Getting message "file"exe is not a valid Win32 application

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Youri, Apr 21, 2008.

  1. Youri

    Youri Private E-2

    Hi, Geeks,

    Looks like you have an answer to any question....

    After carefully checked all messages on board, and do some homework have decided to put down by problem.
    Received exe. file made my computer stoped proper functioning: pop-ups, slow speed, lost control over operation. Indeed, the classical example of spyware / malware....

    Symptoms are:

    1. Running HijackThis, Avenger, Spyware Doctor, Spybot S&D and Avira Antivirus have the same message: "...is not a valid Win32 application"
    2. Safe Mode does not work.
    3. System Restore does not work.
    4. Spyware Terminator, SmitFraudFix, A-Squared Free, Malware Sweeper, CCleaner surprisingly work but with no much of end result.
    5. Running MGTools giving the following information (in attachment):

    Processes running:

    Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    Also, I have found insteresting information in "new files" log:

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    Locating all files created in C:\WINDOWS\System32\drivers\etc within the last 90 days.

    "C:\WINDOWS\system32\drivers\etc\"
    hosts Apr 21 2008 716 "hosts"

    1 item found: 1 file, 0 directories.
    Total of file sizes: 716 bytes 0.70 K
    ******************************************************************************

    Locating all files in C:\WINDOWS\System32\inf This is not a normal Win folder

    No matches found.
    ******************************************************************************

    Locating all files created in C:\WINDOWS\Driver Cache\I386 within the last 360 days.

    No matches found.
    ******************************************************************************

    Locating C:\WINDOWS\TEMP files created with in the last 90 days.

    "C:\WINDOWS\temp\"
    mpcmdrun.log Apr 21 2008 1690 "MpCmdRun.log"

    1 item found: 1 file, 0 directories.
    Total of file sizes: 1,690 bytes 1.65 K
    ******************************************************************************

    Locating C:\Documents and Settings\Owner\Local Settings\TEMP files created within the last 90 days.

    "C:\Documents and Settings\Owner\Local Settings\Temp\"
    getunkey.txt Mar 8 2008 306882 "GetUnKey.txt"
    KAVUPD~1 Apr 21 2008 "KAV Updater update files"
    lastscan.txt Apr 21 2008 3596 "LastScan.txt"
    msid9d8b.log Apr 21 2008 526 "MSId9d8b.LOG"
    perfli~1.dat Apr 21 2008 16384 "Perflib_Perfdata_5f4.dat"
    ~df1d22.tmp Apr 21 2008 16384 "~DF1D22.tmp"
    ~df1d2d.tmp Apr 21 2008 512 "~DF1D2D.tmp"

    7 items found: 6 files, 1 directory.
    Total of file sizes: 344,284 bytes 336.21 K

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    System is XP Home with SP-2 (above noted...), installed at Best Buy, hence no bootable disk or like.

    Now the question to professionals: What to do?

    Many thanks,

    Youri
    Ontario, Canada
     

    Attached Files:

    Last edited by a moderator: Apr 22, 2008
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please do not post any logs inline. We do not need you to attach HijackThis logs either.

    You need to uninstall Java 2 Runtime Environment, SE v1.4.2_03 as requested in step 1 of the READ ME and then install the current version as requested.

    Also per step 1 of the READ ME, run MSconfig and put your system into Normal Startup mode.

    I also noticed that you have Iolo System Mechanic Pro installed which includes an antivirus application, but you also have AVG Antivirus installed (which by the way is out of date. The current version is 7.5). As stated in the READ ME, only one antivirus should be installed. However I'm not even sure that either of these are running properly. I suggest that you uninstall both of them right now and then reboot. After reboot download and install/update this: AVG Free Edition

    You also have too many antispyware tools installed:
    • Ad-aware 6 Professional - this is way too out of date to be useful
    • Malware Sweeper 2.3.0.1 - did you purchase this?
    • Spyware Doctor - is this a trial that you just installed that does not fix anything?
    • Spyware Terminator
    • Windows Defender
    The information that you highlighted from newfiles.txt is nothing important.

    You need to attach the other logs that were requested in the READ ME from
    • SuperAntiSpyware
    • Malwarebytes Anti-Malware
    • ComboFix.
    Based on your newfiles.txt log, you never even installed them. You need to complete all steps in the READ ME in the order written and then attach all of the logs. MGtools must be run after the other tools so you will have to attach a new MGlogs.zip file after the other tools have been run.
     
  3. Youri

    Youri Private E-2

    Chaslang,

    1. Java 2 Runtime is removed by "Add and Remove program" option.
    2. Where to get "READ ME" file to follow?
    3. As instructed, System Mechanic is uninstalled.
    4. System does not allow to run ComboFix (after re-naming it to cf.exe) giving the same message: "is not a valid Win32 application"
     
  4. Youri

    Youri Private E-2

    Chaslang,

    Appreciate your help.

    Ad-aware 6 Professional - removed.
    Iolo System Mechanic Pro - removed.
    Spyware Doctor - removed.
    AVG 7.5 – removed.
    Java – removed.
    Malware Sweeper 2.3.0.1 - did you purchase this? - It's a Free Version.


    As instructed, run as follows:

    SuperAntiSpyware-O.K. - removed some viruses.
    Malwarebytes Anti-Malware - O.K. - removed some viruses.
    ComboFix. - system not allowed to run.
    -----------------------------------------------
    After this AVG Free Edition installed.
    ------------------------------------------------
    Then, I run AVG Free Edition and removed a lot of viruses.
    This allowed to start and run HjackThis. File is in attachment.
    ComboFix still can not be opened and shows: "is not a valid Win32 application".
    Then, Malwarebytes Anti-Malware and SuperAntiSpyware did not find any viruses or like.
    I run the "MGlogs" and file is in attachment.

    Please instruct for the next step.

    Thank you again,

    Youri
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are supposed to be follow the instructions in the sticky thread given below and seen on all pages in the forum:

    READ & RUN ME FIRST. Malware Removal Guide


    You still need to start at the beginning of the above and complete all instructions in the order gievn and this also still means anothe MGlogs.zip file since you have again attached it before running the other steps in the READ & RUN ME FIRST.

    I repeat again, we do not need you to run HijackThis and attach logs from it. We need you to run the above!

    Does the free version of Malware Sweeper, fix anything? If not, uninstall it.
     
  6. Youri

    Youri Private E-2

    Wow, Chaslang,

    Looks like all nice and clean. :drool No pop-ups, no messages. Nothing wrong...
    I just followed what was in "Read & Run Me First" Guide.

    Attaching is MGlogs file for your consideration. Is it O.K.?

    Thanks,

    Youri
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry but you definitely are still not clean; but I cannot finish helping you since you still have not followed instructions. You need to run ALL steps in the READ & RUN ME. You must run all of the scanners and attach ALL of the logs. MGtools is the very last thing to run but it is the only log you have been attaching which is not what we have been requesting. Please run ALL steps in the READ ME from beginning to the end and then attach the below logs as requested in the READ ME:

    • SUPERAntispyware
    • Malwarebytes Anti-Malware
    • C:\ComboFix.txt
    • C:\MGlogs.zip - this needs to be a new log after the above have been run.
     
  8. Youri

    Youri Private E-2

    Sorry for being not accurate, will do my best.
    Thank you.
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Once you attach all of the logs we will be able to help you.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds