Something is resetting permissions on .exe files

Anytime I try to run a malwarebyte scan, a Mcafee virus scan, a superantivirus scan, a spybot scan, or a hijackthis scan, the program will start running, then just stop with no logs generated. The permissions on the .exe files that run these apps will be set to "everyone", and all other permissions removed. If I try to run the app a second time, I get an error message that "windows cannot access the specified device, path, or file." If I set the permissions back to what they are supposed to be, I can run the app again, but the same thing happens. Program stops running, and the permissions are changed again. Not sure what to do since I can't even run a hijackthis scan to send you a log file.

 

Open up a Windows Explorer window, go to 'Tools', then 'Folder Options'. Under 'View' make sure 'Hide extensions for known files and folders' is unchecked/unticked. now right click the exe program you want to run and replace the '.exe' with '.com'. If that doesn't help, try '.pif' or '.scr' instead. If none of that works, try booting to safe mode and then trying to set the permissions and run your .exe file as before.

 

Same thing happens no matter what the extension is. Running in safe mode is no different. Any scan still just stops running, and the permissions are changed.

 

You'll probably get better responses to this question if you ask to move this thread to the Malware forums (I don't have access to move you myself).

The good news about your situation is that it'll allow you to run the executable file, if only for a moment. You may then have some luck using rkill. It's a great little program that closes a variety of different malware so that you can use your anti-malware program of choice to actually remove it. Here is a post about rkill and some download locations:
http://www.bleepingcomputer.com/forums/topic308364.html

Stick to Safe Mode to do all these scans and things btw, it'll make life easier. You may find that if you run rkill, and then try scanning again, that the same problem reoccurs. If so then it sounds like you have a rootkit, which is a particularly low-level malware that most antivirus and antimalware programs aren't very good at removing - as you can see! There are several different rootkit cleaners out there, but I'm afraid I don't know the best one(s) to recommend. Hopefully you can get this thread moved to the Malware forum, or someone from there migrates over to this forum to lend a hand.

 

94dgrif is absolutely right. The Malware forum is the right place to post.

However, to add my two cents, it may be worth your while to uninstall SAS and MBAM and reinstall using DIFFERENT and UNRELATED paths and file names. So instead of installing to "C:\Program Files\MBAM" install to something like "C:\Program Files\goodbyevirus" or something like that. Then BEFORE running the newly installed program, navigate to the folder and rename the .exe file to something else again like "thehounds" or something. THEN run it. Some viruses look for paths and exes with the standard names and block them, changing them sometimes works.

If that does not work. Definitely get your thread moved to the Malware section.

 

How do I move this to the Malware section?

 

Greetings, PopOfTrips.

You can start a new thread in the Malware Removal forum describing your symptoms. If you haven't already done so, I suggest running through the Read & Run Me First thread. The moderators there will then instruct you on the best course of action.
It might be best to leave this Software thread active in case your issues turn out to be non-malware related.

Good luck!

 

OK. Thanks. Starting a new thread in the Malware section, but will leave this one here for awhile in case it turns out to be software related.