(***) is not a valid win32 application...

[Arianna]

I'm about to rip my hair out.

I got a pop up the other day saying something about how Windows Security Alerts detected some virus. Like an idiot, I clicked "OK" without thinking. Now, I have a constant pop-up from some supposed security alert center asking me to buy it. UNlike other rogue anti-spyware viruses I've had, though, this one won't let me do ANYTHING.

I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced Systemcare. It won't let me open anything .exe save for Internet Explorer. I have tried running all of these in Safe Mode. This doesn't work either. I have surfed the web and found numerous supposed "fixes," but once I download them, I can't use them as the error message pops up once again telling me that it's not a valid Win32 application. I've tried system restore, and it tells me that system restore was shut off by the administrator.

Please someone help me. I don't want to have to completely redo EVERYTHING if I don't have to.

Thanks in advance.

Arianna wrote:
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed
> "fixes," but once I download them, I can't use them as the error
> message pops up once again telling me that it's not a valid Win32
> application. I've tried system restore, and it tells me that system
> restore was shut off by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.

[ you may have to rename mbam.exe in Safemode to something else if its being
blocked. Change to myzap.exe for example ]
also post in alt.comp.anti-virus for more tips

--
Tommy

Arianna <Arianna.3y5fnb@DoNotSpam.com> writes:

> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed "fixes,"
> but once I download them, I can't use them as the error message pops up
> once again telling me that it's not a valid Win32 application. I've
> tried system restore, and it tells me that system restore was shut off
> by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.


Hate to be the bearer of bad news, but your machine is well beyond the
threshold of "you should redo EVERYTHING."

There is a certain liberty in being that screwed. Even if you could
get any cleanup tools to run to allow you to do something with the
machine, at best you'd have a machine that _might_ be stable, and that
you definitely shouldn't trust.

Get your data off the disk (booting into a bootable rescue cd of some
flavor), reinstall Windows from original optical media and include a
reallocation of the disk (delete the partition, recreate the
partition) and reformatting.


--
Todd H.
http://www.toddh.net/

On Sep 7, 5:52*pm, Arianna <Arianna.3y5...@DoNotSpam.com> wrote:
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed "fixes,"
> but once I download them, I can't use them as the error message pops up
> once again telling me that it's not a valid Win32 application. I've
> tried system restore, and it tells me that system restore was shut off
> by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.
>
> --
> Arianna
> ------------------------------------------------------------------------
> Arianna's Profile:http://forums.techarena.in/members/133071.htm
> View this thread:http://forums.techarena.in/virus-spyware/1243103.htm
>
> http://forums.techarena.in

Arianna,

Although I agree with Todd, I'd give ComboFix a try, before anything
else.
You can download it from http://www.combofix.org. Don't worry,
ComboFix is not spyware or anything. I have personally tried it and it
saved me a lot of time.

Good luck!

Giorgos

--

NetPros Community
http://netpros.freeforums.org

Arianna <Arianna.3y5fnb@DoNotSpam.com> wrote in
news:Arianna.3y5fnb@DoNotSpam.com:

>
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed
"fixes,"
> but once I download them, I can't use them as the error message pops
up
> once again telling me that it's not a valid Win32 application. I've
> tried system restore, and it tells me that system restore was shut off
> by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.
>
>

The solution to your problem can be found here:

http://technet.microsoft.com/en-us/l.../cc512587.aspx

L

Arianna wrote:
> I'm about to rip my hair out.
>
> I got a pop up the other day saying something about how Windows
> Security Alerts detected some virus. Like an idiot, I clicked "OK"
> without thinking. Now, I have a constant pop-up from some supposed
> security alert center asking me to buy it. UNlike other rogue
> anti-spyware viruses I've had, though, this one won't let me do
> ANYTHING.
>
> I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
> Systemcare. It won't let me open anything .exe save for Internet
> Explorer. I have tried running all of these in Safe Mode. This doesn't
> work either. I have surfed the web and found numerous supposed
> "fixes," but once I download them, I can't use them as the error
> message pops up once again telling me that it's not a valid Win32
> application. I've tried system restore, and it tells me that system
> restore was shut off by the administrator.
>
> Please someone help me. I don't want to have to completely redo
> EVERYTHING if I don't have to.
>
> Thanks in advance.

some good information here
http://www.elephantboycomputers.com/...iruses_Malware

note: when I have problems like yours, I use safe mode, where I use Task
Manager to kill as many virus processes as possible until I can run
Malwarebytes. You have to kind of know a fair bit about which processes are
suspect. Usually ones that have a lot of nonsense consonants are suspect for
one thing.

