Everything I try to open, opens with media player

[gapeach]

I was asked to clean up a friends computer for them. After turning it on, every program you try to launce launches through media player. It says it can't open that file type, then gives the erroe message "The procedure entry code point GetIUMS could not be located in the dynamic link library msdart.dll". I was able to find a backdoor to run an avg scan, and it detected a virus called "Collected.5.L". It also finds the virus associated with Sun Java. AVG will put the viruses in the virus vault, but upon reboot, it still reverts back to opening the media player, and another run of avg shows the viruses again. I have also run antispyware (which has always been very helpful for me), but it found just a few common things like dotnet, and few dialers.

I can't get into regedit, msconfig, command propt, add remove programs, NOTHING! I can't install anything, or uninstall anything. Any ideas?!

Thanks!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

Run the AVG scan again and delete whatever it finds.

Then, reboot into normal mode and turn system restore back on.

Then, follow the instructions below.

Go HERE and follow the instructions exactly.

Post a fresh HJT log into this thread, only after doing the above.

I have moved this thread to our security and the web forum.

Regards Howard :wave: :wave:

 

[gapeach]

Thanks Howard. I feel really stupid as I have never encountered anything like this. I do have another question. I have booted into safe mode several times while trying to fix this before I posted. What I am finding is an Admin log-on, and an Owner log-on. The owner log-on is the only one seen when booting into regular mode, but in safe mode, it acts the same as it does in regular mode. You can't open any of the rundll files, and can only open certain programs from a right click "run as". If I go into Admin safe mode, the changes don't seem to affect the owner log-on. UGH! I have been fixing computers with minor bugs for a few years, but I guess I need to go back to school as this one has me really frustrated!

Thanks for your help!

 

[Vigilante]

I might interject that, in addition to Howards advice, IF indeed the problem is only limited to that one user account, you could go into the admin account, create a NEW user, and use that account.

The "administrator" user dissapears in normal mode when there is any other user account, because it is the default admin account for windows. Normally nobody is supposed to use this account. In safe mode, for the purpose of fixing things, the administrator becomes visible again.
If you were to delete all users, you would see administrator from normal mode. But that's not good!

Anyway, you could create a new user and see if it works in normal mode. If so, BEFORE deleting the bad user, backup ALL the data out of the old user or else it will be deleted, everything in my docs, favorites, outlook express and outlook data and more. If you don't know how to get a complete backup, don't delete the user, but at least create a new one and see if it works.
If not, and if the above advice doesn't work, you may have a file type association problem, on top of the infection. But we'll cross that bridge when we get there.

Good luck

 

[howard_hopkinso]

When you boot into safe mode, log in to the normal user account.

Regards Howard

 

[gapeach]

Tried to log into "Owner" several times, but it won't let me anywhere near any registry, or admin type files. When I try to open my computer properties to get to system restore, or when I try to open it from control panel, media player pops up and gives me an error. I also tried to create a new user from the sdmin acct, and it won't let me type a name for it.

Here is a Hijack this log I was able to get with a self extracting program, but again, I can't use the owner log-on to change system restore to keep the virus from replicating

 

[howard_hopkinso]

That HJT log is a complete mess.

I recommend that you reformat and reinstall your friends computer.

You should download AVG free and zonealarm free from HERE and HERE.

Disconnect your friends computer from the net and reformat and reinstall Windows. Then install Zonealarm and install the drivers etc, followed by Windows updates.

Then, install the AVG programme and reboot the system, and run the AVG updates.

Regards Howard

 

[gapeach]

That's what I was afraid I'd have to do. I agree with the AVG & ZA, those are the 2 I have on all of mu computers and they do a great job. I haven't ever seen such a mess either. Thanks for all of your help and replies

Have a great day!