any program.exe is not a valid Win32 application.

I recently trialed a kaspersky anti virus and when it expired I bought the 2 year version because I thought it was good but when I tried to run the program to start the wizard I got the Win32 error.
I tried downloading it again to no avail. Then I tried downloading another program just to test it if was the download or my laptop, it was my laptop!
I wiped my whole system using my Acer recovery cd-roms, lost all my files and folders in the process and then it stillcame up with the error. I can download the program setups to my desktop, but when I try to run or open them I get the Wim32 error.

I have tried looking on the microsoft site and have been getting some help from the kaspersky UK lab, but their help has been limited.

please help me.

any ideas?

thanks Neville
cazandnevstarAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cazandnevstarAuthor Commented:
I tried reading the help in log where someone else had the same problem, but couldn'treally make anything out of it to help me out. Nothing I would be comfortable to try on my own.

Neville
cazandnevstarAuthor Commented:
I just downloaded to my desktop and performed the Windows malicious software removal tool and it removed the Win32/Korgo.V.worm . What is this? What do I do?
HELP!!!!!!!
r-kCommented:
First, you can try the Korgo removal tool. Follow the instructions on this page:

 http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.removal.tool.html

Next, please clarify a bit what you did above.

Did you reformat your disk and start from scratch with the Acer disk?

If so, then you must do the install while disconnected from the netwok, or something on your network will infect your PC immediately. Next, I would turn on the firewall before connecting to the net. Next download and install all security patches from MS asap.

What system are you running?
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

cazandnevstarAuthor Commented:
Ok , sounds like good advice.

I have ACER windows XP SP1 recovery cd-roms, I just checked and they don't have the firewall. I think SP2 has it because thats what I used to have on my PC. I am going to try putting a firewall.exe on a USB stick then recovering my PC and doing what you said. Disconnecting from the internet and downloading the firewall from the USB. Don't really know if this will work?
Yeah i'm not really surehow I managed to download and execute the malicious software reoval tool but it worked. I tried the symantec link above but I got the Win32 error when I went to execute.

Will let you know in a few hours.

Neville
cazandnevstarAuthor Commented:
Yes I did wipe my PC and start from scratch. I have done it twice now. This time with the firewall will be the third time. You sure learn a lot very quickly about security with one of these badboys.
So I have backed up all my files and folders onto a 80GB external HD. Do you think these files will be ok after all this?

Neville
r-kCommented:
Sorry, I was away for a while.

Hope your PC is more stable now. I have seen PC's get infected even before a system install was complete because of something on the network sending out viruses.

Actually XP SP1 does have a firewall, it's just a bit harder to find. You have to go into:

 Control Panel -> Network -> LAN connection -> Properties -> TCP/IP Properties -> Advanced

and then "check" the box that says "Protect my PC..." or something like that.

Re. the files you backed up, yes they should be safe to copy back, but after you do that, do a scan with an anti-virus program of your entire disk.

Another tool I recoomend highly (in addition to anti-virus) is the free Anti-spyware from Microsoft:

 http://www.microsoft.com/athome/security/spyware/software/default.mspx

Install and run that as well after system is otherwise OK.
Dmitri FarafontovLinux Systems AdminCommented:
I am currently runing the recent version of Kaspersky Personal Pro 5.0. It my understanding than when your key expired, updates were disabled as well. (Since it what happends when it expires). The signatures were old and out dated, thats why it couldnt pick up the virus. However I can still vouch for it to be a good AV scanner. Fast, very frequent updates. As for the spyware detection software you can go ahead and try SpyBot Search and Destroy as well as AdAware. They are available in free versions
cazandnevstarAuthor Commented:
I have no qualms at all with the Kaspersky product. I will still install my 2 year version which I purchased after I get fixed, Hopefully!
What I tried didn't work, the USB stick must have had some baddies on it. That was now my third failed system reboot!
I did have microsoft antispyware beta before all this mess happened and will do soagain afterwards, its a good free tool.
O.k will try what you said but I just tried finding the firewall and I got as far as:
Control panel > Network connections > LAN connection > properties > Highlight TCP/IP properties, then click Properties > a window appears containing a General tab and a Alternate Configuration tab > on the general page I clicked on Advanced > New window - ADVANCED TCP/IP SETTINGS with 4 tabs, IP SETTINGS, DNS, WINS, OPTIONS. >  in the options tab I highlight TCP/IP FILTERING then click PROPERTIES > TCP/IP FILTERING window opens with ENABLE TCP/IP FILTERING (ALL ADAPTERS) tick box and three other things TCP PORTS, IP PROTOCOLS, UDP PORTS.

Thats as far as I got. I couldn't find the "protect my pc" or anything resembling that , which I would be confident enough to try. The next time I reboot I just want to be sure because it does take ages. Could you help me out a abit more with the navigation please.

Thanks Neville
Dmitri FarafontovLinux Systems AdminCommented:
Much easier would be to go to Control Panel. Choose Windows Firewall, select enable.
Dmitri FarafontovLinux Systems AdminCommented:
TCP/IP Filtering is also good when you know the ports you will be using.
cazandnevstarAuthor Commented:
can you tell me how I should change the settings after I do yet another system recovery?
So, like mentioned above when I reboot and then connect to the internet I don't get infected straight away.?
cazandnevstarAuthor Commented:
There is no firewall in my control panel. I am not sure how to configure the TCP/IP settings?
Because I have Win32/Korgo.V.worm I went to:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FKORGO%2EV&VSect=Sn.

and tried the solutions but I couldn't do it properly. When I deleted EXPLORER.EXE my whole screen blanked out and I had to restart.
Next I did the run > REGEDIT ...........
but I couldn't locate the Crytographic Service "%system%\<random_file name.exe"

I am really trying everything here.

Any Ideas???
r-kCommented:
Are you sure you have XP SP1?

Here are the exact steps to enable the firewall:

Click Start > Control Panel.
Double-click Network Connections.
Right-click Network Adapter > Properties.
On the Advanced tab, check "Protect my computer and Network ... " 
Click OK. This returns you to the Network connection window. Close this and also close the Control Panel.

Do try this before reinstalling so you know where it is. Good luck.

Dmitri FarafontovLinux Systems AdminCommented:
>>When I deleted EXPLORER.EXE my whole screen blanked out and I had to restart
never delete that file since it represents the GUI shell that shows you everything else on the desktop. I am guessing SFC protection intercepted that and copied a file again back from dllcache, where it should be.
cazandnevstarAuthor Commented:
I did find the firewall, sorry I looked in the wrong place.
I did the reboot and enabled the firewall.
I went straight to the windows update and started the windows installer 3.1 which ,I guess nust be the first update. I used express install.
I got two errors 0x80072EFE and 0x80072EE2.
I searched in the windows support and they had no match.

I did the malicious software removal tool and it came up clean which is good.
But then I tried downloading WMP10 and wimdows antispywre and both times got "program.exe" is not a valid Win32 application.

What do I do next?
I'm gonna do a Hijackthis and copy it on here, I don't really understand it but maybe someone does?
cazandnevstarAuthor Commented:
Logfile of HijackThis v1.99.0
Scan saved at 21:42:40, on 10/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Caz & Nevstar\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = raproxy.phc.spdc.shell.ng:8090
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121039748187
O23 - Service: Notebook Manager Service - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

Dmitri FarafontovLinux Systems AdminCommented:
Why dont you go to SP2 straight away. You will save time in the long run downloading small updates one by one. Because some of them can only be installed exlusively.
cazandnevstarAuthor Commented:
ok, what I did was; Firstly unplugged my internet cable > then used ACER recovery cds to restart system from scratch > then with a clean system??? went into network connections.....enabled firewall > then changed my home page to www.microsoft.com > then entered my LAN settings so I could connect to net > then I connected my DSL cable > open internet explorer and then clicked- popular downloads windows xp SP2 > I just get taken to the folloeing page http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx. > this takes me to windows update page and then the windows installer 3.1 is the first recommended update > but of course it fails with the errors mentiooned above

Ideas????
cazandnevstarAuthor Commented:
I just tried the windows installer 3.1 update and it worked!!!
I am doing the windows update now and that seems to be going fine.

