assorted malware & trouble completing Run & Read...

Hello again MGs! Working on a friend's computer today. It's a Dell XPSP3. Having some real problems getting through the run & read me. This person decided they would try to "fix" the problem themselves before they called me and (needless to say) made things worse I presume.

I cannot install the latest Java - It returns the error: "ERROR 25099: Unzipping core files failed". I tried installing it several times again after some progress was made, but it still fails.

A while back I installed Online Armor on this system (because these folks need a computer babysitter - I clean their system at least once or twice a year!!). It appears as though OA is no longer functioning - I tried removing via add/remove with no luck. It is still running something in the background because on start-up you get an error from OA saying it is unable to start services. I want to get OA off this system and replace it with something more streamlined, like Comodo.

Initially unable to install SAS - returned the error: "Install Error: Error starting services, aborting installation". I tried the portable version with no luck.

Then just for fun tried running MB. It, and most anything else I tried to run returned an error: "Windows cannot access the specified file...you may not have the appropriate permissions..."

So, then I went to Safe mode. Was able to install and scan with SAS - it had 13 hits, but it left no log. Then, I was able to run SAS in normal boot and I got a log!

Was then able to install MB, but it still won't run (gives the same error as above). Nothing else would run in normal mode, so again I went to Safe mode. Was able to start Combofix but it just hung when it started the scan. Rebooted, again into Safe mode and was able to run and obtain logs from RR and MGtools.

So, at this point the system is still very infected. I hope that the logs I was able to obtain can give you some good info on where to go next. Whatever this system has, it is quite nasty and persistent!

Thanks!

 

Hi TimW! Thanks for the replies! So, I'm just now getting back to this computer. I tried doing what you replied about first (HTJ, etc.) and I keep getting the same "Windows cannot access the specified file...you may not have the appropriate permissions..."

So, then I tried the inherit program you suggested and still no luck. I tried dragging analyse.exe, Malwarebytes and Combofix into it, still no luck. Everything I drag onto it returns the same error as above.

Aye!

 

Nope.

Was able to install the SubinAcl file, but the .cmd file you had me make still returns the same error!

 

Thank you, I really appreciate the help TimW. I guess I'll post in the software forums, although, I'm concerned that there may still be malware present. Firefox won't work but IE does, and Norton is detecting Trojans still on start-up.

But, I guess if Windows won't let me run any scans then I'll look at doing a repair.

Thanks again!

 

Thanks for more suggestions! I'm not sure when I'll get back to work on that computer. Possibly not until Monday. But I will try that.

If you don't hear from me before then, have a wonderful weekend!

 

Hi Tim, sorry it took me so long to get back to you.

So, long story short, I was able to glean a couple logs from Norton AND run ESET.

The long story: when I got there the system was hung on a shut-down/restart. I then restarted 3 times - each time it would load to the Windows desktop but then just hang, like something was taking forever to load. Fourth restart was like a completely different system. Everything loaded, including things that I haven't seen work AT ALL since I've been working on this system, like Online Armor. It just started right up like it never was having problems.

So, after all this and a successful run of ESET, I thought I'd try installing the Java update - it worked! At that point, I was extremely curious whether MB or Combofix would run now, but I was out of time and had to stop where I was. A couple logs from Norton and one from ESET are attached. I don't know if the Norton logs will help you any...

THANKS!!!!

 

Hi Tim.

Soooo...got any other tricks up your sleeve? This thing is driving me nuts.

Tried running MBAM. Gave me two errors (didn't write either down, never gave me those errors again after that, only the same old "cannot find file" error that I've been getting). Then tried Combofix. IT ACTUALLY WORKED...BUT, stalled. I was SO P*SSED! It was so close. Got through all 50 stages and then deleted several files (a couple random ini files, then several from system32/images/ with weird names like "j1.gif, j2.gif, jj1.gif, jj2.gif, etc). Then it was deleting that system32/images/ folder when it seemed to stop. The computer sounded like it was still chugging along and suddenly a little Norton tray pop-up appeared saying that it was running a full scan during system idle!!! I don't know what happened - I DISABLED Norton. Finally had to manually reboot since Combofix went no further, even after Norton "claimed" it was done scanning. I couldn't stop the Norton scan because at that point Combofix had "hidden" the desktop and taskbar...

So, after about 20 reboots and tries to run MBAM or Combofix again, no luck and I gave up for the day. Combofix acted like it was going to start several times - one time I got errors about not being able to find a number of different files. Then after that, it said the Combofix file was corrupted. Tried re-downloading it several times. No dice. Still says corrupted. I'm considering bringing Combofix over on a CD again, since I assume that infection is probably what is making me unable to download a new, clean copy of it.

This is getting frustrating. Every time the system is rebooted, it acts like a different machine. One time slow, the next fast. One time Online Armor will start (had it happen twice) and the rest of the times OA slows the reboot and finally (eventually!!!) says cannot start service. Sometimes the desktop loads slow, others, it just pops right up.

I do have a Windows XP SP1 disc. I remember one time I tried using it to do a repair on a system that had SP2 and it gave me issues....I think. It was a while ago! But also, if this system has infections, then, will a repair even help?

Thanks for all of your time and help!

 

AYE!

Thanks for sticking with me on this Tim.

No, Norton hasn't caught anything on start-up since I ran the ESET scan.

This isn't my computer I'm working on, it is a friend's system. They don't have an external drive to back-up to. I do, but I wouldn't even dare get mine near this thing! They claim that the CD/DVD burner does work, so hopefully I can back-up using that (I haven't tried it yet to confirm if it even works still).

I guess the only thing left to try before a re-install is to try to bring a fresh copy of Combofix, like I mentioned earlier. I seriously have my doubts about that working, but I don't really want to do a wipe.

My issue with a wipe and re-install: the copy of XP I have was given to me a long time ago, solely to do a repair. The person who gave it to me didn't share the product key. And, from what I remember, I'd need the product key to do a full re-install, yes? I guess I'll try to scare up another copy of XP with a key.

Urgh. I hate it when people don't have a copy of their Windows software. But, even I am guilty of this! My original copy of XP (at least for one system) is floating around somewhere in California with my ex. And, I never got a copy with my laptop. Damn refurbs.

 

So, you're saying that my copy of XP should work with the key that is found on my friend's computer? I didn't think it worked like that...

My other source for a copy of XP with a key is telling me that he no longer has a copy and makes his clients buy a restoration disc from the manufacturer.

This lady can't really afford to buy much at the moment...

 

OK. Sorry, at this point I realize you're probably ready to ship me off to the software forums...this may be a dumb question, but when you say "same version", do you mean "XP, Vista, etc" or do you mean "Service Pack 1, SP2, etc."?

I'd ask that question in the software forum, but I doubt it will get answered. I've found that stupid/simple questions such as this never get responses on there!

I am going to try to use a fresh copy of Combofix from a CD a few more times before I go for a wipe. It worked before (until Norton decided to interrupt)....so, I feel like I should be able to get it to work again. Of course, a lot of this stuff should have worked before... We'll see...

Thanks again for all of your help.