EXE files not running and Trojans

  Covergirl 14:16 16 Jul 2009
Locked

Symptoms - exe files won't run
IE stopped connecting
Trojans found by AVG

A friend of mine had a relative stopping and allowed him to use his PC. After a short period of web browsing (to pick up his emails online), an incident occurred and (so I've been told) it BSODd with the STOP: C000218 Unknown Hard Error message.

I went round and started it up but got the black screen boot options - Start Windows normally, Last known good config, safe mode etc,. I did a last known good config and it booted to desktop.

All seemed good but I got a couple of error messages whilst booting : C:\Windows\System32\msvgmm.exe and mseebwm.exe could not load.

T'internet worked fine initially, but it eventually lost the acount details due (I think) to an AVG scan where I deleted everything suspicious.

I then noticed the AVG systray icon was missing. However, a right click and Scan With AVG was available in Win Explorer.

While the AVG interface was there I did a full scan. It found numerous (harmless) cookies but also found 19 items to worry about, mostly Trojans e.g. Trojan Horse Downloader VB.CBR and Generic 14.BSW. I consigned these to the virus vault and then emptied it.

Now, IE won't connect as it appears to have lost the Tiscali BB settings and
executables will not run most notably Word, Excel and AVG, although if I launch a Word.dot template from a shortcut it opens in Word and I can edit and print OK.

Launching any executable e.g. Excel.exe from Explorer brings up the "Open With" dialogue. Shortcuts bring up a "File Not Found" or similar. All "My Documents" are still there.

Anybody any ideas or a quick fix please ?

  mfletch 15:00 16 Jul 2009

Download this and burn the iso image to a CD then boot you friends PC from it,

DrWeb-LiveCD

Download click here

User Guide click here

Make sure that your computer is set up to boot from the CD drive, in
which the disk with Dr.Web LiveCD is inserted,

Using the arrow keys on your keyboard select one of the following
items and press ENTER:

To launch the GUI version of Dr.Web LiveCD, select
DrWeb-LiveCD.

To launch the command line version (the Console Scanner),
select DrWeb-LiveCD (Safe Mode).

Select standard GUI mode;

The standard mode is preferable because of its pictorial view and better
functionality.

You can start the main components by.

Double-clicking the icon of the respective component on the
desktop (by default, basic components are represented on the
desktop);

To open the system menu, click the system menu button in the
taskbar.

Click on DrWeb Scanner

The Scanner allows to check all types of Windows partitions (FAT,
FAT32, NTFS) for viruses. By default, all partitions of the hard drive are
selected for scanning.

To add an object to or remove an object from the list of objects to
scan, either click Add or Delete, or press INSERT or DELETE
respectively.

To start scanning the selected objects, click Start (it will turn to the
Stop button and scanning will start).

Scan results are shown as a table in the bottom of the Scanner main
window.

Below the report field is a row of buttons where you can select the
desired action for every object in the list: Cure or Delete. The Cure
action is not available for archives, containers, and mail files.

Exit the scanner and eject the CD

Restart the computer

  PO79 15:01 16 Jul 2009

Firstly go to start\run and enter sfc \scannow and let it replace any missing files.

Secondly do a repair installation of office

Thirdly do a repair\fresh installation of AVG

Post back with info on how things are.

  Covergirl 19:50 16 Jul 2009

. . . it's the DrWeb .iso at the bottom ? Whatever, downloading now.

Will evaluate this on good system at home then try on friends PC but it'll be nxt week now.

I'll also try the sfc \scannow as that looks simpler.

Anymore suggestions please go ahead and post.

Thanks for now.

  Covergirl 19:23 23 Jul 2009

No .exe files will run ! At least, if I could find something to associate them with I'd be allright !!

Hindsight tells me to rename it to .com but wil try that later.

Malwarebytes won't install and I've tried installing to a usb stick and that doesn't work either.

Currently running the DrWeb linux CD - going back in half an hour to see what's occurring. Then I'm off out to a quiz and won't be back until later so will post any results over the next few days.

  lotvic 20:41 23 Jul 2009

it won't run because you have the slash the wrong way click here
It should be

sfc /scannow

  Covergirl 05:16 24 Jul 2009

but it's a while since I used DOS commands.

Anyhow, DrWeb found numerous trojans and cured and deleted them but booting back into XP the same symptoms are still there.

I got into Safe Mode and eventually decided to do a system restore which was the only place it would run from. Unfortunately missed the reboot and it went into XP proper and failed to complete as system restore is an .exe file and wouldn't run. HaHa.

  Covergirl 12:14 06 Aug 2009

Well, after numerous attempts at various solutions I eventually gave up. I managed to regain core functionality in that it would now run .exe files, but I could not sort out the problem of "C:\Windows\System32\msvgmm.exe and mseebwm.exe could not load". Additionally, AVG kept reporting the odd Trojan and after a couple of hours of this I thought enough is enough, let's put the Dell system restore discs to work.

Dells restore disc booted just like a normal XP disc so I removed all the partitions and created one master then did a "quick" format on it and let XP install. Unfortunately it stalled at "34 minutes to go" for about 1.5 hours so I started again with a "full" format on the master partition. Again it stalled at 34 minutes so I left it running overnight and in the morning it appear to have completed but no mouse pointer available which made subsequent tasks like choosing a country slightly challenging. Fortunately all the Alt/Tab combos worked so managed to get through and everything seemed fine. Then there were the drivers from another Dell disc which all needed to be individually extracted to C: then "Update Driver" from the control panel. A bit long winded and old fashioned but . . . . Then there were 6 years worth of updates from SP1 on which needed installed, My Documents copied in from DVD then OE accounts set up and 5 days later delivered PC back to friend.

Phew !! Old computers - don't go there !!

I pity anyone hanging onto their XP installation needing a reinstallation anytime. I'll be taking a snapshot backup of this system as soon as possible.

Thanks for all the assistance.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 Hack Latest News: How Secure is your Wi-Fi?

Photoshop CC 2018 released with new Curvature Pen and better brush tools

Best kids apps for iPhone & iPad

Comment utiliser Twitter ?