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> some good information here
> http://www.elephantboycomputers.com/...iruses_Malware

The usual nonsense. *sigh*

http://technet.microsoft.com/en-us/l.../cc512587.aspx

Please understand that, no matter how much skill you think you have, you
still can't be certain that you got rid of all malware if you don't have
a known-good baseline to compare against.

Besides, CCleaner a powerful tool? Don't make me laugh. The tool doesn't
check even half of the locations from where Windows automatically starts
stuff.

> note: when I have problems like yours, I use safe mode, where I use
> Task Manager to kill as many virus processes as possible until I can
> run Malwarebytes. You have to kind of know a fair bit about which
> processes are suspect. Usually ones that have a lot of nonsense
> consonants are suspect for one thing.

.... whereas processes with names like "service.exe", "explore.exe",
"exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly harmless
and nothing to worry about ...

*doublesigh*

Names. Don't. Mean. Anything. At all. When will people begin to
understand this simple fact?

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

In article <h8hrdn$ln0$1@news.eternal-september.org>, tommylee9_2000
@removeyahoo.dropcom says...
> note: when I have problems like yours, I use safe mode, where I use Task
> Manager to kill as many virus processes as possible until I can run
> Malwarebytes. You have to kind of know a fair bit about which processes are
> suspect. Usually ones that have a lot of nonsense consonants are suspect for
> one thing.
>

In the last month I've run into 4 computers that were infected in a
manner that would not let me run ANY known anti-malware tools and that I
could not find the malware either.

I removed the drive and checked it from another computer with working
anti-malware tools and little was detected, replace it in the machine,
it was still infected with the same anti-malware tool blocking malware.

I tried all of the tools suggested here and some not commonly suggested,
even if I could get them to install the would not run or updates.

I fell back to my standard, wiped the drive and reinstalled from scratch
in a clean environment.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Ansgar -59cobalt- Wiechers wrote:
> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>> some good information here
>> http://www.elephantboycomputers.com/...iruses_Malware
>
> The usual nonsense. *sigh*
>
> http://technet.microsoft.com/en-us/l.../cc512587.aspx
>
> Please understand that, no matter how much skill you think you have,
> you still can't be certain that you got rid of all malware if you
> don't have a known-good baseline to compare against.
>
> Besides, CCleaner a powerful tool? Don't make me laugh. The tool
> doesn't check even half of the locations from where Windows
> automatically starts stuff.
>
>> note: when I have problems like yours, I use safe mode, where I use
>> Task Manager to kill as many virus processes as possible until I can
>> run Malwarebytes. You have to kind of know a fair bit about which
>> processes are suspect. Usually ones that have a lot of nonsense
>> consonants are suspect for one thing.
>
> ... whereas processes with names like "service.exe", "explore.exe",
> "exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly
> harmless and nothing to worry about ...
>
> *doublesigh*
>
> Names. Don't. Mean. Anything. At all. When will people begin to
> understand this simple fact?
>
> cu
> 59cobalt

I should have included a link that would help identify suspect processes.
Here's one, there are many many more:
http://www.answersthatwork.com/Taskl...s/tasklist.htm

"No generalization is worth a damn, including this one"

Mark Twain

Leythos wrote:
> In article <h8hrdn$ln0$1@news.eternal-september.org>, tommylee9_2000
> @removeyahoo.dropcom says...
>> note: when I have problems like yours, I use safe mode, where I use
>> Task Manager to kill as many virus processes as possible until I can
>> run Malwarebytes. You have to kind of know a fair bit about which
>> processes are suspect. Usually ones that have a lot of nonsense
>> consonants are suspect for one thing.
>>
>
> In the last month I've run into 4 computers that were infected in a
> manner that would not let me run ANY known anti-malware tools and
> that I could not find the malware either.
>
> I removed the drive and checked it from another computer with working
> anti-malware tools and little was detected, replace it in the machine,
> it was still infected with the same anti-malware tool blocking
> malware.
>
> I tried all of the tools suggested here and some not commonly
> suggested,
> even if I could get them to install the would not run or updates.
>
> I fell back to my standard, wiped the drive and reinstalled from
> scratch
> in a clean environment.

yes, some cases call for reinstallation .
Here's a link for that: http://windowsreinstall.com/

It does sound like her case might need it. She should seek a qualified tech
in her area.

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>>> some good information here
>>> http://www.elephantboycomputers.com/...iruses_Malware
>>
>> The usual nonsense. *sigh*
>>
>> http://technet.microsoft.com/en-us/l.../cc512587.aspx
>>
>> Please understand that, no matter how much skill you think you have,
>> you still can't be certain that you got rid of all malware if you
>> don't have a known-good baseline to compare against.
>>
>> Besides, CCleaner a powerful tool? Don't make me laugh. The tool
>> doesn't check even half of the locations from where Windows
>> automatically starts stuff.
>>
>>> note: when I have problems like yours, I use safe mode, where I use
>>> Task Manager to kill as many virus processes as possible until I can
>>> run Malwarebytes. You have to kind of know a fair bit about which
>>> processes are suspect. Usually ones that have a lot of nonsense
>>> consonants are suspect for one thing.
>>
>> ... whereas processes with names like "service.exe", "explore.exe",
>> "exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly
>> harmless and nothing to worry about ...
>>
>> *doublesigh*
>>
>> Names. Don't. Mean. Anything. At all. When will people begin to
>> understand this simple fact?
>
> I should have included a link that would help identify suspect
> processes. Here's one, there are many many more:
> http://www.answersthatwork.com/Taskl...s/tasklist.htm

*sigh*

Here's a little exercise for you:

1. Create a copy of NOTEPAD.EXE in %SystemRoot%.
2. Rename it to exp1orer.exe (notice how it's written with "one" instead
of "ell").
3. Run it.

Now answer yourself some questions:

Did renaming notepad to exp1orer somehow magically turn notepad into
explorer? If not, why would you think a program's name meant anything in
the first place?

How do you identify the location of the program binary if you're using
taskmgr.exe? The Windows Task Manager does not show the paths of
executables in any Winddows version up to at least XP. And if you can't
identify the location, what makes you think you could distinguish
malware from a legit system binary?

How exactly is malware running with admin privileges prevented from
infecting/altering system binaries?


And since you seem to like quotes, I do have two of my own for you:

"Names. Don't. Mean. Anything. At all."
--me

"Please understand that, no matter how much skill you think you have,
you still can't be certain that you got rid of all malware if you don't
have a known-good baseline to compare against."
--me as well

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> yes, some cases call for reinstallation .
> Here's a link for that: http://windowsreinstall.com/
>
> It does sound like her case might need it. She should seek a qualified
> tech in her area.

Any qualified technician will suggest to flatten and rebuild the box,
because he's aware of the fact that he can't guarantee that he'd get rid
of all malware otherwise.

http://technet.microsoft.com/en-us/l.../cc512587.aspx

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

"tommy" <tommylee9_2000@removeyahoo.dropcom> writes:

> Leythos wrote:
>> In article <h8hrdn$ln0$1@news.eternal-september.org>, tommylee9_2000
>> @removeyahoo.dropcom says...
>>> note: when I have problems like yours, I use safe mode, where I use
>>> Task Manager to kill as many virus processes as possible until I can
>>> run Malwarebytes. You have to kind of know a fair bit about which
>>> processes are suspect. Usually ones that have a lot of nonsense
>>> consonants are suspect for one thing.
>>>
>>
>> In the last month I've run into 4 computers that were infected in a
>> manner that would not let me run ANY known anti-malware tools and
>> that I could not find the malware either.
>>
>> I removed the drive and checked it from another computer with working
>> anti-malware tools and little was detected, replace it in the machine,
>> it was still infected with the same anti-malware tool blocking
>> malware.
>>
>> I tried all of the tools suggested here and some not commonly
>> suggested,
>> even if I could get them to install the would not run or updates.
>>
>> I fell back to my standard, wiped the drive and reinstalled from
>> scratch
>> in a clean environment.
>
> yes, some cases call for reinstallation .
> Here's a link for that: http://windowsreinstall.com/
>
> It does sound like her case might need it. She should seek a qualified tech
> in her area.

I disagree. All cases where you've got confirmed malware on the
system call for reinstallation from original media.

You can run cleanup routines. It might actually find things, it might
even remove those things. Then again, it very well might not. Hiding
from AV is not that hard.

The time investment is a barrier, sure, but what it comes down to is:
Do you feel lucky?


--
Todd H.
http://www.toddh.net/

Ansgar -59cobalt- Wiechers wrote:
> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>> Ansgar -59cobalt- Wiechers wrote:
>>> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>>>> some good information here
>>>> http://www.elephantboycomputers.com/...iruses_Malware
>>>
>>> The usual nonsense. *sigh*
>>>
>>> http://technet.microsoft.com/en-us/l.../cc512587.aspx
>>>
>>> Please understand that, no matter how much skill you think you have,
>>> you still can't be certain that you got rid of all malware if you
>>> don't have a known-good baseline to compare against.
>>>
>>> Besides, CCleaner a powerful tool? Don't make me laugh. The tool
>>> doesn't check even half of the locations from where Windows
>>> automatically starts stuff.
>>>
>>>> note: when I have problems like yours, I use safe mode, where I use
>>>> Task Manager to kill as many virus processes as possible until I
>>>> can run Malwarebytes. You have to kind of know a fair bit about
>>>> which processes are suspect. Usually ones that have a lot of
>>>> nonsense consonants are suspect for one thing.
>>>
>>> ... whereas processes with names like "service.exe", "explore.exe",
>>> "exp1orer.exe", "svcchost.exe" et. al. are obviously perfectly
>>> harmless and nothing to worry about ...
>>>
>>> *doublesigh*
>>>
>>> Names. Don't. Mean. Anything. At all. When will people begin to
>>> understand this simple fact?
>>
>> I should have included a link that would help identify suspect
>> processes. Here's one, there are many many more:
>> http://www.answersthatwork.com/Taskl...s/tasklist.htm
>
> *sigh*
>
> Here's a little exercise for you:
>
> 1. Create a copy of NOTEPAD.EXE in %SystemRoot%.
> 2. Rename it to exp1orer.exe (notice how it's written with "one"
> instead of "ell").
> 3. Run it.
>
> Now answer yourself some questions:
>
> Did renaming notepad to exp1orer somehow magically turn notepad into
> explorer? If not, why would you think a program's name meant anything
> in the first place?
>
> How do you identify the location of the program binary if you're using
> taskmgr.exe? The Windows Task Manager does not show the paths of
> executables in any Winddows version up to at least XP. And if you
> can't identify the location, what makes you think you could
> distinguish malware from a legit system binary?
>
> How exactly is malware running with admin privileges prevented from
> infecting/altering system binaries?
>
>
> And since you seem to like quotes, I do have two of my own for you:
>
> "Names. Don't. Mean. Anything. At all."
> --me
>
> "Please understand that, no matter how much skill you think you have,
> you still can't be certain that you got rid of all malware if you
> don't have a known-good baseline to compare against."
> --me as well
>
> cu
> 59cobalt

Read this : MBAM will not install or run(Fix) Maybe it will explain what I
am talking about. You have some preconceived notions about such Malwarebytes
"nonsense" : http://tinyurl.com/qdqlcl

tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> tommy <tommylee9_2000@removeyahoo.dropcom> wrote:
>>> I should have included a link that would help identify suspect
>>> processes. Here's one, there are many many more:
>>> http://www.answersthatwork.com/Taskl...s/tasklist.htm
>>
>> *sigh*
>>
>> Here's a little exercise for you:
>>
>> 1. Create a copy of NOTEPAD.EXE in %SystemRoot%.
>> 2. Rename it to exp1orer.exe (notice how it's written with "one"
>> instead of "ell").
>> 3. Run it.
>>
>> Now answer yourself some questions:
>>
>> Did renaming notepad to exp1orer somehow magically turn notepad into
>> explorer? If not, why would you think a program's name meant anything
>> in the first place?
>>
>> How do you identify the location of the program binary if you're using
>> taskmgr.exe? The Windows Task Manager does not show the paths of
>> executables in any Winddows version up to at least XP. And if you
>> can't identify the location, what makes you think you could
>> distinguish malware from a legit system binary?
>>
>> How exactly is malware running with admin privileges prevented from
>> infecting/altering system binaries?
>
> Read this : MBAM will not install or run(Fix) Maybe it will explain
> what I am talking about. You have some preconceived notions about such
> Malwarebytes "nonsense" : http://tinyurl.com/qdqlcl

Thank you for making perfectly clear that you didn't understand a single
word of what I wrote.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich