New nasty-- not a win32 application

Discussion in 'Malware Help (A Specialist Will Reply)' started by nnarth212, Feb 1, 2009.

  1. nnarth212

    nnarth212 Private E-2

    Fellas,

    You guys are great-- you get all my best recommendations.

    Similar to Cereth here. I had my virus software disabled by some... thing, I didn't investigate when I start at my desk 9AM Friday, I get a message that avast is not running due to... didn't read it, i figure restart at the end of the day:zzz stupid-- I figure maybe it's the update a 3rd party agency may have ran during the night (someone in my firm pays for this)--forgot about that, 11am I click on some popup-- I am in dangerous territory with mIRC running and an iexplorer of packetnew.com open (always nasty) and I DONT see a virus warning because (see :-o above) and now i'm in hotwater on the company box. Beyond stupid. Now avast is not a vaild win32 APP, nor are any of the tools I want to clean with-- has anyone had any experience with this one?

    I ran the guide as best I could-- only MGtools and mbam would work... logs posted.

    Very sad here-- I would like to save my stored OL2007 email-- if possible.

    Thanks all and enjoy the game!:major
    Colin
     

    Attached Files:

    nnarth212, Feb 1, 2009
    #1
  2. nnarth212

    nnarth212 Private E-2

    i don't seem to be able to edit my previous post-- but I should include that I found instances of srosa in the reg--- none of them removable, and only 3-6 keys.

    per this :
    http://forums.majorgeeks.com/showthread.php?t=180268&highlight=a+vaild+win32

    these were found, but couldn't be removed.

    HKEY_CURRENT_USER\Software\datetime4
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa
    HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srosa
    HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srosa
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa
    HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_SROSA
    HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\LEGACY_SROSA
    HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\Root\LEGACY_SROSA
     
    nnarth212, Feb 1, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The first thing you need to do is to stop Teatimer as instructed in the Read and Run First:

    Please Disable Spybot's TeaTimer

    * Run Spybot and click Mode
    * Select Advanced Mode.
    * Then click Tools and select Resident.
    * Now in the right window pane, uncheck TeaTimer.
    * Also while this is open, in the left column now select IE Tweaks
    * and then in the right pane make sure all the Miscellaneous locks are unchecked.
    * Now quit Spybot!

    Now use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 4"
    J2SE Runtime Environment 5.0 Update 9
    Viewpoint Media Player

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run CCleaner...both the cleaner and the registry ( make sure you do the backup when prompted).

    Now see if you can run both SAS and ComboFix.

    Now download and install:
    Java Runtime 6

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger. Also the logs from SAS and COmbo if you can run them.
     
    TimW, Feb 3, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds