?
Solved

Combofix and Spybot "not valid Win32 application"

Posted on 2008-10-29
6
Medium Priority
?
1,745 Views
Last Modified: 2013-12-09
I'm trying to get rid of what I think is a virus on a client's computer. I can't see anything amiss in the processes. I've run a Symantec scan with the latest definitions that has found and allegedly deleted a few things, but what is troubling me is the fact that I cannot install either spybot or Combofix. I get the error that they are not valid Win32 applications. I've tried to redownload spybot a couple of times from different mirrors with the same results. Symantec doesn't seem to be catching whatever it is that is infecting this computer. Any ideas?
0
Comment
Question by:numb3rs1x
6 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 22835852
I would start by downloading HijackThis, running it and posting the log here using the "Attach File" function.
There are a couple of real geniuses on EE who can review the log and give you specific advice.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
0
 

Author Comment

by:numb3rs1x
ID: 22836110
I tried to download and install hijackthis. I'm getting the same error. It seems to be doing it with any exe file.
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 1000 total points
ID: 22836225
Hi,
It's probably the tdsserv rootkit that is so going around right now...

Get rid of the current version of combofix that you have and download a fresh copy. This time rename it before you actually download it. It's critical to rename before the download as if you do it after that won't work either. Name it to anything but keep the .exe part...let us know if that works and post the log if so.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 1000 total points
ID: 22836235
If you can, install the software while in Safe Mode or possibly even from a different profile.
If you can get malwarebytes onto the system it may resolve the issue.
Free from www.malwarebytes.org
If it is not virus/malware related you may be able to correct the issue by running SFC /SCANNOW or a Repair. Both require your OS CD and about fifteen minutes.
SFC SCANNOW
http://www.updatexp.com/scannow-sfc.html
0
 

Author Closing Comment

by:numb3rs1x
ID: 31511395
Thank you guys.
0
 

Author Comment

by:numb3rs1x
ID: 22851620
I booted into safe mode and I was able to get hijackthis and Combofix installed. I ran those and it cleaned it out.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question