Data Execution Prevention Blocks Explorer/Others Following Malware Removal

[ElwoodJD]

I am getting to the instructions you left me right now, but I wanted to let you know that I do not believe I have two anti-virus programs running.  I think my computer came with McAfee for a year, but I removed it after it expired and went with AVG 7.5, then re-uped to AVG 8 when it came out.  McAfee is not listed under Add/Remove Programs, so is there something else I should do to find/delete it if there is still remnants of it around?

[evilfantasy]

You can delete the McAfee files that are in C:\Program Files.

[ElwoodJD]

Attached please find the Lop log from the second run-through using option #2.
As for MoveIt, after running it a box popped-up requesting me to reboot.  With that box open I could not copy the text of the log.  I accepted the reboot, but upon loading Windows OTMove did not reopen.  When I manually opened it, I could not find the log anymore.  Is there a hard copy somewhere on my harddrive (I looked in C:\ already).

Also, I have deleted a couple of stragler McAfee files.  Thank you.

[attachment deleted by admin]

[evilfantasy]

Look in C:\_OTMoveIt\MovedFiles and open the newest .log file present.

[ElwoodJD]

Ha, didn't even notice the OTMoveIt folder for some reason.  That log is attached.

Also, I went through device manager, uninstalled all my network  controllers and other drivers for my wireless and broadcom stuff, and have the internet running seemingly normally on my computer now.  So that is a plus.

Thank you, and what's next?

[attachment deleted by admin]

[evilfantasy]

OK since you have a connection now we need to run an online scan.

Also let me know how the computer is running after this scan.

This scanner works with Internet Explorer only!

Scan with the BitDefender Online Scanner
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.

Once BitDefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report



This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
 
You will have to upload the file online. The forums will not accept HTML.

Go to File Dropper

Click Upload
Locate the file and double click it.
Copy the download link and post it back here.

[ElwoodJD]

I went to dinner while the BitDefender scan was running (it estimated a couple of hours), when I returned my computer had reset.  I logged in, and now things seem bad (they actually seemed pretty OK before I left).  When I logged in and things started to load up, I get a bunch of Data Execution Prevention program stops.  They seem to be scam programs though (including such stellar entries as: "Run a DLL as an App," "Logon Screen Saver," "services," and "Run a DLL as an App" again and again and again).  Anyway, I am attempting to run the BitDefender online scan again if I can get it to finish fully again.  I'll post it ASAP.

[ElwoodJD]

Also, while running BitDefender this second time, it has prompted "Windows File Protection" to warn me that required Windows files have been replaced by unrecognized versions.  It prompts me to insert Windows XP Service Pack 3 CD (Which I don't even have since I downloaded SP3 on top of my old XP Pro).

I'm assuming this is alright, but I thought I would mention it to see if it's a problem.  I'll post the log whenever this thing finally finishes running

EDIT: BitDefender log posted at http://www.filedropper.com/bitdefenderlog .  I'll check back tomorrow morning to see what you think.  Thanks again for all your help.

[evilfantasy]

This is not looking good at all.

Please do the following:

1. Download this diagnostics tool MGADiag.exe and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

[ElwoodJD]

The MGA Diagnostic Log is attached.  My computer seems to be running alright, but there are clearly issues behind the scenes.  Performance is slightly sluggish, upon startup I still do not have the standard icon based windows login splash screen (just the text box still), and User Logon UI is terminated by Data Execution Prevention immediately upon startup.  Also, I seem to be noticing that if left idle for 5 minutes (not running any sort of scan or otherwise, just leaving the computer alone), it reboots on its own.  Anyway, those are my observations along with the requested log.

There are some documents and other tidbits that are not backed up.  Is it too late to back them up without bringing the infection along with them to the next computer?  I am getting the feeling that I am going to have to wipe my whole machine and reinstall windows.

[attachment deleted by admin]

[evilfantasy]

I'm not sure what the infection is but BitDefender removed a bunch of files in your i386 folder which are the files used to install, repair, modify, update and rebuild Windows. In other words it's your recovery partition and that indicates that the entire OS is either now damaged or infected by malware.

Backup what you can, you can always run a virus scan on the backup folder before saving it. Wipe and reinstall.

Sorry but I don't think this is repairable.

[ElwoodJD]

 

Yeah, I was starting to get that feeling...ah well, some days you get the bear and some days...

Anyway, sounds good, I guess I will start the backup and reinstall process this afternoon.  Couple of questions you might be able to answer:

1) My DVD drive is broken right now, so I'm struggling to figure out how to reinstall the OS.  I considered downloading an iso of the XP Pro CD I have, since I can still use the Product Key I already possess.  Is there any problem with that plan?

2) If I back files up to an external harddrive, should I scan it from this infected machine before the reinstall, or should I scan it after reinstalling the OS.  Is there a risk of re-infecting if I did the later, or a risk of infecting the backups if I did the former?

3) Thank you for all your help trying to deal with this problem.  What do you think went wrong?  Was this an especially bad infection, or do you think that my partial delay in seeking help exacerbated the problem (I probably rebooted my computer a couple of times while running my own ad-aware and spybot scans.  Since they weren't powerful enough to fix it, I wonder if rebooting it a couple of times just allowed the infected processes to burrow deeper into my computer).

Either way I appreciate the help, I'll be on ComputerHope for about the next hour or so while I backup files, so if you think of anything else let me know.  After that I will wipe and re-install.

[evilfantasy]

2) If I back files up to an external harddrive, should I scan it from this infected machine before the reinstall, or should I scan it after reinstalling the OS.  Is there a risk of re-infecting if I did the later, or a risk of infecting the backups if I did the former?

It's risky. I'm sort of wondering if a new scan from BitDefender might turn up just as many newly infected files. I would back up the files and then scan them from a clean computer or the new install.

1) My DVD drive is broken right now, so I'm struggling to figure out how to reinstall the OS.  I considered downloading an iso of the XP Pro CD I have, since I can still use the Product Key I already possess.  Is there any problem with that plan?

Not sure. Try asking in the Windows forum.

What do you think went wrong?

Not sure. There is new malware out there that we still don't know much about.

[ElwoodJD]

Gotcha.

One final question.  Once I get my computer re-running clean, what programs do you recommend.  Clearly my AVG + Ad-aware/Spybot combo was not fully gettng the job done.  I understand those programs are getting on in years.  Clearly you guys like MBAM and that other program that you have lised on the stickied topic regarding what to do before posting.  Are there any other programs you think are an indespinsible part of a well protected computer?

I like AVG because its free, but I would love to hear any suggested software that I might procure to keep things safer in the future.

Thanks for all your help!

[evilfantasy]

In addition to MalwareBytes and SUPERAntiSpyware.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox. With more than 15,000 improvements, Firefox 3 is faster, safer and smarter than ever before.

For Internet Explorer 7 users there is IE7Pro. IE7Pro is a must have add-on for Internet Explorer, which includes a lot of features and tweaks to make your IE friendlier, more useful, more secure and customizable.

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.