Cannot run any anti-virus/anti-malware tools

laborday95 · 09-24-2009, 06:41 PM

I'm helping my brother-in-law by trying to get his computer back up and running. He apparently had Police Pro. I was only finding small remnants of it, not a lot of obvious files.

At first no executables could be run, but I figured that out. Now everything runs ok, but I cannot run ANY antivirus software, including Hijackthis. I have tried:

Kaspersky online
SuperAntispyware
AVG Free 8.5
Spybot Search & Destroy (which I could install, but not run)
Malbytes anti-malware (which I cannot install)

An interesting additional symptom: whenever I run Windows Explorer to look for files, it also opens my web browser and sends me to 188.165.18.19, which says "POPEO Info Auctions." I don't click on anything, but it keeps hitting that site.

I have looked in task manager processes, and no suspect processes are running. All Police Pro files and registry entries have been deleted.

What else can I run or do to be able to run antivirus programs again?

Thanks in advance,
Kerry

**Glaswegian** · 09-27-2009, 10:09 AM

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.

Please download ComboFix from here - - > http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Note: It is important that it is saved directly to your desktop**

Referring to the images below

When saving the file, you must rename the file as Combo-Fix.exe

1. Close any open browsers and physically disconnect from the Internet.

2. You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

NOTE: ComboFix will disconnect your system from the Internet - do not attempt to re-connect until it has finshed scanning.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the log C:\ComboFix.txt for further review.

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

** If there is no internet connection when Combofix has completely finished then manually restart your computer to restore the connection. **

laborday95 · 09-28-2009, 09:46 AM

Thanks, but I got the problem fixed over the weekend. I read enough posts telling people to try Combofix that I figured I'd just try it. I know, I know, dangerous tool, not to be used everyday or as a toy, blah blah blah, but it was my brother-in-law's computer, and he was fine with it being trashed and needing to be formatted, so I figured I had nothing to lose. He couldn't do anything on it anyway, except login.

Combofix did fix the problem. One thing I noticed is when I tried to run Combofix in full Windows mode, it would not run. It would immediately say "rootkit activity detected!! Combofix must reboot" or something to that effect. When it would reboot, a command window would open saying "Preparing to run...." but nothing would happen (I gave it about an hour).

I found I had to boot into Safe Mode with Networking and run Combofix, and when it rebooted, I had to make sure the reboot also went into Safe Mode with Networking, otherwise, the program wouldn't run.

After it ran I was able to run all my usual virus/malware tools and get the system back on track.

Thanks again for your time.

**Glaswegian** · 09-28-2009, 02:18 PM

No worries - thanks for letting me know.

I'll close this thread now.

09-24-2009, 06:41 PM	#1 (permalink)
laborday95 Registered User Join Date: Sep 2009 Posts: 2 OS: XP SP3	Cannot run any anti-virus/anti-malware tools I'm helping my brother-in-law by trying to get his computer back up and running. He apparently had Police Pro. I was only finding small remnants of it, not a lot of obvious files. At first no executables could be run, but I figured that out. Now everything runs ok, but I cannot run ANY antivirus software, including Hijackthis. I have tried: Kaspersky online SuperAntispyware AVG Free 8.5 Spybot Search & Destroy (which I could install, but not run) Malbytes anti-malware (which I cannot install) An interesting additional symptom: whenever I run Windows Explorer to look for files, it also opens my web browser and sends me to 188.165.18.19, which says "POPEO Info Auctions." I don't click on anything, but it keeps hitting that site. I have looked in task manager processes, and no suspect processes are running. All Police Pro files and registry entries have been deleted. What else can I run or do to be able to run antivirus programs again? Thanks in advance, Kerry

09-27-2009, 10:09 AM	#2 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,449 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Re: Cannot run any anti-virus/anti-malware tools Hi and welcome to TSF. My name is Iain and I will be helping you clean your system. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please ensure that you follow the instructions in the order I have them listed. Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Please download ComboFix from here - - > http://download.bleepingcomputer.com/sUBs/ComboFix.exe Note: It is important that it is saved directly to your desktop Referring to the images below When saving the file, you must rename the file as Combo-Fix.exe 1. Close any open browsers and physically disconnect from the Internet. 2. You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process. NOTE: ComboFix will disconnect your system from the Internet - do not attempt to re-connect until it has finshed scanning. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the log C:\ComboFix.txt for further review. Do not mouseclick combofix's window whilst it's running. This may cause it to stall. If there is no internet connection when Combofix has completely finished then manually restart your computer to restore the connection. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

09-28-2009, 09:46 AM	#3 (permalink)
laborday95 Registered User Join Date: Sep 2009 Posts: 2 OS: XP SP3	Re: Cannot run any anti-virus/anti-malware tools Thanks, but I got the problem fixed over the weekend. I read enough posts telling people to try Combofix that I figured I'd just try it. I know, I know, dangerous tool, not to be used everyday or as a toy, blah blah blah, but it was my brother-in-law's computer, and he was fine with it being trashed and needing to be formatted, so I figured I had nothing to lose. He couldn't do anything on it anyway, except login. Combofix did fix the problem. One thing I noticed is when I tried to run Combofix in full Windows mode, it would not run. It would immediately say "rootkit activity detected!! Combofix must reboot" or something to that effect. When it would reboot, a command window would open saying "Preparing to run...." but nothing would happen (I gave it about an hour). I found I had to boot into Safe Mode with Networking and run Combofix, and when it rebooted, I had to make sure the reboot also went into Safe Mode with Networking, otherwise, the program wouldn't run. After it ran I was able to run all my usual virus/malware tools and get the system back on track. Thanks again for your time.

09-28-2009, 02:18 PM	#4 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,449 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Re: Cannot run any anti-virus/anti-malware tools No worries - thanks for letting me know. I'll close this thread now. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner