Solved

Combofix and Spybot "not valid Win32 application"

Posted on 2008-10-29
6
1,715 Views
Last Modified: 2013-12-09
I'm trying to get rid of what I think is a virus on a client's computer. I can't see anything amiss in the processes. I've run a Symantec scan with the latest definitions that has found and allegedly deleted a few things, but what is troubling me is the fact that I cannot install either spybot or Combofix. I get the error that they are not valid Win32 applications. I've tried to redownload spybot a couple of times from different mirrors with the same results. Symantec doesn't seem to be catching whatever it is that is infecting this computer. Any ideas?
0
Comment
Question by:numb3rs1x
6 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 22835852
I would start by downloading HijackThis, running it and posting the log here using the "Attach File" function.
There are a couple of real geniuses on EE who can review the log and give you specific advice.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
0
 

Author Comment

by:numb3rs1x
ID: 22836110
I tried to download and install hijackthis. I'm getting the same error. It seems to be doing it with any exe file.
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 250 total points
ID: 22836225
Hi,
It's probably the tdsserv rootkit that is so going around right now...

Get rid of the current version of combofix that you have and download a fresh copy. This time rename it before you actually download it. It's critical to rename before the download as if you do it after that won't work either. Name it to anything but keep the .exe part...let us know if that works and post the log if so.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 250 total points
ID: 22836235
If you can, install the software while in Safe Mode or possibly even from a different profile.
If you can get malwarebytes onto the system it may resolve the issue.
Free from www.malwarebytes.org
If it is not virus/malware related you may be able to correct the issue by running SFC /SCANNOW or a Repair. Both require your OS CD and about fifteen minutes.
SFC SCANNOW
http://www.updatexp.com/scannow-sfc.html
0
 

Author Closing Comment

by:numb3rs1x
ID: 31511395
Thank you guys.
0
 

Author Comment

by:numb3rs1x
ID: 22851620
I booted into safe mode and I was able to get hijackthis and Combofix installed. I ran those and it cleaned it out.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now