unable to initialize installer GUI + Admin pw

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by clixto, Aug 9, 2011.

  1. clixto

    clixto Specialist

    Hi there, I was trying to update VLC player and it asks me to type in my admin pw. I have no clue what it is. I deleted my original vlc player beforehand. I tried a sys restore and I got a blue screen. I tried again and got another blue screen. When I tried to dl VLC again I keep getting this pop up:
    A run as window pops up. Says you may not have all of the necessary features of the program you are about to run. You may run this program as a different user or continue to run the program as the current user. Then at the bottom it says Current user (which is mine and under that it says run program as the following user. Below that it has user: Admin then below that it asks for a PW.
    I decided to try KMplayer and I now get this message unable to initialize installer GUI. I need some help fixing this. I would like to be able to get VLC back.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    None of this really sound like malware problems; however if you want to pursue checking to see if there is any malware at play then the below is your starting point:


    READ & RUN ME FIRST. Malware Removal Guide


    Otherwise, I suggest that you post in the Software Forum.
     
  3. clixto

    clixto Specialist

    I ran the malware and something was detected. I was able to dl VLC finally, but it did get the GUI again for something else (Iforgot). Should I post the logs?
     
  4. clixto

    clixto Specialist

    Attached is my log and the blue screen errors (this only happened when I did a system restore). THe VLC issue happened a few weeks ago and I left it alone until yesterday. I have been catching occasional Trojan's through my AV of the past month or so also. I'm running Win 7 64 bit so I didn't run the root repeal. I noticed after running all the tests that my word documents on my desktop say .docx at the end of some files and I had some ghost files (semitransparent) on the desktop (some were word files and 2 were desktop Configuration settings (.ini)
     

    Attached Files:

    Last edited: Aug 10, 2011
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have not attached the logs requested in the READ & RUN ME. No where did it ask for a HijackThis log. You need to attach logs from the below scans which were requested ( see the instructions)
    • SUPERAntiSpyware
    • Malwarebytes
    • ComboFix
    • MGtools --- the log is C:\MGlogs.zip as stated in the instructions.
     
  6. clixto

    clixto Specialist

    Sorry bout that. I was watching the video for posting logs and only followed that. I'm not sure where to find the MGtools log?? When I search C:\MGlogs.zip, winrar opens, but I don't see the log
     

    Attached Files:

    Last edited: Aug 11, 2011
  7. clixto

    clixto Specialist

    Here is the MGtools log
     

    Attached Files:

  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    These logs are all clean. Let's run a couple more scans before deciding whether to totally rule out malware.


    Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

    Now please also download MBRCheck to your desktop.

    See the download links under this icon [​IMG]
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
     
  9. clixto

    clixto Specialist

    Attached are the extra scans. Thanks
     

    Attached Files:

  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not run TDSSkiller properly however I don't think we need it. You are not having malware problems. You should follow the below final instructions and then post in the Software Forum for help.


    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. After doing the above, you should work thru the below link:
     
  11. clixto

    clixto Specialist

    THanks I appreciate your help. So those ghost/hidden files files that I mentioned will be fixed after completeing the clean steps indicated?
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    There is nothing to fix. Those are files that you put there or that were always there. They are not malware. When you run final instructions, it will automatically rehide any system files ( like .ini ) files that had previously been hidden, but the files are still there.
     
  13. clixto

    clixto Specialist

    THe desktop.ini files are still there. They weren't here before. They look like hidden or ghost files. Can I just delete?
     
  14. clixto

    clixto Specialist

    After a reboot there are gone. THanks again for your help.
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes, I was going to ask if you had rebooted yet after running the final instructions. :)

    You're welcome. Surf safely!
     
  16. clixto

    clixto Specialist

    ;) cheers
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds