.exe error everytime computer restarts

cybertechcomputers
cybertechcomputers used Ask the Experts™
on
I have a system that was infected with some spyware. in particular mightymax spyware.

This seems to have been removed as i cannot find any further reference to this searching files and folders or registry, have gone through several websites that advise how to remove it. All seems to be good.

Problem is that evertime windows xp is restarted the .exe files do not load. I can access internet explorer. i have downloaded .exe fix from dougknox. This fixes the issue until re-booted then it returns.

I have ran almost every spyware scanner i can think of. Malwarebytes, adaware se, super antispyware, spybot, Paid version of spydoctor. All comes up clean. I have completely disabled startup items. Not fixed.

Can anyone suggest what else i could try,

I have deleted temp files several times, i have checked the services and couldnt see anything bad in there.

If this helps, it only happens when computer restarts, if i log off then log in it works fine.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kaspersky have a standalone scanner you might try......

Have you checked the registry "Run" keys in hive for anything out the ordinary.....?
Download Autoruns from Sysinternals, it will show you everything including image hijacking, run keys and shell icon overlays, all common attack vectors for executing on OS startup.

Get it here - http://technet.microsoft.com/en-us/sysinternals/bb963902

Author

Commented:
Thank you all for your post. Kaspersky i havnt tried. as i have tried so many other programs i no longer beleive it is still related to spyware. Forgot to add that i have tried combofix aswell. no luck there.

I have downloaded and ran autoruns from sysinternals, there were 2 files, dos version and windows version, i ran windows version and removed everything that could possibly be related to it. No luck.

I have also just tried creating a new windows profile to see if its profile specific. Same issue on new one.

Is there an alternative way perhaps, is it possible to run the .exe registry entry as a service when the computer first boots up. i tried just adding it to hklm/run but it prompts to confirm entry on startup. i would need it to be automatic
You could change the registry permissions to the keys that keep changing. Not advisable long term but to test a couple of reboots no problem.

Open the reg fix file you have and then for each key specified do the following:

Select the key or value, right-click -> Permission -> Advanced
Change the Administrator and System permissions to read (remove change/write)
Arman KhodabandeIT Manager and Consultant
Commented:
I had the same problem last year and used a lot of progs for that and  the only program that could remove the error message was a software called "PC on point".
It's a general program that checks many parts of the windows and detects problems and corrects them.

There's also another program called "RRT Enterprise" that detects the harms from viruses and removes them.

You can also try the following:
Kaspersky post infection scan
Tuneup Utilities 1-click maintanence
 

Author

Commented:
the endjinn.. i tried your guide for the permissions but not good unfortunately. Since doing that. it has blocked me out of everything. I cant even add the .exe fix anymore. security reasons. Its my fault for trying to bypass the original issue. Thank you for trying.

Kpax77. I am booting up using linux and hard drive to delete that registry hive so i can re-add the .exe fix. if i can i will give those programs a try. If not i have advised the client that the next best thing is to just do a backup/reload.

Will keep you all posted.

Thank you all for your help
Most Valuable Expert 2011
Top Expert 2011
Commented:
Whats the EXACT error?

And you could take this suggestion above a step further....

"You could change the registry permissions to the keys that keep changing. Not advisable long term but to test a couple of reboots no problem."

Use Process Monitor to find out what is modifying it, by seeing what gets "Access Denied"......
Sudeep SharmaTechnical Designer
Commented:
I would recommend you to try Kaspersky CleanAutoRun and TDSSKiller (in case of rootkits)

Exe fix from Kaspersky - CleanAutoRun
http://support.kaspersky.com/faq/?qid=208281743

Hi , run TdssKiller
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
or
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

or you could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

I hope that would help

Sudeep
Sudeep SharmaTechnical Designer

Commented:
You could also try
ESET online scan
http://www.eset.com/us/online-scanner

I hope that would help

Sudeep

Author

Commented:
Thank you all for your help. in the end no scanning software could fix the issue. i had to reinstall

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial