no antivirus, no firewall

  • Thread starter Thread starter Cheng_van
  • Start date Start date
C

Cheng_van

My Win XP Pro (SPII) no longer runs Avast, Sygate, Spybot, Hijackit
etc. The error message when I try to start manually any of them is
***.exe is not a Win32 application. It looks like to be the result of
a downloaded exe file which I thought was a font pack while it
actually turned out to be some black box reader or something like
that. Even the Rootkit revealer log can't be saved. I can't boot in
Safe Mode, can't run sfc /scan, can't run trend micro's housecall etc.
Is there any thing more to do than re-installation?
Thanks in advance for any suggestion
Cheng
 
My Win XP Pro (SP2) no longer runs Avast, Sygate, Spybot, Hijackthis
etc. The error message when I try to start manually any of them is
***.exe is not a Win32 application. It looks like to be the result of
a downloaded exe file which I thought was a font pack while it
actually turned out to be some black box reader or something like
that. Even the Rootkit revealer log can't be saved. I can't boot in
Safe Mode, can't run sfc /scan, can't run trend micro's housecall etc.
Is there any thing more to do than re-installation?
Thanks in advance for any suggestion
Cheng
Click to expand...

Hello Cheng:

1) Download, install, rename the executable to "CHENGmbam.exe", update
and run a full scan with the freeware version of:

<http://www.malwarebytes.org/mbam-download.php>

2) and, the same to SAS; "chengSUPERANTISPYWARE.EXE" from:

<http://www.superantispyware.com/>

or

3) make a bootable CD, or make a bootable USB device with up to date
antimalware applications.

Please update this thread with your progress. If you successfully
identify your malware infestation, please identify it here. Good luck.

Pete
 
Tried the first and here is the result:

http://pastebin.com/f6ba1c6dd

More soon
Click to expand...

Hello Cheng:

Excellent find!

At the time I replied to your thread, I wasn't sure if I should add
rootkit detection to the list. However, since your output report
reveals otherwise, same thing with "GMER":

Download, unzip, and run. Renaming is not needed as it randomly renames
itself.

<http://www.gmer.net/files.php>

The GMER scan may take a /long/ time. Its rootkit detections will show
in red I believe.

Once you have run everything multiple times and you have clean runs, you
may wish to update your own antimalware and run them till they're clean.

Good luck to you!

Pete
 
Hi 1PW,
Just curious to know why after downloading the files you have asked to
rename the same to ones you have mentioned ?
 
Back
Top