HELP!!!! Can't run anything

I just installed avast4, it wanted to scan my system after reboot so I said fine. It found what appeared to be a couple of worm’s in an .exe or 2, so I told it to delte them, and to delete any future ones it found. Well now I can’t run a single thing excent Internet Explorer. Windows explorer is gone, control panel gone, e-mail program gone, get the picture. How in the hell could this happen and how in the world do I fix it now?

Thanks,

^Hawk^

im assuming avast wont run either. so run an online scan here:
http://housecall.trendmicro.com
see if it finds any more of those worms

OK, Housecall is scanning. How do I get my exe files back. I can’t run a single program on my PC. I’m screwed if I have to reinstall everything.

do you know the names of the .exe files?
What did Housecall find

explore.exe swishmax.exe rundll32.exe qw.exe the list goes on and on

Housecall is still scanning…so far it’s found another virus…JS NOCLOSE.E

Hawk, MacLover called me to help you. I’ll say it won’t be easy to recover your .exe files one by one. Anyway, there are a quite good application that you can run at a floppy: Restoration 2.5.14 or you can download here.

Others have to be installed into a Windows envyronment: PC File Recovery.

I recommend you try avast! Virus Cleaner Tool. You can run into ‘Windows Safe Mode’ to be sure of a complete cleaning and then, after, try to recover your exe files with Restoration. Note, Restoration does not need to be installed into the HDD and before the ‘disaster’ happenned.

If you can get some help from raman, he is a experienced avast user about viruses and cleaning. We will be here trying to help you :wink:

Latest update. It seems that at least some of the files that I thought were deleted were not. The problem is windows has forgotten how to run an .exe file. I downloaded those 2 programs to my desktop and tried to run both and I got the same error message. "Windows cannot find the program, use search to find it. I’ve used to search to find some of these files, and when I try to run the files that search finds, I also get the error message. So is this hopeless, or do I just need to do a few specific things?

Thanks for all the help so far. If I ever meet a virus writer, even if he or she is 8 years old, I’m ripping out their spine and hanging it on a stake in front of my house.

Did some more searching, and it seem the PrettyPark virus causes these symptoms, but I can’t find any traces of that virus on my system, so I’m still looking…

IM back. Here is what i found on the trojan housecall found
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_NOCLOSE.E
if you have java installed when this is over be sure to install the latest version of that platform and update IE as well.

what version of windows are you running? and post a hijack this log IF you can http://mjc1.com/mirror/hjt/
ill notify raman

Please start your PC in safe mode and start regedit.
check the Value of this Regkey:
[HKEY_CLASSES_ROOT\exefile\shell\open\command]

The value should be : “%1” %*

I’m running Win XP Pro. I’m attaching the hijackthis log.

Raman,

That is the registry entry I have for that setting.

My .exe files are back to working, now I need guidance to make sure my system is clean, and have nothing hiding in wait to pop up later on.

Thanks,

^Hawk^

Hui is there a virus you are not infected with? :frowning:
You are highly infected! Optix, supernova, SDbot or gaobot(?) Adware
What do you want, cleaning your PC, or format and reinstall all?

The last choice is the better on.

I would surely prefer to clean vs. reformat and reinstall. To give you an example. Avast has been scanning for hours, over 500,000 files so far. I takes me weeks to reformat and reinstall everything, and since I have to back up so much data, am I not risking backing up a virus and introducing it when I start to reinstall anyways?

Here’s what avast just found:

Win32: Trojan-Gen (Other)

ADinf-1646

The adinf should be a false alarm, and you should let avast scan in safe mode. It is(this time) faster then running it with all the viruses active and in safe mode avast should be able to clean/delete them.

Please remember an infected Backup is beter than none and do not blame me if something will not work after this.
Okay, start your pc in safe mode and let hijackthis fix these things:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM..\Run: [System Profile] c:\windows\system32\regsrv.exe
O4 - HKLM..\Run: [Supernova] C:\WINDOWS\CHEESE~1.exe
O4 - HKLM..\Run: [msbb] C:\PROGRA~1\INTERN~2\sim\msbb.exe
O4 - HKLM..\Run: [GMTDKQXEK] C:\WINDOWS\GMTDKQXEK.exe
O4 - HKLM..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM..\Run: [AHKRXBO] C:\WINDOWS\AHKRXBO.exe
and everything under 016 exept the [update class] line.

restart and post a new log

OK here’s the latest Hijack This log. I’ve scanned with Avast!, Spybot Search and Destroy and Hijack This. I’ve removed and cleaned everything that was identifed by all three as bad.

Thanks,
^Hawk^

Looks much better now, please test this file: C:\WINDOWS\AHKRXBO.exe here: http://www.kaspersky.com/remoteviruschk.html

and fix the following entries:

O4 - HKLM..\Run: [AHKRXBO] C:\WINDOWS\AHKRXBO.exe
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

I like People using Plextor drives! :slight_smile:

I Love my Plextor, they are a little bit more expensive, but worth it. I’ve been using Plextor since the quadplex, where you had to insert the CD in the special cartridge.

OK, I’ve turned on all the settings to view all the files in my c:\windows folder and I don’t find that file in there. I fixed the other two entries and run hijackthis again and that file you wanted me to upload still shows up. Wierd. I also now have all the computers in the house triple protected with Avast!, Spybot S&D and Hijackthis. No virus’ found on other computer, just alot of spyware which was promptly removed.

Hawk, I think I was correct when I said…

And when I said you’ll receive the best help from raman…

Are you clean now? :wink: