Exe file, bad image pop ups

By Please Help
Nov 15, 2008
Topic Status:
Not open for further replies.
  1. Hi guys I am new here and need some major help. I am getting tonnnnns of pop up errord sayi for example msnmsgr.exe(blahblahblah.dll) bad image, I made that file name up but I get tons as im booting and after booting the programs run fine, but its annoying as hell and need help. I dled HJT, please see the attached log file from HJThe log file I have, please advise further on how to fix this. This is greatly appreciated!

    Attached Files:

  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hello Please Help (come on man) Please Help!!!!!!!!!!!!!!!

    The TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    Do all skip no step (do not install another virus scanner as you already have one).

    Most importantly update MalwareBytes and SuperAntiSptware!

    Before you scan with SuperAntiSpyWare do the below:

    SuperAntispyware config

    After installed double-click the icon on your desktop to run it.

    It asks to update the program definitions, click Yes.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    In MalwareBytes after update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and post their logs then a new HJT log.

    Do this correctly and we will make a short job of this!

    Mike
  3. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hello Please Help

    I made this a separate post for simplicity the above was bib enough,

    Special case where after installing MBAM and SAS they will not update or run.

    Run this process only after you have installed MBAM and SAS and they will not update or run! They must be installed!!!!!!!

    I have written a BFU script and a couple of batch files to:
    1. Rip out Antivirus 2009, delete many other known bad files
    2. Repair disabled Regedit, Taskmgr CMD etc.
    3. Defaults the HOSTS file
    4. Deeply cleans Temps both Windows and Internet
    5. Renames MBAM and SAS (actually copies to this name so we still have the original name also) and puts Shortcuts on Desktop
    Plus more.

    To do this open the Attachment Fixit and download to desktop then Dbl click to Extract the Zip, it will create a Fixit folder on the Desktop (later when clean you may delete both of these).

    Dbl Click the Fixit Folder to enter it. Dbl click only the Fixit.cmd it will run if any Virus/Malware or Firewall asks about it, all must be allowed answer any prompts.

    It will reboot your computer when it finishes.

    Once back to Desktop.

    Run only the runmbam and sas shortcuts until issues fixed then you may go back to the original shortcuts.

    Remember to update and do the below special settings before Scanning.
    Then post the logs on each run repeat the run until the log says clean or finds something it can not fix! Begin with runmbam then repeat with sas.

    Dbl click the runmbam icon.
    When it opens do not scan first UPDATE then click settings and confirm all checked if not check them. The click Scaner Tab chose Full scan the confirm your windows drive is selected/checked then click start Scan.

    SuperAntispyware (sas) config

    Before clicking Scan, UPDATEthen click Preferences then Scanning Control.
    Check all items except the 3rd item (Ignore System Restore......)
    Click Close button to exit control center.
    On main screen, Scan for Harmful Software click Scan your computer.
    On the left check C:\Fixed Drive.
    On the right, under Complete Scan, choose Perform Complete Scan.
    Click Next to start the scan.

    It will take while as it scans your computer.

    After the scan, a summary box will popup. Click OK.
    Make sure all in the white box has a check next to it, click Next.
    It will quarantine what it found, and pop up a log file. Attach log file back to Thread.

    If asked to reboot, click Yes. When back up repeat again until clean posting logs each time!

    For Attachment see and get from post #3. http://www.techspot.com/vb/topic115811.html

    Mike
  4. Please Help

    Please Help Newcomer, in training Topic Starter

    Here are the logs I am still having a thousand of those pop up things saying bad image check against installation disketter and some .dll file each time. Thanks for your patience with me.

    Attached Files:

  5. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Good morning

    I assume you were able to proceed without needing the Attachment!

    No wonder you are having all those pop ups and re-directions.

    Did you modify mbam and SAS as below

    Open SAS then click Preferences-then Scanning Control.

    In Scanner control make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    In MalwareBytes after update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them again and again until they come up clean or can not clean something, and post their logs then a new HJT log.

    Mike
  6. Please Help

    Please Help Newcomer, in training Topic Starter

    Thanks, please refer to the picture I have attached, it shows the message I get. Before windows even gets tot load my desktop I am getting these popups and then when it loads I have to left click about 50 times to close them all as one after the other pops up, it's really frustrating me. I will keep repeating the cleans, but it doesnt seem to be helping almost getting worse. *** Never mind the picture file is too big.
  7. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Repeating the Cleans I have not seen the logs for these!

    Show me the clean MBAM and SAS logs!!!!!

    Did you need to resort to my post #3 and the Attachment to get this far?????

    Because off so many found malware you must run both MBAM and SAS until they come up clean. Post log for each run. No need for a HJT log until I request it.

    Mike
  8. Please Help

    Please Help Newcomer, in training Topic Starter

    Hi, here is the deal, malware doesnt show anything, so i stopped scanning with it after 3 scans. the superanti spyware showed a ton of infections whch i thought i deleted, then i scanned again ansd these were cut in half eventually i was down to like 10 infections and then 4, so i reboot after 4 infections and it says 10 again! im scanning once more. I forgot to post the new logs I will post this one.
  9. mflynn

    mflynn Newcomer, in training Posts: 2,793

    OK no need to scan more, just do the below!

    SAS is likly showing tracking cookies.

    Download SD Fix to Desktop among other things it runs Catchme to look for RootKits.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-clickto RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Copy and paste the Report.txt file to your next post.

    Mike
  10. Please Help

    Please Help Newcomer, in training Topic Starter

    I did everything I ran the "RunThis.bat" file it opened up and said starting repair, analzyzin processand systems" or something to that effect. Then the pop ups began.exe bad image non stopTHEY WOULDNT close, and the program did nothing I waited probably 20 minutes and it didnt appear as the file was doing anything I tried again, same thing I got fed up and cloose my computer and rebooted to let you know what happened.
  11. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Reboot to Safe Mode only and run the Fixit.bat.

    If it fails here then see if it put the sas and runmbam shortcuts on desktop.

    If so reboot to Safe Mode networking and run the runmbam when it finishes one run, reboot again back to Safe Mode networking and run it again posting logs at each run!

    When runmbam comes up clean or with something it cannot remove then..

    Run sas remove all found and then reboot to normal mode and run sas once more post this log also and a HJT log last

    I think this should amost finish us up..

    Mike
     
  12. Please Help

    Please Help Newcomer, in training Topic Starter

    The malware program has not picked anything up for the last 5 or 6 times I ahve run it. I ran the super antispyware three times it has 14 infections, 19 infections and now the last time before I goto bed it has 4 infections here is the log for this last one I forgot to save the other ones. Also here is the hijackthis log.
  13. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi Please Help

    Use HJT Scan only to select and remove the below

    O2 - BHO: (no name) - {A99F0C80-5B63-4FED-8EEE-8986A6910AD7} - C:\WINDOWS\system32\pmnoNFwt.dll (file missing
    O2 - BHO: (no name) - {cfd93fa7-1c3a-4338-9263-31c4bd426e3a} - C:\WINDOWS\system32\nlwmjt.dll (file missing

    O15 - Trusted Zone: *.antimalwareguard.com
    O15 - Trusted Zone: *.antispyexpert.com
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.spyguardpro.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusremover2008.com
    O15 - Trusted Zone: *.virusschlacht.com
    O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
    O15 - Trusted Zone: *.antispyexpert.com (HKLM)
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.onerateld.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.spyguardpro.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O15 - Trusted Zone: *.virusremover2008.com (HKLM)
    O15 - Trusted Zone: *.virusschlacht.com (HKLM)

    O20 - AppInit_DLLs: swexkc.dll vvsevw.dll

    Uninstall your very old version of HJT!
    Then go back to the 8 Steps Post #2 and download the new one

    Then go back and do post #9

    I think this will do it.

    Make sre to post the HJT (with new HJT) last after the above!

    Mike
  14. Please Help

    Please Help Newcomer, in training Topic Starter

    Hi Mike, Thank you sooooooooooo much for you help. I wish I was this slick at computers! I am confident the problem is fixed (no pop up crap) anymore and the sdfix program worked. Here are the logs for SDFix and the new HJThis, let me know if I have to do anything else! THANKS AGAIN.
  15. mflynn

    mflynn Newcomer, in training Posts: 2,793

    HJT away the below and we are finished.

    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

    You do good work!.

    Check back tomorrow and I will post a closing process for the thread. But for now I am tired!

    Mike
  16. MAx1313

    MAx1313 Newcomer, in training

    Same Bad Image Pop-Up Problem

    Hi MFlynn,

    I am having the same problem as the person you helped in the above post. I had trouble seeing what actually fixed the problem so I am going to go ahead and do the 8 steps. I'll get back to you when I have all the info you requested.

    Hope to talk to you soon!
  17. kaze919

    kaze919 Newcomer, in training

    Hey I'm having the same problem as everyone else.

    I ran all the tests and it looks like I have a rootkey problem (as described above) I have also done all 8 steps. I had the same problem where the bad image pop ups would not close (it would just open one after another so I restarted).

    So this time around I guess I need help so I've attached my log files. Thank you for your help in advance.
  18. kaze919

    kaze919 Newcomer, in training

    I have also tried SDFix and it has not helped solve the issue.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.