Hiya all
For 24 hours now my pc went crazy. After receiving a zip and executing the file which would be a cracker for Kaspersky Internet Security, sent by a friend thro file transfer on Yahoo Messenger (he said he got that cracker on EMule), things went outta control here.
I had for years NIS 2005 running for firewall and AV. Since its registration expired I kept using it only as firewall (no matter if it couldnt be updated) and installed in July 2007 Avast! 4.7 to run for AV. So far so good. Last week I had NIS completely suspended and longer running as it reached the max period for being installed without a renewed registration and couldnt be started anymore. So I proceeded to uninstall it using Control Panel and put Windows Firewall to work.
I thought to be ok and safe having WF + Avast! for AV till i started to realise maybe something was passing thro internet without getting the alarms I was used to with NIS. I decided to install another tool to get safer. I already had KIS 6 downloaded on hard drive along with a supposed ok regkey to use on it, then I tried to install it but it didnt work as the key expired (no wonder, I had it with me since 2006) - so the install of KIS never really happened as it was canceled by time it asked for regkey, being the one i had invalid, the process was aborted.
I didnt sleep much over the matter till this last weekend when I checked Kaspersky site and the version I had was not that outta date, then I thought to try for a new cracker or keygen. Yesterday I made the stupid request for an old friend who was online to give me a hand to search those. He passed me 2 links for regkeys I downloaded myself which didnt work as they were old and unvalid as the one I had here. He tried then on EMule and sent me a zip file (about 700K) which caught my eye for being damn big for a keygen. Once I unzipped and ran the exe, it asked me which file to crack (pretty weird again). I pointed for KIS exe file and it ran a process which gave me an weird error I dont recall and auto aborted the task. Just after that, I left puter connected and went for lunch. As I can see in my logs, pc restarted by itself something like 1-3 minutes after cracker played and for a coincidence I wasnt on my desk.
When I got back from lunch, I found it a bit weird but didnt give it much credit. Anyway, I decided to go ahead and install KIS for the moment being (with activation later) so to try it while looking for an ok cracker. At the moment it started to run the setups it asked many many times in a row about configuring ports and accesses for Flashget and couple more programs, till it prompted on an alert window a program was trying to change Avast INI file and if agreeded with that or not as it could disable real-time scans and some features of Avast!. At first I said NO NO NO NO… that window popped 27398423789432 times in an eternal loop, then i decided to click YES to see it if it would stop. It didnt. It kept prompting the alert and no matter YES or NO or closing the box, it loop didnt stop.
Im not sure now if I ended KIS by killing the process on task manager and then proceeded to uninstall it from Control Panel (which took many attempts till finally working; for 3 previous attempts it gave an error saying some file was missing so the removal was impossible) OR if system froze and I had to force reboot and when back tried to uninstall it as I said above. Either way, while trying to uninstall KIS and realising things went much weird, I tried to scan that cracker with Avast! and nothing happened. Whole system went very slow, Task Manager was prompting for 100% CPU usage no matter what, I had to reboot many times till getting Control Panel to populate add/remove programs and stuff. Also when trying to connect on internet, for times it wasnt recognising modem or giving errors, when connected it didnt show any stability.
On those reboots my icons on the status bar disappeared almost completely. Programs were not being loaded or if they were, they were not showing on bar and if selected manually to run, some would others wouldnt. I got many errors during the start up about files missing and apps not able to start properly. Avast! icon had disappeared as well and trying to run the application was toll frustrated.
By then, occurred to me to RESTORE the system and so there were many attempts without any results besides one - when I asked for the Restore and it came back saying “Your system couldnt be restored and no changes were applied”, the system for some reason put back my start up icons working and the speed of pc was almost normal. For that moment Ive noticed 3 things more:
- WF was ALWAYS disabled on Security Center with the message saying “Security Center is not turned on. Restart or select to switch it on” or similar;
- Avast! icon had disappeared for good even if all the others were back and still no use to try to use it or to uninstall it (it wasnt showing on Control Panel either);
- connection to internet started to work again BUT once Internet Explorer was trying to run, it would make the system really crazy, calling many different Prefetch files, taking over CPU usage, creating gradually dummy files like “14979875.exe” running on processes, forcing the system to collapse if left running that way or for me to switch off power so to be able to restart.
By then was more than clear I had a bug messing with the system or maybe some Windows system file was corrupted and I didnt have any AV to scan pc. Some thunderbold stroke me in the head and I tried once more to remove Avast! 4.7 now by running the install file. It worked that way and from that moment on at least system was being started in a more normal way so I could try run the Avast! Cleaner I had downloaded previously (same version as the available on site) and results were negative (report attached). Second thought was to get a new version of Avast! and scan pc. I found out also even if IE was impossible to run, Firefox was working normally and from there I downloaded Avast! 4.8 and some patch files I searched on MS site for fixing IE7 bugs and stuff. I thought the problem was a bug or corrupted file on system and on IE as when running IE the system started to fetch other programs and files overloading CPU.
Many hours later and many downloads done, I tried to install those files and absolutely NONE worked. The error was the same “not a Win32 application” or “file corrupted”. Also not a single online scan worked for me on Firefox (most of them require IE) which would bring a result of infection. By having those messages I came to Avast! forum and I got my chin down when searching for those keywords and getting so many returns. I read lots of topics and downloaded some of the files which were pointed but then again, Im stucked.
Most of applications dont run as they hit on the same wall… “not a Win32 app”. The Combo-Fix didn’t work as well (report attached) as it crashed the system after prompting it was changing my pc clock (MS Windows report attached). The Symantec solution FXBGLEMO.EXE can’t be run as my PC DOESNT ACCEPT TO RUN UNDER SAFE MODE (when I select it, comes a sequel of files like if they were being read or fetched starting with “multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\SYSTEM32*.*” and then it restarts again and ONLY accepts the normal mode.
I tried also the RegisterBooster and it ran ok. Too bad it gives the result of 747 errors/problems but says it can fix only 15 on trial. When I tried to see the log file, it opened IE and crashed pc as before. I tried from another path from the console and it froze the system. Also I couldnt find the file on my pc so to read it and attach it here.
So, dear new friends, would have someone out there who could have patience to read this novel here and help me out on fixing this? IS THERE A CURE, DOCTOR? ???
In advance, Id like to thank anyone who will have patience to read this and even more to the ones who might be interested in helping me.
PS1: Attached goes my pc configuration.
PS2: I downloaded and ran the tool to remove Norton program using SymNRT and it worked ok.
PS3: I have HiJackThis but not installed. I tried to run it but again the same ‘not Win32 app’ error.