Sign in with
Sign up | Sign in
Your question
Closed

Infected machine cannot execute anyhting! please help

Last response: in Windows XP
Share
July 26, 2011 6:12:24 PM

my mothers computer was infected with the malware protection virus. I removed it using mbam without any issue. but in my browser i was still getting redirected so i installed S.A.S and then booted into safe mode with networking. then xp internet security 2012 popped up during safe mode. I knew it was a rogue so i ignored it until super anti spyware was finished scanning. it removed the rogue. then when i booted the machine and tried to launch any program (including cmd) it would come up with the error " open with". please help! ( in the S.A.S log i did delete the tracking cookie info)


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7277

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/26/2011 9:47:13 AM
mbam-log-2011-07-26 (09-47-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 234449
Time elapsed: 3 hour(s), 36 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\bill \local settings\Temp\0.4096347664751798.exe (Exploit.Drop.2) -> No action taken.
c:\documents and settings\bill \local settings\Temp\0.5610624693250243.exe (Exploit.Drop.2) -> No action taken.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2011 at 12:40 PM

Application Version : 4.50.1002

Core Rules Database Version : 7460
Trace Rules Database Version: 5272

Scan type : Complete Scan
Total Scan Time : 01:44:26

Memory items scanned : 279
Memory threats detected : 0
Registry items scanned : 10417
Registry threats detected : 5
File items scanned : 38492
File threats detected : 168



Trojan.Agent/Gen
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#483227614
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#483227614

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Trojan.Agent/Gen-Frauder
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\QXC.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1018\A0144218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1019\A0144232.EXE

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\WINDSET.DLL





July 26, 2011 6:34:13 PM

That doesnt help me. I need to fix my pc so I can execute files. any idea why i can run anything?
Score
0
Related resources

Best solution

a b 8 Security
July 26, 2011 6:41:44 PM



Because the nasty threat has disabled exe files from being able to execute, in case one of them can help to kill it. There's about eight Registry entries to modify or you could go to Doug Knox's site at http://www.dougknox.com, click the XP Tips link then the XP Fixes and then on exe file fix and lnk file fix.

Open your infected box in Safe Mode and transfer those files into it and double click them an they will put the Registry back to normal. Run MBAM's full scan in Safe Mode and it will probably find entries it missed in Normal.


Share
July 26, 2011 10:29:26 PM

Best answer selected by stevenlikesfishing.
Score
0
a b 8 Security
July 26, 2011 11:42:35 PM

This topic has been closed by Area51reopened
Score
0
!