Programs won't run.

Discussion in 'Computer Software and Operating Systems' started by Devante, May 28, 2011.

May 28, 2011

Programs won't run. by Devante at 4:03 PM (811 Views / 0 Likes) 2 replies

  1. Devante
    OP

    Member Devante Crescent fresh at best.

    Joined:
    Nov 29, 2002
    Messages:
    1,212
    Country:
    United States
    Hey guys, having a tough issue with my PC. Windows 7 - 64bit

    My virus scanner (AVG) was down for a week or two and I got a virus in that time.
    The fake virus scanner virus and also one that pops up random ad websites.

    I did some virus scanning but now when I try to run a program, it won't do anything.
    I'll see it pop up in task manager for a few seconds, then go away again.
    Happens even in Safe Mode.

    Let me list the things I've done:

    Session 1: Safe Mode
    Ran: Super ANTISpyware, Malwarebytes, Spybot, HiJackThis, CCleaner
    Result: Got rid of fake virus scanner, but not website popups.

    Session 2: Safe Mode
    Ran: Same programs + Ad-Aware
    Result: Aforementioned issue - programs won't run.

    Session 3: Booted off of UBCD4Windows disk.
    Ran: McAfee Stinger, Avira, Super ANTISpyware, SpyBot, Avast! Tool
    Result: Same - Programs won't run.

    Session 4: Scanned HDD externally from another Windows 7 machine.
    Ran: Super AntiSpyware, Spybot, Malwarebytes, AVG, Anti-Malware (formally a-squared)
    Result: Same - programs won't run.

    Session 5: Safe Mode
    Tried: rkill (tried exe, scr, com, and the other variations), ComboFix - neither will run
    Tried: Renaming rkill to notepad.exe and running from Windows folder - same problem, although notepad itself will work
    Tried: Uninstalling Ad-Aware (in Safe Mode and normal mode) - gives error "Cannot access the Windows Installer service"


    So I'm at a loss at what to do now.

    Any suggestions guys?
    Anyone come across this?

    Thanks for any advice.
     
  2. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,712
    Country:
    United Kingdom
    "The fake virus scanner virus"

    The vast majority of these I see reroute the exe/PE launch routines to make it activate on every attempt to launch an exe by standard means- it is one of the reasons Super AntiSpyware comes as a .com file and one of the reasons gmer comes with a self contained command line/program launch and most methods will have you. This is besides the point- if one of the removal programs restored the launch method badly I can see this happening.

    Try to get to the command line and launch things from there- the same thing that allows the scanner to be good will work here as well.

    "%1" %* quotes included should be the value. You can do this from the registry but I do not know offhand where 7's entry is. XP is HKCR\exefile\shell\open\command

    I am not sure if it will fix the problem (probably not as it is a registry issue) but "SFC /scannow" from a command line is a good idea as well.

    Session 3: Booted off of UBCD4Windows disk.
    Ran: McAfee Stinger, Avira, Super ANTISpyware, SpyBot, Avast! Tool
    Result: Same - Programs won't run.

    Interesting- before I say something like BIOS loaded malware (such things returned to the fore the other month) I will mention most of those malware tools have serious issues running from livecds.

    Equally it might be the boot sector- malware that hits there is considerably more common these days. Plenty of tools to sort this.
    On the same line of thought just to be safe when you stuck the drive in your other machine it did not have autoplay enabled?
     
  3. Devante
    OP

    Member Devante Crescent fresh at best.

    Joined:
    Nov 29, 2002
    Messages:
    1,212
    Country:
    United States
    Session 6: Booted off of UBCD4Windows disk.
    Ran: gmer
    Found: TDR@MBR virus
    Ran: Recovery Console > bootrec /fixmbr
    Results: Profit!

    Thanks for the gmer suggestion. Never heard of that one.

    So it turns out I had a boot sector virus after all. Crazy, in all my years working on PC's (even as a EasyTech at Staples) I've never had a PC infected with a boot sector virus. I guess they're making a come back? ha

    Anyway, thanks again man.
     

Share This Page