar\Cache\0113F2C2.bin
c:\program\MyWebSearch\bar\Cache\0113F4C6.bin
c:\program\MyWebSearch\bar\Cache\files.ini
c:\program\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program\MyWebSearch\bar\Game\CHESS.F3S
c:\program\MyWebSearch\bar\Game\REVERSI.F3S
c:\program\MyWebSearch\bar\History\search2
c:\program\MyWebSearch\bar\Message\COMMON.F3S
c:\program\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program\MyWebSearch\bar\Notifier\DOG.F3S
c:\program\MyWebSearch\bar\Notifier\FISH.F3S
c:\program\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program\MyWebSearch\bar\Notifier\MAID.F3S
c:\program\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\asam.exe
c:\windows\herjek.config
c:\windows\system32\f3PSSavr.scr

.
(((((((((((((((((((((((( Filer Skapade från 2010-03-21 till 2010-04-21 ))))))))))))))))))))))))))))))
.

2010-04-20 18:59 . 2010-04-20 18:59 -------- d-----w- c:\program\Panda Security
2010-04-20 18:59 . 2010-04-20 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-04-19 19:44 . 2010-04-19 19:44 93696 --sha-r- c:\windows\system32\dcomcnfgm.dll
2010-04-18 18:22 . 2010-04-18 18:22 -------- d-----w- c:\program\Google
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 11:11 . 2004-08-04 03:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 19:44 . 2010-02-28 19:44 -------- d-----w- c:\documents and settings\Kent\Application Data\Personal
2010-02-26 05:44 . 2006-01-09 18:08 667648 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:44 . 2004-08-04 03:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2004-08-04 03:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:09 . 2005-09-29 18:31 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:09 . 2005-09-29 18:31 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 09:03 . 2010-03-07 12:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-04 03:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 03:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="c:\program\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"Google Update"="c:\documents and settings\Marie\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-03 133104]
"bascgadr"="c:\documents and settings\Marie\Lokala inställningar\Application Data\sjgywofnt\tlrmutstssd.exe" [2010-04-19 272128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ATICCC"="c:\program\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AzMixerSel"="c:\program\Realtek\InstallShield\AzMixerSel.exe" [2005-12-20 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"ntiMUI"="c:\program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"LManager"="c:\program\LAUNCH~1\LManager.exe" [2006-03-31 598016]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 16010752]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"SweetIM"="c:\program\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2007-06-29 286720]
"bascgadr"="c:\documents and settings\Marie\Lokala inställningar\Application Data\sjgywofnt\tlrmutstssd.exe" [2010-04-19 272128]
"PSUNMain"="c:\program\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2010-2-25 939920]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Marie\\Skrivbord\\SPOTIFY.EXE"=
"c:\\Program\\Mozilla Firefox\\firefox.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2008-08-07 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2008-08-07 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2008-08-07 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2008-08-07 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2008-08-07 83344]

--- Övriga tjänster/drivrutiner i minnet ---

*NewlyCreated* - PSINFILE
*NewlyCreated* - PSINPROC
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]

2010-04-21 c:\windows\Tasks\Wvrqbbg.job
- c:\windows\system32\dcomcnfgm.dll [2010-04-19 19:44]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.aftonbladet.se/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Marie\Application Data\Mozilla\Firefox\Profiles\h7k7rkfk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program\Personal\bin\np_prsnl.dll
FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICY ----
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program\AVG\AVG8\Toolbar\IEToolbar.dll
HKCU-Run-asam - c:\windows\asam.exe
HKLM-Run-asam - c:\windows\asam.exe
AddRemove-Spotify - c:\program\Spotify\uninstall.exe
AddRemove-{BE3497CB-7278-4526-8918-9A3FD77AE790}}_is1 - c:\program\iTeddy File Converter\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 21:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Sluttid: 2010-04-21 21:30:03
ComboFix-quarantined-files.txt 2010-04-21 19:30

Före genomsökningen: 12 531 793 920 byte ledigt
Efter genomsökningen: 13 781 008 384 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 70434ACA38B511C84F4A9DB9F911A2B3

I'd appreciate any help I could get!!!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,189 posts
  • MVP
Boot into Safe Mode: Restart, then when you see the maker's logo or hear a beep start tapping the F8 key slowly. Keep tapping until you see the menu. Choose the top item (Safe Mode). Log in as yourself.

Delete these files:

c:\windows\Tasks\Wvrqbbg.job
c:\windows\system32\dcomcnfgm.dll
c:\documents and settings\Marie\Lokala inställningar\Application Data\sjgywofnt\tlrmutstssd.exe

Then run Combofix again.

When it reboots see if things are working again in regular mode.

If so post your MBAM, OTL and Extra logs.

Ron
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,189 posts
  • MVP
Appears you may have a malware proxy:
uInternet Settings,ProxyServer = http=127.0.0.1:5555

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP