LandzDown Forum

I've got a problem where I can't open programs.

Earlier today I was checking email  (Hotmail) and  AVG told me there was a threat. Then antivirus  window popped up and did the (fake scan) etc.

I went to safe-mode and ran  malwarebytes and some abbreviated (AVG) scan.   Malware showed problems and deleted.

I also did a (remote) SuperAntiVirus scan.

Now, there are no pop-ups, but I cannot open any of my programs  (.exe) When I click on a desktop program it says (choose program to open) but I cannot.   i also get a  "jqsnotify)

I can get on the net, and all my documents/files, etc are fine.   I just can't click and open programs.

Also, I can't download or run any of the files to post Logs.   

While I could run AVG and Malwarebytes in safe-mode.. now, i cannot.  All desktop programs are shown, but not the normal icon..


What is the best thing to do?

Hi,

 No, this is a different computer.  I took the old one to a place and they thought the hard drive was cooked.. I found a similar computer cheap so I bought it.  Turns out the old one wasn't cooked, just needed to be wiped clean.

This is the (new) different computer.

all my files are fine, I can even get on internet,   there is the red shield icon in tool bar saying computer might be at risk.   then all desktop programs cannot be opened.

When it first happened, any icon I clicked on desktop would open the (Fake virus scanner)   So when I clicked malwarebytes  the fake program ran.   

I was able to go into safemode and run  malwarebytes and  AVG  (malware found and deleted items) and all desktop ICONS looked normal.. however, after I ran  SuperAntiVirus  is when desktop icons could not work.  (The icons are there, but the are not the normal program images, they are all white.)

All my files/videos/pictures, etc work fine.




Just can't run any programs. (the choose from list  box  opens and nothing works)



Thanks,

Rick

Sorry, It's basically the same system.


Windows XP.

I'm not sure how to get the MBAM log. I cannot open.


*when I click on an icon it says, in order to open windows needs to know what program it was created with, it can either search the web to find it, or choose from list*   Neither options seem to work..  The only items on list are firefox/IE and then there are video players  listed.

Thanks,

Rick

I downloaded  Rkill to desktop, however I could not run  *wouldn't open like other files*

I went to safemode to run  *SuperAntiVirus* again,  I realize before I did it under  Admin, this time I did it under owner.

it's run for an hour and half and found 2 threats  in registry.

it says,

System.BrokenFileAssociation


*I don't know what  fake A/V it is*    When i got the threat, the pop-up  that looks like  my computer with scanning on bottom opened.  I closed right down and went to safe mode, to try and avoid actually getting anything.



-Rick

sorry for all the messages..   Not sure if I should be running  Superantivirus, but it's the only thing I can run, and gives me any type of feedback.

I just ran full scan (not in safe-mode)   it found the following threats   and items detected.

Adware.TrackingCookie....................1 item
Disabled.TaskManager......................2
System.BrokenFileAssociation...........1
Trojan.Agent/Gen-Fake Alert(QNP).....2
Trojan.Agent/Gen-Antispy.................1
Trojan.Agent/Gen-Explorer(Fake)........6
Trojan.Agent/Gen-PEC......................6
Trojan.Agent/Gen-Virut.....................1

On all of them I can see the item location, etc.

For the  System.BrokenFileAssociation

  It says  Registry keys
                 HKCR\.exe


hopefully this will answer some of the questions..  I have not taken any actions on the above threats, yet.


-Rick

I was able to get malwarebytes to work..   first is results of scan last week.  then most recent.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6515

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/5/2011 4:23:27 PM
mbam-log-2011-05-05 (16-23-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 170897
Time elapsed: 21 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\owner\application data\Sun\Java\deployment\cache\6.0\38\7bbb1226-389a8718 (Trojan.FakeAlert) -> Quarantined and deleted successfully.


i updated and ran most recent scan... results below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6579

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/14/2011 6:01:32 PM
mbam-log-2011-05-14 (18-01-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 186043
Time elapsed: 27 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pboriqoba (IPH.Trojan.Hiloti.B) -> Value: Pboriqoba -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dxagolalocupuwo (Trojan.Hiloti) -> Value: Dxagolalocupuwo -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\owner\Local Settings\Application Data\nkx.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\icapubik.dll (IPH.Trojan.Hiloti.B) -> Quarantined and deleted successfully.
c:\WINDOWS\uz3dbav.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\owner\application data\Adobe\plugs\mmc5126593.txt (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\owner\application data\Sun\Java\deployment\cache\6.0\55\3e9e6c37-3f50b0a7 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\owner\local settings\Temp\0.04894478671244262.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Also, on my menu bar.. the Windows Security Alerts  (red Shield) is still there.. when I click it it says  Firewall is not monitored and automatic updates is off.   it says virus protection is on  (AVG)

I just want to make sure this  WSA  is legit, and not something that came through with the virus.


should I turn firewall-automatic updates on?