[Resolved] .exe files not running.
#1
Posted 23 November 2009 - 05:50 PM
Register to Remove
#2
Posted 23 November 2009 - 05:57 PM
Proud Graduate of the WTT Classroom
#3
Posted 23 November 2009 - 06:01 PM
#4
Posted 23 November 2009 - 06:26 PM
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- You will need to run all tools as an Administrator. To run a program as an Administrator you must right click on the program and select "Run as Administrator"
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
Run exeHelper
Please download exeHelper to your desktop.
Right Click on exeHelper.com and choose Run As Administrator.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Download and run Win32kDiag
- Download Win32kDiag from any of the following locations and save it to your Desktop.
- Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
- When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
- Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Scanning with DDS
Please download DDS by sUBs from one of the following links and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Post the contents of the DDS.txt report in your next reply
- Attach the Attach.txt report to your post by doing the following:
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload, then click the green Upload button
- Once it has uploaded, click the Manage Current Attachments drop down box
- Click on to insert the attachment into your post
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in your reply.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please make sure you include the following items in your next post:
1. The log that was produced after running exeHelper.com
2. The log that was produced after running Win32kdiag.
3. The logs that were produced after running DDS (DDS.txt & Attach.txt)
4. The log that was produced after running GMER.
Proud Graduate of the WTT Classroom
#5
Posted 23 November 2009 - 06:34 PM
Edited by KateetaK, 23 November 2009 - 06:36 PM.
#6
Posted 23 November 2009 - 07:27 PM
Can you try rebooting your computer into Safe Mode w/ Networking and try to download those programs that way.
To Enter Safemode w/ Networking
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY repeatedly,
- this will bring up a menu.
- Use the Up and Down Arrow Keys to scroll up to Safemode w/ Networking
- Then press the Enter Key on your Keyboard
- go into your usual account
Do you have access to another computer and a flash drive?
Please answer the above questions in your next post.
Proud Graduate of the WTT Classroom
#7
Posted 23 November 2009 - 09:23 PM
I went into Safe Mode with Networking, and I had the same problems as I had in the computer's normal mode. Those problems were as follows:
1.) Both exeHelper and DDS gave me an error message that said, "The parameter is incorrect."
2.) Win32kDiag gave me an error message that said, "...is not a valid Win32 application." (Same error message I get when I try to download an executable file.)
3.) When I double click the GMER.zip download, a folder comes up that is empty, hence there is nothing to extract.
I do have access to another computer, so I was able to save 2 of the programs to my flash drive: Win32kDiag and GMER. (I will post those logs here.) However, I had no success with the other 2 programs you listed. When I tried to download exeHelper, a threat was detected that said the file was infected with a virus. I don't remember what happened with DDS, but I wasn't able to download that one either.
Now, when I run GMER on this computer, it starts scanning automatically and does find some things. (I will also post this log that has nothing unchecked.) However, in your post, you told me to make sure a few things were unchecked, so I unchecked those things and ran the scan again. When I do this scan with the items unchecked, the program stops running and gives me an error message that says, "gmer.exe has stopped working. A problem caused the program to stop running correctly. Windows will close the program and notify you if a solution is available." So, that's about where I'm at right now. I have listed the logs below.
Another thing I just noticed: In your post, you also said that when the Win32kDiag log was finished, it would say, "Finished! Press any key to exit..." I had the program running for a while, and I never received that message. I'll post both of the logs anyway. Maybe you can find something that hints to what is wrong with my computer. I appreciate your help so much.
Here is the Win32kDiag.txt log that I have:
Running from: C:\Users\HP_Administrator\Desktop\Win32kDiag.exe
Log file at : C:\Users\HP_Administrator\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Here is the GMER log that had all items on the right-hand side checked:
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-11-23 22:15:57
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\HP_ADM~1\AppData\Local\Temp\kwgdafod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
#8
Posted 23 November 2009 - 09:36 PM
#9
Posted 23 November 2009 - 10:28 PM
If you still have a copy of exeHelper on your computer then please go ahead and delete it and download a fresh copy.
As a reminder all programs that I have you run will need to be Run as an Administrator. This can be done by right clicking on the program and selecting "Run as Administrator".
Please ignore any warnings AVG may present to you when running exeHelper.
Run exeHelper
Please download exeHelper to your desktop.
Right Click on exeHelper.com and choose Run As Administrator.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Before running the next tool we next need to disable AVG.
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I will let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.
Running ComboFix
Download Combofix from either of the links below. You must rename it to combo.com before saving it.
Save it to your desktop. Change the save as file type to "all files"
**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
Link 1
Link 2
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.
-----------------------------------------------------------
- Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
1. The log that was produced after running exeHelper.
2. The log that was produced after running ComboFix.
Proud Graduate of the WTT Classroom
#10
Posted 23 November 2009 - 10:59 PM
Edited by KateetaK, 23 November 2009 - 11:00 PM.
Register to Remove
#11
Posted 24 November 2009 - 02:59 PM
We need to re-download exeHelper and ComboFix. Please download this programs onto another computer and then save them onto your flash drive.
The instructions are a little different then before so please pay special attention to them. If you have any questions please stop and ask me.
I'd like for you to download a different version of exeHelper. This version will save to your computer as explorer.exe.
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
Plug your flash drive into the infected computer and attempt to run the programs now. Before running the programs you may need to right click on them and run them as an Administrator.
[b]Please post the logs that exeHelper and ComboFix produce after running them.
Proud Graduate of the WTT Classroom
#12
Posted 24 November 2009 - 10:29 PM
exeHelper log:
exeHelper by Raktor
Build 20091122
Run at 23:23:32 on 11/24/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
#13
Posted 24 November 2009 - 10:46 PM
#14
Posted 24 November 2009 - 11:02 PM
#15
Posted 24 November 2009 - 11:47 PM
System Settings protector has stopped working
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.
I am going to run a full system scan with Avira right now. If there is anything else I can do, please let me know. Thank you for all of your help. It is much appreciated.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users