Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: astroX on September 03, 2010, 12:57:58 AM

Title: Application cannot be executed. The file [name].exe is infected.
Post by: astroX on September 03, 2010, 12:57:58 AM

Long story short: I started noticing that everytime I had opened Google Chrome, my RAM usage would go up pretty high. Then I checked the Task Manager, and even though I had only 5 tabs opened (3 pinned tabs, 2 normal tabs) the Task Manager was showing 15 tasks from Google Chrome. Then I posted this problem to a forum and the admin suggested me to clear cookies and download this program called Advanced SystemCare (I think [already uninstalled]) but I went after the Pro version (thinking it would be better) but I downloaded from somewhere else. The bottom line, I got infected.

Symptoms:

For some reason, I felt like running a full scan of my system with my antivirus program Norton Internet Security 2011. All of a sudden I started getting all these pop-ups offering me to buy an antivirus program (fake). I mean, it's like all the pop-up appears because of my antivirus running a full scan. The program I downloaded was the day before I ran the full scan. Anyways, since this morning I've been getting this annoying pop-ups. I already boot in Safe Mode, ran a full scan with both Norton Internet Security 2011 and Malwarebytes' Anti-Malware.

Both programs reported viruses, 5 and 13 respectivaly, and both said that they fixed those problems. However, when I boot in normal mode .. the pop-ups reappeared.

I've tried to run log scans so I could post them here and you guys could take a look at them but I can start any .exe program.

Already tried executing rkill as suggested here http://bit.ly/bi0bit but nothing happens when double clicking on the file.

Any help will be appreciated!!

~astroX


P.D. I would had stick to whatever the suggestions were given here:
http://www.computerhope.com/forum/index.php?topic=95177.0
http://www.computerhope.com/forum/index.php?topic=101188.0
but I didn't want to mess with my files even more than what I already have.

Title: Re: Application cannot be executed. The file [name].exe is infected.
Post by: astroX on September 03, 2010, 11:21:18 AM

I've trying to run this program but I just can't. (none of the three different versions available to download)
Now ... should I run it in Safe Mode or not?

Quote from: SuperDave on July 16, 2010, 07:38:34 PM

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
* Rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
* Rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
* Rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)

btw .. I tried downloading Rkill.pif but the link is broken

Title: Re: Application cannot be executed. The file [name].exe is infected.
Post by: SuperDave on September 04, 2010, 06:00:05 PM

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.Download

OTLPEStd.exe (http://oldtimer.geekstogo.com/OTLPEStd.exe) and double-click on it to burn to a CD using the ISO Burner.Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings

• Change Drivers to Non-Microsoft
  Press Run Scan to start the scan.
  When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  Copy this file to your USB drive if you do not have internet connection on this system
  Please post the contents of the OTL.txt file in your reply.

[/list]