Can not install/uninstall any programs in normal or safe mode

By bgelston
Aug 16, 2008
Topic Status:
Not open for further replies.
  1. having all sorts of problems with a desktop. I can not install any program in normal or safe mode. My virus protection has been shutdown. When I attempt to go to any Virus protection web site ( symantec, mcafee, trendmicro, etc ) my browers gets page can not be displayed. Being local computer geek in my neighborhood, i get the gems.

    I have attached the log file from hijackthis. I did the scan while in safe mode.
    btw: I can not browser to any virus protection site in "safe mode with network" either.

    Any help would be greatly appreciated.

    If I can not get this fix I was planning on backing up all th data than "NUKIN" the hard drive and reinstall.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Dest068.exe -> Trojan - part of Wareout
    BoundRec.exe -> Trojan - part of Wareout
    PestTrap.exe -> is a rogue anti-spyware application
    85.255.116.110 -> Trojan DNSBust-M

    Here's an idea, remove Norton, and install any other (ie free Avast Antivirus)

    Anyway, please do the following:

    Remove HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      O4 - HKLM\..\Run: [rock] rock.exe
      O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Alex\LOCALS~1\Temp\scksexde.exe/r
      O4 - HKCU\..\Run: [SetupExeDll] Dest068.exe
      O4 - HKCU\..\Run: [SAPSTR] BoundRec.exe
      HKLM\System\CCS\Services\Tcpip\..\{D873375C-436B-4D7B-93DB-7F3D321F80DC}: NameServer = 85.255.116.110
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    ============================================

    [​IMG]Run Kaspersky Online AV Scanner

    In order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply



    Edit:

    This tool will remove "Wareout" Trojan
    Please download FixWareout Removal Tool

    I would also suggest that you un-install all those live protection programs (ie they didn't help!)
    Then run CCleaner (to clean out all the temp files)

    Post a new HJT Log once all this is done
    :)
  3. bgelston

    bgelston Newcomer, in training Topic Starter

    Here is the results..

    Thanks for your help..

    I could not go to kaspersky to download the AV on the infected computer.

    I had to download FixWareout Removal Tool on another computer and than use a Cruizer drive to move it over to the infected computer. I had to do the same thing with CCleaner.

    Attached is the HJT log.

    Thanks again,
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Here's what you presently have
    You can tick and fix all the bold threats in HJT (But read on below this too)

    Please Uninstall ALL those live protection programs from Add/Remove programs (lots of them!!) Whilst they are installed, the cleaning process is nearly impossible (I have now asked you twice to do this)

    Then...

    Download Startup Control Panel
    Run it
    Untick all Startups on all Tabs
    Restart

    Then...

    Download Smitfraud Fix
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Clean:

    Reboot your computer in Safe Mode
    (before the Windows icon appears, tap the F8 key continually)

    Double-click SmitfraudFix.exe

    Select 2 and hit Enter to delete infected files.

    You will be prompted: Do you want to clean the registry ? answer Y (yes)
    and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if you are infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

    A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Optional:

    To restore Trusted and Restricted site zone, select 3 and hit Enter.
    You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
    ----------------------------------------------------

    Then...

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.

    Then...

    Post a new HJT Log
  5. bgelston

    bgelston Newcomer, in training Topic Starter

    some continuing issues...

    I uninstalled Norton 360.i took care of the HJT entries you mention. I also did the startup control panel and unchecked all running programs under all tabs. However, when I attempted to run SmitfraudFix in Safe Mode it did not run. I have posted HJT log.
    Please let me know what the next steps are.
    Thanks again for your help
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I possibly should inform you, that checking HJT Logs are not my area of expertise, but hopefully you can see that I give it quite a good show.

    Anyway, I don't understand this part, why doesn't it run?
    Also did Malwarebytes get scanned? And remove any threats?

    Also you now do not have any Virus protection (and hopefully all those Spyware programs have been removed!)

    You now need to install another AntiVirus program
    Have a look here: http://www.av-comparatives.org/
    Due to the many Spyware/Trojans issues, it may be best for you to download/Install/Update and then do a full scan with AVG Free Antivirus
  7. bgelston

    bgelston Newcomer, in training Topic Starter

    Yes, you do give it a good show and I appreciate the help.

    What I mean about "Not Running" is, when I double click on the ICON, I get some hard drive drive activity but the program does not run. The same thing happens with Malwarebytes.
    It is really getting annoying...

    HJT seems to run without a problem and so did Startup Control Panel.

    Any thoughts..

    Thanks
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  9. bgelston

    bgelston Newcomer, in training Topic Starter

    Installed the 4.5 redistributable. I even installed SP3.
    Still no luck. I can not install Smtfraudfix.exe..ugh...
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  11. bgelston

    bgelston Newcomer, in training Topic Starter

    All done..Logs attached..

    Here are all the logs..Thanks again..
    Bob
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    How's it all going now?
  13. bgelston

    bgelston Newcomer, in training Topic Starter

    seems to be much better. How do the logs look to you?
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I had a quick look, it looks good :)

    But I am not a HJT log expert (as you know!)
    You may receive other replies
  15. bgelston

    bgelston Newcomer, in training Topic Starter

    That is great news. I know you said you are not an expert with HJT but you certainly have me fooled :).

    BTW: Do i need to turn things back on using the Startup Control Panel?

    Thanks again for you help..
    Bob
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Good question

    I need to inform you a little here

    Startup Control Panel is not like Windows MSConfig; if you disable things in Startup Control Panel you are not in diagnostic mode (which is good) and if anything, Windows will run better for it :)

    Personally I have disabled all my Windows startups (except AntiVirus and Firewall)
    All the other shortcut Startups, I don't want Windows to automatically run, when it first starts!

    But, maybe you do want these program shortcuts to run (ie some users like Messenger to open with Windows, god knows why??)
    But if you feel one of your program shortcuts, must start with Windows (ie instead of running it manually after Windows starts) then by all means - retick that shortcut.
    The next time Windows loads, so will that Program.

    Your choice :) (also I run it often, just in case another program decides to get in there)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.