Solved

Combofix and Spybot "not valid Win32 application"

Posted on 2008-10-29
6
1,724 Views
Last Modified: 2013-12-09
I'm trying to get rid of what I think is a virus on a client's computer. I can't see anything amiss in the processes. I've run a Symantec scan with the latest definitions that has found and allegedly deleted a few things, but what is troubling me is the fact that I cannot install either spybot or Combofix. I get the error that they are not valid Win32 applications. I've tried to redownload spybot a couple of times from different mirrors with the same results. Symantec doesn't seem to be catching whatever it is that is infecting this computer. Any ideas?
0
Comment
Question by:numb3rs1x
6 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 22835852
I would start by downloading HijackThis, running it and posting the log here using the "Attach File" function.
There are a couple of real geniuses on EE who can review the log and give you specific advice.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
0
 

Author Comment

by:numb3rs1x
ID: 22836110
I tried to download and install hijackthis. I'm getting the same error. It seems to be doing it with any exe file.
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 250 total points
ID: 22836225
Hi,
It's probably the tdsserv rootkit that is so going around right now...

Get rid of the current version of combofix that you have and download a fresh copy. This time rename it before you actually download it. It's critical to rename before the download as if you do it after that won't work either. Name it to anything but keep the .exe part...let us know if that works and post the log if so.
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 250 total points
ID: 22836235
If you can, install the software while in Safe Mode or possibly even from a different profile.
If you can get malwarebytes onto the system it may resolve the issue.
Free from www.malwarebytes.org
If it is not virus/malware related you may be able to correct the issue by running SFC /SCANNOW or a Repair. Both require your OS CD and about fifteen minutes.
SFC SCANNOW
http://www.updatexp.com/scannow-sfc.html
0
 

Author Closing Comment

by:numb3rs1x
ID: 31511395
Thank you guys.
0
 

Author Comment

by:numb3rs1x
ID: 22851620
I booted into safe mode and I was able to get hijackthis and Combofix installed. I ran those and it cleaned it out.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

774 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question