Solved

Combofix and Spybot "not valid Win32 application"

Posted on 2008-10-29
6
1,720 Views
Last Modified: 2013-12-09
I'm trying to get rid of what I think is a virus on a client's computer. I can't see anything amiss in the processes. I've run a Symantec scan with the latest definitions that has found and allegedly deleted a few things, but what is troubling me is the fact that I cannot install either spybot or Combofix. I get the error that they are not valid Win32 applications. I've tried to redownload spybot a couple of times from different mirrors with the same results. Symantec doesn't seem to be catching whatever it is that is infecting this computer. Any ideas?
0
Comment
Question by:numb3rs1x
6 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 22835852
I would start by downloading HijackThis, running it and posting the log here using the "Attach File" function.
There are a couple of real geniuses on EE who can review the log and give you specific advice.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
0
 

Author Comment

by:numb3rs1x
ID: 22836110
I tried to download and install hijackthis. I'm getting the same error. It seems to be doing it with any exe file.
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 250 total points
ID: 22836225
Hi,
It's probably the tdsserv rootkit that is so going around right now...

Get rid of the current version of combofix that you have and download a fresh copy. This time rename it before you actually download it. It's critical to rename before the download as if you do it after that won't work either. Name it to anything but keep the .exe part...let us know if that works and post the log if so.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 250 total points
ID: 22836235
If you can, install the software while in Safe Mode or possibly even from a different profile.
If you can get malwarebytes onto the system it may resolve the issue.
Free from www.malwarebytes.org
If it is not virus/malware related you may be able to correct the issue by running SFC /SCANNOW or a Repair. Both require your OS CD and about fifteen minutes.
SFC SCANNOW
http://www.updatexp.com/scannow-sfc.html
0
 

Author Closing Comment

by:numb3rs1x
ID: 31511395
Thank you guys.
0
 

Author Comment

by:numb3rs1x
ID: 22851620
I booted into safe mode and I was able to get hijackthis and Combofix installed. I ran those and it cleaned it out.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Has this user really been infected by Ransomware? 3 130
remove chinese softwares 22 110
Videos Blocked on espn.com 7 151
How do I determine the virus in this email? 5 97
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now