• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Malware

N

NICK MEALE

Flightless Bird
I have malware and I can only use safe mood...What do I do?...Have XP
Home,Service Pack 3..Thanks.
 
D

D.

Flightless Bird
try Malwarebytes.org
D.
"NICK MEALE" <nmeale78@earthlink.net> wrote in message
news:%23eattK0sKHA.3536@TK2MSFTNGP06.phx.gbl...
>I have malware and I can only use safe mood...What do I do?...Have XP
>Home,Service Pack 3..Thanks.
>
 
R

Russ SBITS.Biz [SBS-MVP]

Flightless Bird
Microsoft offers free help with things like these
Microsoft PC Safety
866-727-2338

Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
MCP, MCPS, MCNPS, SBSC
Microsoft Certified Small Business Specialist
SBS2003 SBS2008 Support - www.SBITS.Biz
Question or Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


"D." <wdstk@sover.net> wrote in message
news:-OQ312V0sKHA.5036@TK2MSFTNGP02.phx.gbl...
> try Malwarebytes.org
> D.
> "NICK MEALE" <nmeale78@earthlink.net> wrote in message
> news:%23eattK0sKHA.3536@TK2MSFTNGP06.phx.gbl...
>>I have malware and I can only use safe mood...What do I do?...Have XP
>>Home,Service Pack 3..Thanks.
>>

>
>
 
K

Ken Blake, MVP

Flightless Bird
On Sun, 21 Feb 2010 17:10:28 -0500, "NICK MEALE"
<nmeale78@earthlink.net> wrote:

> I have malware and I can only use safe mood...What do I do?...Have XP
> Home,Service Pack 3..Thanks.



*What* malware do you have? How do you know you have it?

--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
 
E

Elmo

Flightless Bird
NICK MEALE wrote:
> I have malware and I can only use Safe moDE. What do I do? Have XP
> Home, SP 3.. Thanks.


Download this Avira Antivir Rescue System program which will burn a CD
image to a blank CD. It's updated a few times per day. Insert the CD
into the damaged machine and let it do a scan of your system. Before
starting the scan, select "Configuration" and set to repair or rename
the infected files. Sometimes your machine won't restart after such a
repair process, so you might want to save needed files to another system
before using this. If you can't, then you can move the hard drive to
another machine to copy needed files. You can do that before, or after
this scan.

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

Then run these:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

You can try of the CD's mentioned at the following site. BitDefender
was my favorite, but if the infected machine can't connect to the
internet to get updates, Avira comes with current virus definitions.
Also, some of these just won't run on some systems, perhaps because
there's no drivers available for some system devices, motherboard,
graphics card, etc. So try a few of these till you find one that works:

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is available,
(though no .exe is available for BitDefender).

After the scan is run, if you elect to quarantine files, they're
quarantined to RAM and lost after you reboot. You'll need to copy any
quarantined files to the hard drive, a thumb drive or elsewhere before
exiting.


--
Joe =o)
 
J

Jose

Flightless Bird
On Feb 21, 5:10 pm, "NICK MEALE" <nmeal...@earthlink.net> wrote:
> I have malware and I can only use safe mood...What do I do?...Have XP
> Home,Service Pack 3..Thanks.


What happens when you try a normal boot? I normally boot into a foul
mood. Try that sometime (couldn't resist).

Did you use msconfig to change any of the boot.ini settings (or
anything else) to try to remove the malware?

What have you tried so far?

If you can get into Safe Mode with networking and get on the Internet,
do this:

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.
 
N

NICK MEALE

Flightless Bird
Getting to desktop a box will say MSASCui.exe application error
0x80000003..
then the Malware Defense program shows up saying I have this virus
RootKit.Win32.agent.pp affecting Internet Explorer Also C:/program
files\Messenger\msmsgs.exe is causing problems..I notice th CD drive will no
longer record as it keeps asking for a blank disc.
Then the program will scan about 11 threats but i can't start this Malware
program...Thanks,Nick

"Ken Blake, MVP" <kblake@this.is.an.invalid.domain> wrote in message
news:0up3o59q83or9fspskpin41q4lpedmkp4u@4ax.com...
> On Sun, 21 Feb 2010 17:10:28 -0500, "NICK MEALE"
> <nmeale78@earthlink.net> wrote:
>
>> I have malware and I can only use safe mood...What do I do?...Have XP
>> Home,Service Pack 3..Thanks.

>
>
> *What* malware do you have? How do you know you have it?
>
> --
> Ken Blake, Microsoft MVP - Windows Desktop Experience
> Please Reply to the Newsgroup
 
J

Jose

Flightless Bird
On Feb 22, 10:10 am, "NICK MEALE" <nmeal...@earthlink.net> wrote:
> Getting to desktop a box will say    MSASCui.exe application error
> 0x80000003..
> then the Malware Defense program shows up saying I have this virus
> RootKit.Win32.agent.pp affecting Internet Explorer  Also C:/program
> files\Messenger\msmsgs.exe is causing problems..I notice th CD drive willno
> longer record as it keeps asking for a blank disc.
> Then the program will scan about 11 threats but i can't start this  Malware
> program...Thanks,Nick
>
> "Ken Blake, MVP" <kbl...@this.is.an.invalid.domain> wrote in messagenews:0up3o59q83or9fspskpin41q4lpedmkp4u@4ax.com...
>
>
>
> > On Sun, 21 Feb 2010 17:10:28 -0500, "NICK MEALE"
> > <nmeal...@earthlink.net> wrote:

>
> >> I have malware and I can only use safe mood...What do I do?...Have XP
> >> Home,Service Pack 3..Thanks.

>
> > *What* malware do you have? How do you know you have it?

>
> > --
> > Ken Blake, Microsoft MVP - Windows Desktop Experience
> > Please Reply to the Newsgroup


Oh, I see... Do you have Windows Defender installed? If yes, it is
broken but fixable.

Using explorer, navigate to:

C:/Program Files\Windows Defender

Locate and delete the afflicted manifest file called:

MSASCui.exe.manifest

Do not delete the MSASCui.exe file itself!

Restart your computer.

You can't start MBAM and/or SAS?

Then you are still infected and should fool the malware you have by
renaming the mbam.exe to something else - like nick.exe and run
nick.exe instead.

If the MBAM downloads okay and the installation will not launch,
rename mbam-setup.exe too, then run the renamed file.

You have to sometimes outsmart the malware that recognizes these
executable processes and will not let them run.
 
P

PA Bear [MS MVP]

Flightless Bird
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

NICK MEALE wrote:
> I have malware and I can only use safe mood...What do I do?...Have XP
> Home,Service Pack 3..Thanks.
 
N

NICK MEALE

Flightless Bird
I don't know what you are driving at.....Nick
"Jose" <jose_ease@yahoo.com> wrote in message
news:d970bfa6-d51a-4a35-bcc9-87fc6b40f11a@q29g2000yqn.googlegroups.com...
On Feb 22, 10:10 am, "NICK MEALE" <nmeal...@earthlink.net> wrote:
> Getting to desktop a box will say MSASCui.exe application error
> 0x80000003..
> then the Malware Defense program shows up saying I have this virus
> RootKit.Win32.agent.pp affecting Internet Explorer Also C:/program
> files\Messenger\msmsgs.exe is causing problems..I notice th CD drive will
> no
> longer record as it keeps asking for a blank disc.
> Then the program will scan about 11 threats but i can't start this Malware
> program...Thanks,Nick
>
> "Ken Blake, MVP" <kbl...@this.is.an.invalid.domain> wrote in
> messagenews:0up3o59q83or9fspskpin41q4lpedmkp4u@4ax.com...
>
>
>
> > On Sun, 21 Feb 2010 17:10:28 -0500, "NICK MEALE"
> > <nmeal...@earthlink.net> wrote:

>
> >> I have malware and I can only use safe mood...What do I do?...Have XP
> >> Home,Service Pack 3..Thanks.

>
> > *What* malware do you have? How do you know you have it?

>
> > --
> > Ken Blake, Microsoft MVP - Windows Desktop Experience
> > Please Reply to the Newsgroup


Oh, I see... Do you have Windows Defender installed? If yes, it is
broken but fixable.

Using explorer, navigate to:

C:/Program Files\Windows Defender

Locate and delete the afflicted manifest file called:

MSASCui.exe.manifest

Do not delete the MSASCui.exe file itself!

Restart your computer.

You can't start MBAM and/or SAS?

Then you are still infected and should fool the malware you have by
renaming the mbam.exe to something else - like nick.exe and run
nick.exe instead.

If the MBAM downloads okay and the installation will not launch,
rename mbam-setup.exe too, then run the renamed file.

You have to sometimes outsmart the malware that recognizes these
executable processes and will not let them run.
 
R

Russ SBITS.Biz [SBS-MVP]

Flightless Bird
I'll try this again
Microsoft offers free help with things like these
Microsoft PC Safety
866-727-2338
Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
MCP, MCPS, MCNPS, SBSC
Microsoft Certified Small Business Specialist
SBS2003 SBS2008 Support - www.SBITS.Biz
Question or Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


"NICK MEALE" <nmeale78@earthlink.net> wrote in message
news:upNU90$sKHA.5356@TK2MSFTNGP02.phx.gbl...
> I don't know what you are driving at.....Nick
> "Jose" <jose_ease@yahoo.com> wrote in message
> news:d970bfa6-d51a-4a35-bcc9-87fc6b40f11a@q29g2000yqn.googlegroups.com...
> On Feb 22, 10:10 am, "NICK MEALE" <nmeal...@earthlink.net> wrote:
>> Getting to desktop a box will say MSASCui.exe application error
>> 0x80000003..
>> then the Malware Defense program shows up saying I have this virus
>> RootKit.Win32.agent.pp affecting Internet Explorer Also C:/program
>> files\Messenger\msmsgs.exe is causing problems..I notice th CD drive will
>> no
>> longer record as it keeps asking for a blank disc.
>> Then the program will scan about 11 threats but i can't start this
>> Malware
>> program...Thanks,Nick
>>
>> "Ken Blake, MVP" <kbl...@this.is.an.invalid.domain> wrote in
>> messagenews:0up3o59q83or9fspskpin41q4lpedmkp4u@4ax.com...
>>
>>
>>
>> > On Sun, 21 Feb 2010 17:10:28 -0500, "NICK MEALE"
>> > <nmeal...@earthlink.net> wrote:

>>
>> >> I have malware and I can only use safe mood...What do I do?...Have XP
>> >> Home,Service Pack 3..Thanks.

>>
>> > *What* malware do you have? How do you know you have it?

>>
>> > --
>> > Ken Blake, Microsoft MVP - Windows Desktop Experience
>> > Please Reply to the Newsgroup

>
> Oh, I see... Do you have Windows Defender installed? If yes, it is
> broken but fixable.
>
> Using explorer, navigate to:
>
> C:/Program Files\Windows Defender
>
> Locate and delete the afflicted manifest file called:
>
> MSASCui.exe.manifest
>
> Do not delete the MSASCui.exe file itself!
>
> Restart your computer.
>
> You can't start MBAM and/or SAS?
>
> Then you are still infected and should fool the malware you have by
> renaming the mbam.exe to something else - like nick.exe and run
> nick.exe instead.
>
> If the MBAM downloads okay and the installation will not launch,
> rename mbam-setup.exe too, then run the renamed file.
>
> You have to sometimes outsmart the malware that recognizes these
> executable processes and will not let them run.
>
>
 
J

Jose

Flightless Bird
On Feb 22, 3:25 pm, "NICK MEALE" <nmeal...@earthlink.net> wrote:
> I don't know what you are driving at.....Nick"Jose" <jose_e...@yahoo.com>wrote in message
>
> news:d970bfa6-d51a-4a35-bcc9-87fc6b40f11a@q29g2000yqn.googlegroups.com...
> On Feb 22, 10:10 am, "NICK MEALE" <nmeal...@earthlink.net> wrote:



I am driving at the post where you said:

Getting to desktop a box will say MSASCui.exe application error
0x80000003..

MSASCui,exe is installed by Windows Defender. WD wants to run
automatically when your system restarts and it is having a problem
running.

When you see 0x80000003 and a reference to MSASCui.exe, that means
Windows Defender is broken. It probably really says
MSASCui.exe.manifest? It doesn't really matter - it is broken or
something is keeping it from running.

Usually you can fix this issue by simply deleting the
msascui.exe.manifest file from c:/program files\windows\defender and
rebooting (see earlier post).

If the file does not exist or deleting it does not solve the problem,
then Windows Defender should be uninstalled and reinstalled to fix
this problem.

If you have some malware infections already, this will not remove the
malware from your system so you need to do some other better scans.

Since this may be caused by some infection, you should also try to get
MBAM and SAS running (see earlier post again) since (in my opinion)
they are more likely to relieve you of malware that Windows Defender.
Windows Defender is also a tremendous consumer of Virtual Memory (see
Task Manager with the VM Size column enabled), but that may not be an
issue for you.

You can certainly call the 866 number, and I just did, and they are
experiencing high call volumes as usual. I tuned on my speaker phone
and ate a sandwich and was still on hold. I think it would take less
time to try to fix the problem yourself. I am still on hold. I
recreated your problem on my system and know I can fix it, but I I
want to see what they say when I tell I have the problem you have.

The two times in my life I have talked to those 866 people, instead of
helping me fix my problem, they gave up after a few minutes and said I
needed to reformat my drive, reinstall Windows and all my
applications. Of course, I did not do that and never will.

Maybe you will have better luck with them. Let us know how it works
out and I will let you know how they "help" me with this silly new WD
issue.
 
Top