BUT, I tried installing the media player 10 and anti spyware beta and I coulddownload them to my desktop no problem but when I went to install them I got the exe. is not a valid Win32 application error.

HELP!!

IDEAS???
cazandnevstarAuthor Commented:
Is there anyone who can save me from this inability to install any downloads!!!!!

HEEEELLLLPPPPPPPPPPP!!!!!!
r-kCommented:
I am starting to wonder if the problem is with the download process itself, i.e. the files you are downloading somehow get damaged before you can run them.

There are a couple of tests you can try:

Take one of the files you downloaded (e.g. antispyware or media player), put them on a CD, and try running on another computer.

Also, try going to a web site other than MS, download some other small utility or program, save it to your disk, and try running that. Note: don't run directly from the web site, use the "Save" option to save it to disk first. (e.g. you can download ccleaner.exe from http://www.filehippo.com/download_ccleaner.html using the download link on the right of that page).
cazandnevstarAuthor Commented:
Can I do the download to a 256mb stick instead of a cd and do the same thing on another comp?
r-kCommented:
Sure, that should work.
cazandnevstarAuthor Commented:
Ok I haven't tried the download on another computer yet but I did try to download the filehippo ccleaner and it came up with the same error as always. I tried downloading cursor XP from a cd I had from a windows xp magazine and that downloaded fine no problems. Also my windows updates are going through no problem at the moment.
This is a strange problem?????????
r-kCommented:
It does seem like the downloads are getting corrupted, probably during the download process, or shortly thereafter.

To confirm this, you should copy the downloaded ccleaner.exe file to another computer (using USB stick, e.g.) and try running it there. If it gives the same error we'll know for sure.
cazandnevstarAuthor Commented:
Yeah I just did the installations on another comp from my USB stick and I got exactly the same results. I tried the hippo ccleaner and the microsoft anti spyware beta and they both came up with NSIS error, file is corrupted blah blah.

OK so what does this mean for me now? Where do I go from here?

Ideas?
r-kCommented:
I guess this proved the downloaded are getting corrupted even before you run them.

Can you explain a bit about how you are downloading files (e.g. ccleaner.exe). Are you using IE? what version?

If possible try downloading the same ccleaner.exe file using a different browser, e.g. Firefox, which you can get from http://www.mozilla.org/products/firefox/, though it may be tricky to download Firefox itself.

One test you can try is to download the same file five times, each time renaming the previous version so you end up with five copies, e.g. ccleaner1.exe, ccleaner2.exe, etc. Then compare the exact sizes of the files to the nearest byte by right-clicking on the files and  selecting "Properties". Do you see exactly the same size each time?
cazandnevstarAuthor Commented:
I am curently running IE 6.0. I susally just click on the download icon and then OPEN to run in straight away.

Woah!!! I just for the hell of it ran one of the 5 hippo exe. files I now have and it downloaded!!! Inow have it on my pc. This is weirding me out, frustrating...
I just tried the firefox using OPEN and it came up with the Win32 not a valid application error but I have got another one on the go saving to my desktop. I will then try that once it is done.

OK the 5 hippo files I downloaded all came up with; size 482'342bytes and size on disk 491520. I don't know if this is relevant now coz it downloaded, but thats how it was.

Just treid the fire fox from desktop. I got 7-zip - unspecified error.

Whats going on here??????

cazandnevstarAuthor Commented:
I just tried downloading my version of Laspersky 5.0 to the desktop and then looked at the properties once finished and they came up with;

kav 5.0 1 - 263568 bytes
kav 5.0 2 - 288360 bytes

also did the same for MS antispyware beta

Beta 1 - 358603
Beta 2 - 390886
Beta 3 - 58006
Beta 4 - 450799

They are all well below what they should be. How do I fix this? Why are they not downloading fully?

help?????????????
r-kCommented:
Is it possible you have a noisy network connection? I have seen web browsers do stuff like this when that happens.

As a test, you can try downloaing with an FTP client, not a web browser. A site you can try is ftp://ftp.uu.net/  Just download any medium size file from there 5 times and see if they are all the same size. My guess is they would be, because FTP is a more robust protocol over noisy lines.
cazandnevstarAuthor Commented:
I clicked on the link but couldn't open the page. The flashlight was in the middle of the page and then;

FTP Folder error

Windows cannot access the folder. Make sure you typed the file name correctly and that you have permission to access the folder.

details: FTP session was terminated.

The service pack 2 update is taking forever, its only up to 17 mb of 77.40mb and I started it over 24 hours ago....

Help?????????
r-kCommented:
Well, you shouldn't click on the link with a web browser. I was hoping you had an ftp client  to try instead (such as ws_ftp or similar).

The slow download of SP2 also suggests a network problem.

How are you connected to the network?
cazandnevstarAuthor Commented:
I went into internet options and looked at the FTP proxy and it is the same for all servers. I don't if it should be different for the FTP or not? The internet connection where I live is ususally very slow but I have never had these problems before and others on the same proxy server don't seem tohave the same problems as me.

Ideas?????????
cazandnevstarAuthor Commented:
I live in an isolated community that all use the same proxy and server. I have a VIADUX RC2000 DSL box which is plugged into the wall and my PC.
Do you think something in the network is disconnecting my downloads or interupting them somehow???

If so what can I do about that?????
could it be something else????
cazandnevstarAuthor Commented:
Can I make this more than 500 points?
CRRAAAAAZZZYYYYYYY
r-kCommented:
The network problem is probably specific to your PC. It could be a failing DSL modem, or a loose cable, or something else.

You can run a test on your connection at http://www.broadbandreports.com/tools
(you will have to register for a free account first there).

Try changing cables, or at least reconnecting them to be sure nothing is loose.
r-kCommented:
Also, turn your network gear (modem, hub etc.) off for a few minutes and see if that helps.
cazandnevstarAuthor Commented:
which test should I do and what should I look for?

Just checked cables and gear and it is fine.
r-kCommented:
I would start with the "line packet loss test"
cazandnevstarAuthor Commented:
Here is the result, I tried the java thing but it said that I wasn't enabled.
I don't really know how to interpret these results?



134.146.0.27 IS LISTED BY:


A Info

spammers.v6net.org 65.77.130.111

TXT Info




--> /usr/local/bin/fwhois 134.146.0.27@whois.arin.net
[whois.arin.net]

OrgName:    RIPE Network Coordination Centre
OrgID:      RIPE
Address:    P.O. Box 10096
City:       Amsterdam
StateProv:
PostalCode: 1001EB
Country:    NL

ReferralServer: whois://whois.ripe.net:43

NetRange:   134.145.0.0 - 134.147.255.255
CIDR:       134.145.0.0/16, 134.146.0.0/15
NetName:    RIPE-ERX-134-145-0-0
NetHandle:  NET-134-145-0-0-1
Parent:     NET-134-0-0-0-0
NetType:    Early Registrations, Transferred to RIPE NCC
Comment:    These addresses have been further assigned to users in
Comment:    the RIPE NCC region.  Contact information can be found in
Comment:    the RIPE database at http://www.ripe.net/whois
RegDate:    2003-11-26
Updated:    2003-11-26

# ARIN WHOIS database, last updated 2005-07-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
r-kCommented:
Do try the "Line Packet Loss Testing" link at http://www.broadbandreports.com/tools

I have to be offline for a few hours. Will check in later. Good luck.
cazandnevstarAuthor Commented:
Everytime I download to my desktop the download window displays "download completed" even though it is not complete. sometimes only 5-6% is downloaded and it just goes to that. The transfer rate seems to get smaller the longer the download is taking place. It starts out fast but gets worse until it displays that message. Because the downloads are never complete they will never work.

What do I do????
cazandnevstarAuthor Commented:
Here is the link for my result.

http://www.broadbandreports.com/quality/nil/1789352

cazandnevstarAuthor Commented:
I'm not sure what it means or if it explains my problem?
r-kCommented:
I can't be sure. That test report does show a 20% loss which seems high to me (I ran the same test on my DSL connection and got 0% loss).

If you have another PC via the same DSL connection can you try that same test and see if the error rate is same or lower.

If the other PC shows no error, then it pretty much isolates the problem to one PC, probably the network card since already reinstalled the system from scratch including all network drivers.

Sometimes there is a speed conflict between what the PC wants and what the DSL modem expects. You can try fixing the PC network card's "media type" to either 10 mps half-duplex or 10 mps full-duplex and see if one of them works better. Currently that setting will be at "auto". You can access it via Control Panel -> System -> hardware -> Device Manager -> Network -> (Your network card) -> right-click -> Properties -> Advanced -> Media Type (Some of these details are slightly different depending on your network card).

cazandnevstarAuthor Commented:
I think it is definitely something wrong with my PC as I tried another PC and they didn't seem to have the problems I have. The transfer rate of my downloads gets smaller and smaller until it stops, usually only completing about 10-20% of the download but saying "download completed".

I can't find what you are asking, I get to Device manager and then a list of my hardware in drop down screen. I clicked on properties and there is no further information?

r-kCommented:
In Device Manager, you have to click on the + sign next to "Network Adapters". That will show you a list of your network devices, between 1 to 3. Identify your ethernet adapter and right-click on it, then Properties -> Advanced etc. as above.
cazandnevstarAuthor Commented:
O.K I tried it but it didn't work, is it worth trying the 100mb half and full also? or is that just totally wrong?
cazandnevstarAuthor Commented:
The internet just didn't connect at all with the 10mb half or full.
r-kCommented:
You can certainly try the 100mb cases also. But remember you should reboot after each change.

When you say "it did not work", do you mean there was no connection, or do you mean it was still a bad connection as before?
Dmitri FarafontovLinux Systems AdminCommented:
Can you try setting it to Auto-Negotiate.
cazandnevstarAuthor Commented:
There was no connection at all.

Do you mean use my recovery cds to reload my whole system from scratch everytime? That doesn't sound good.
Or do mean just restart?
cazandnevstarAuthor Commented:
There is only 10 half-full 100 half full and auto. I can't see auto negotiate? I sit somewhere else?
cazandnevstarAuthor Commented:
I can't understand this man.. My computer has a Intel pentium 4 515 processor, 2.93Ghz, 1MB L2 cache, 533Mhz FSB and Right now I am downloading a 989KB program and it is taking me over 10 minutes at 722 bytes a second, it just seems wrong???
r-kCommented:
"There is only 10 half-full 100 half full and auto"

I think "auto-negotiate" is same as "auto", but you already tried that, I believe.

It is frustrating, I agree. (I just meant reboot, not reinstall from scratch)

Here are a couple of additional things to try:

(a) Try Winsock Fix from: http://www.spychecker.com/program/winsockxpfix.html

(b) Uninstall your network card driver (in Control Panel -> System -> Hardware -> Dev manager) and reboot and let it be installed automatically again. Before doing this, note down the exact model number of your network card.

(c) Borrow a different network card from another PC and try that.

(d) Try a different network cable.

Also, just to be sure, Have you tried another PC with that same DSL modem? I am assuming yes, and it worked at full speed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cazandnevstarAuthor Commented:
I just got an email from my IT guy who gave me another metwork to run off. Now everything seems to be running fine and I have successfully downloaded my Kavpersky 5.0 AV program and many more as I type.
You have helped me a lot however removing worms and educating me about PC security so the points are yours.

Thanks Heaps
Neville
r-kCommented:
Wonderful, I am very glad to hear it. I know the feeling only so well when the network is having unknown problems. Thanks, and Happy Computing!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.