Serious Problem with the Install....

OK, I’m attempting to work on a friends computer to remove viruses and such. I know this has part to do with it, but I need some professional help with this.

It’s an Emachines (yay) with XP Home SP3, 3.0Ghz intel, 512MB Ram, with plenty of HD space left.

So far, I have used several registry cleaners to do nothing cept free up some disk space, and Spy Bot has helped to remove the vast majority of problems from the computer. I am certain there is at least one virus left (I have no clue what they have done to it, but what good PC Tech does?), and I by far trust Avast more then the ones you have to pay for, and get less with. The problem is installing it.

After going into Safe Mode, disabling everything I can possibly think of, and uninstalling stupid things which I know have been hurting the computer, I still get the dreaded error 1006. All the work arounds I have seen aren’t working. Can’t find anything have to do with NVidia firewall, and I’ve disabled Windows firewall. Can’t seem to uninstall Yahoo Antivirus, though that’s not actually doing anything currently. But before I get to any initial screens of installation, I get this message:

An error 1006 (000003EE) has occured.
Last performed operation was:
opening the self-extract archive

Try to download setup file again.
If you use Internet Explorer, clear it’s cache before downloading:
then the command path for internet options is given.

It’s not the setup file, because I can’t even GO TO avast.com, the browser (Microsoft or others), just keeps closing. I can visit many websites, aside from anything antivirus. No big deal, because I have many other computers to use. I downloaded and tested the install file, works fine for me, but immediately after double clicking the file, I get the message. I can’t seem to locate anything else in add/remove programs, and I don’t know the chipset. I can’t install in safemode or anything, so any help would be great :smiley:

Hi…

This is a common tactic among viruses, I’ve seen it before. ::slight_smile:

I’m not sure if you will be able to access these sites but here is a regimen created by Tech, a fellow member of this forum, that might help. Go to this thread and read the fourth post…

http://forum.avast.com/index.php?topic=39312.msg330023#msg330023

Best Regards…

Unfortunately this is a no go as well. Still shuts down Internet Explorer and Mozilla when I try and access Avast.com, and detects MANY things, but can’t seem to fix them. I’m going to try and download AVG, if anything just to see if I can install and catch [i]something[i]. Though as I’m trying this, not even AVG will install. This is a heck of a virus this computer has. I don’t know where to look or even begin to stop this. I tried everything listed above, and MalwareBates won’t even install. Spy Bot picks up somethings, and that little nastey thing that disables task manager goes away with Spy Bot, but I know there’s something left on this machine. Any further thoughts? Anyone?

have you tried avarahttp://www.free-av.com/? Or the avast cleaner utility? Or the microsoft utilityhttp://www.microsoft.com/security/malwareremove/default.mspx?

Did you try installation from safe mode ?
Can you get into safe mode ?

Try changing the file name of the installation file of malwarebytes in case the virus is on the look out for specific names, like littleravenssongMBAM.exe and see if that will run.

Another tool to try, DrWeb CureIt! ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe (Free) Fairly effective against file infectors, Virut, more so when used in safe mode.

Hi…

You might very well be looking at reinstalling the entire operating system from scratch, if the above suggestions don’t work. :frowning:

If you do, I would strongly advise you to delete the partition (on the hard drive) and create a new one when reinstalling the OS, lest the virus survive the reformatting. I had that happen once on a system I worked on a few years back. :frowning:

Best Regards…

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

I can get into safe mode with all options, but the virus, or whatever it is, is still active. I can’t install avast, or AVG, but haven’t tried any other anti-virus programs since money (like so many other people) is a bit tight right now. I’ll continue to try the suggestions, but as time goes on, I fear that the computer will need to be reinstalled from scratch. If anything, the computer is still usable, just not to it’s full capacity. I’m sure my client will be fine with that, I’m just trying to cover all the bases, and do everything I can. Thanks for all your help to those who have given it, and I’ll keep at it for another week or so with the research and stuff. Just wish I knew more about the registry and where to look in there, for the sheer fact I have a hunch there’s a setting I can change to disable whatever is disabling me. Just finding it is the hard part, and messing around in the registry, as well all know, can be fatal…

Hi Tech…

I made reference to your “regimen” in my first post in this thread. :wink:

Best Regards…

OK now we’re onto something! I chose one antispyware program that I wouldn’t even THINK would point me in the right direction, and low and behold, I found the setting in the registry that was disabling the install!

I don’t know if this is a universal fix, since previous online searches, different work around seem to work for others, BUT, I used Yahoo Antispy (above all little programs), which did what it could to delete the file, but couldn’t. BUT it did point me in the right direction to the deletion of a certain key.

AGAIN, I don’t know if this will work for EVERYONE, but, this is the key that worked for me…

hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\contentmatch.net

deleting that got rid of both internet explorer crashes on anti-virus websites, and allowed me to install avast! Now to further clean this thing out…

Thanks for the feedback, glad that you have resolved the problem.

Sorry, didn’t noticed that :-[

Hi Tech…

Not a problem at all! :slight_smile:

@ littleravenssong: I’m glad you found that entry and are getting it squared away! :slight_smile: Reinstalling Windows and losing all your files is definately no fun. :frowning:

Best Regards…