HELP! Alpha Antivirus infection, no programs will run except for browsers

View previous topic View next topic Go down

HELP! Alpha Antivirus infection, no programs will run except for browsers

Post by beshir34 on Fri Feb 26, 2010 3:38 am

I can download programs, but when i double click to install, I get the pop-up "Application cannot be executed. The file XXX is infected." Thus, I cannot open any programs, except for browsers. I've tried download mbam.exe, but it won't install. It won't let me open task manager either.

Thanks in advance for your help!

beshir34
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-26
OS OS : Windows XP
Points Points : 24783
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP! Alpha Antivirus infection, no programs will run except for browsers

Post by Dr Jay on Fri Feb 26, 2010 2:15 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HELP! Alpha Antivirus infection, no programs will run except for browsers

Post by beshir34 on Sat Feb 27, 2010 1:07 am

For some reason, I'm unable to access that site. Can you provide another site to download the link?

beshir34
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-26
OS OS : Windows XP
Points Points : 24783
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP! Alpha Antivirus infection, no programs will run except for browsers

Post by Dr Jay on Sat Feb 27, 2010 3:27 pm

Not possible.

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Then, please try again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HELP! Alpha Antivirus infection, no programs will run except for browsers

Post by beshir34 on Mon Mar 01, 2010 12:00 am

I was able to get a ComboFix log once I removed the LAN proxy from IE. Here is the log...

ComboFix 10-02-27.04 - ************* 02/28/2010 14:14:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.334 [GMT -8:00]
Running from: c:\documents and settings\************\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users.WINDOWS\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users.WINDOWS\Application Data\sysReserve.ini
c:\documents and settings\************\Local Settings\Application Data\metydk
c:\documents and settings\************\Local Settings\Application Data\metydk\bnicsftav.exe
c:\documents and settings\************\Local Settings\Application Data\MSASCui.exe
c:\documents and settings\************\Local Settings\Application Data\mtg.exe
c:\recycler\S-1-5-21-2812339144-1885496373-139784179-1007
c:\windows\Downloaded Program Files\WebP2PInstaller.dll
c:\windows\Fonts\acrsec.fon
c:\windows\regedit.com
c:\windows\system32\azip32.dll
c:\windows\system32\drivers\H8SRTwswulkrjko.sys
c:\windows\system32\dzgtactx.dll
c:\windows\system32\H8SRTbnrfmxwbdm.dll
c:\windows\system32\H8SRTedxvrsbrxd.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTmufycpqwrq.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTuvqetygmlc.dll
c:\windows\system32\H8SRTxehbbeeybc.dat
c:\windows\system32\P2P Networking v126.cpl
c:\windows\system32\Thumbs.db
c:\windows\Tasks\qlejbexg.job
c:\windows\Tasks\shzahzjb.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 21:21 . 2010-02-28 21:22 -------- dc-h--w- c:\windows\ie8
2010-02-28 17:08 . 2010-02-28 17:08 -------- d-----w- c:\program files\ESET
2010-02-28 16:51 . 2010-02-28 16:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-05 04:04 . 2010-02-05 04:04 -------- d-----w- c:\documents and settings\************\myapimage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

2010-02-26 02:01 . 2009-08-08 15:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-23 03:39 . 2010-01-23 19:06 53432 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-18 04:11 . 2005-03-29 01:30 61984 ----a-w- c:\documents and settings\************\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 03:58 . 2010-01-27 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 03:19 . 2004-05-06 04:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-27 02:47 . 2006-01-21 02:19 -------- d-----w- c:\program files\Norton AntiVirus
2010-01-27 02:45 . 2006-01-21 02:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-01-24 20:44 . 2005-03-27 21:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-20 02:38 . 2010-01-20 02:38 2388432 ----a-w- C:\MGtools.exe
2010-01-11 01:29 . 2010-01-11 01:29 -------- d-----w- c:\program files\CCleaner
2010-01-10 21:17 . 2008-12-01 15:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 21:12 . 2004-05-06 04:48 -------- d-----w- c:\program files\Java
2010-01-10 20:54 . 2010-01-10 19:04 -------- d-----w- c:\documents and settings\************\Application Data\Uniblue
2010-01-10 20:54 . 2010-01-10 19:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
2010-01-10 20:51 . 2005-04-21 00:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2010-01-09 02:08 . 2008-12-23 23:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-09 02:08 . 2008-12-23 23:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Roxio
2010-01-09 02:00 . 2006-04-29 00:12 -------- d-----w- c:\program files\PartyGaming.net
2010-01-08 00:07 . 2010-01-21 05:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-01-27 03:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-04-29 23:45 . 2007-04-29 16:45 80 --sh--r- c:\windows\SYSTEM32\0E69A3E8DA.dll
2006-05-12 04:16 . 2006-05-12 04:14 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-01-21 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 23:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\QuickTime\\PictureViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\SYSTEM32\DRIVERS\SSLDrv.sys [6/8/2007 3:02 PM 20504]
.
Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search - [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {666E4D35-E955-11D0-A707-000000521958} - [You must be registered and logged in to see this link.]
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - [You must be registered and logged in to see this link.]
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\************\Application Data\Mozilla\Firefox\Profiles\tjf6j1sp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\************\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\************\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npNELaunch.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-bqefgcjh - c:\documents and settings\************\Local Settings\Application Data\metydk\bnicsftav.exe
HKLM-Run-bqefgcjh - c:\documents and settings\************\Local Settings\Application Data\metydk\bnicsftav.exe
SharedTaskScheduler-{662ccfb0-050a-42e3-847f-37164fd2c131} - (no file)
SharedTaskScheduler-{26c6dfbd-a2f6-46f7-9b28-7d772ebfd152} - (no file)
SSODL-vadudobej-{662ccfb0-050a-42e3-847f-37164fd2c131} - (no file)
SSODL-kazegobiv-{26c6dfbd-a2f6-46f7-9b28-7d772ebfd152} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-28 14:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
.
**************************************************************************
.
Completion time: 2010-02-28 14:40:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 22:40

Pre-Run: 27,809,169,408 bytes free
Post-Run: 27,725,651,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - CE0AB957423B11822CC5687824068D37

beshir34
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-02-26
OS OS : Windows XP
Points Points : 24783
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP! Alpha Antivirus infection, no programs will run except for browsers

Post by Dr Jay on Mon Mar 01, 2010 4:28 am

Hi again. Please do these steps in order.

1. Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

[You must be registered and logged in to see this link.]

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum