Solved

Combofix and Spybot "not valid Win32 application"

Posted on 2008-10-29
6
1,731 Views
Last Modified: 2013-12-09
I'm trying to get rid of what I think is a virus on a client's computer. I can't see anything amiss in the processes. I've run a Symantec scan with the latest definitions that has found and allegedly deleted a few things, but what is troubling me is the fact that I cannot install either spybot or Combofix. I get the error that they are not valid Win32 applications. I've tried to redownload spybot a couple of times from different mirrors with the same results. Symantec doesn't seem to be catching whatever it is that is infecting this computer. Any ideas?
0
Comment
Question by:numb3rs1x
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 22835852
I would start by downloading HijackThis, running it and posting the log here using the "Attach File" function.
There are a couple of real geniuses on EE who can review the log and give you specific advice.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
0
 

Author Comment

by:numb3rs1x
ID: 22836110
I tried to download and install hijackthis. I'm getting the same error. It seems to be doing it with any exe file.
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 250 total points
ID: 22836225
Hi,
It's probably the tdsserv rootkit that is so going around right now...

Get rid of the current version of combofix that you have and download a fresh copy. This time rename it before you actually download it. It's critical to rename before the download as if you do it after that won't work either. Name it to anything but keep the .exe part...let us know if that works and post the log if so.
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 250 total points
ID: 22836235
If you can, install the software while in Safe Mode or possibly even from a different profile.
If you can get malwarebytes onto the system it may resolve the issue.
Free from www.malwarebytes.org
If it is not virus/malware related you may be able to correct the issue by running SFC /SCANNOW or a Repair. Both require your OS CD and about fifteen minutes.
SFC SCANNOW
http://www.updatexp.com/scannow-sfc.html
0
 

Author Closing Comment

by:numb3rs1x
ID: 31511395
Thank you guys.
0
 

Author Comment

by:numb3rs1x
ID: 22851620
I booted into safe mode and I was able to get hijackthis and Combofix installed. I ran those and it cleaned it out.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Norton antivirus 11 95
We got ransomware on the server fileserver 2012 17 164
MS Endpoint Protection 2 76
Windows 10, Hotmail and AdChoices 7 41
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question