Problems launching applications

Discussion in 'Trojan Defence Suite' started by Jagan Thomas, Jan 13, 2004.

Thread Status:
Not open for further replies.
  1. Jagan Thomas

    Jagan Thomas Guest

    Hello all,
    After I successfully ran the TDS3 appplication, it was able to detect 5 to 6 worms/trojans in my system. I deleted the files as it was positively identified as a trojan. But as a result of that, I am not able to launch any application from my start menu. As a matter of fact, I have problem even restarting my computer. It shows the "Program not found window" with the name of the app I am trying to launch. After I hard booted my machine, it gave me the name of some files that it could not find on startup. These files were not the files that were identified as a trojan and also the names of the file were different from these ones. The files it cannot launch are autorun.exe, rundll32.exe, systray.exe, essolo.exe and autochk.exe and init. Please anyone can help me in this matter will be greatly appreciated.

    Jagan Thomas
     
  2. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Hi Jagen :) .

    You could try running sfc /scannow to see if it finds any missing files,...you will need your Windows CD on hand for any files you may need to replace.

    To run sfc /scannow:

    Click>START,
    Click>RUN,
    Type in> sfc /scannow,
    Click>OK.

    Have a look at the screenshot mate.

    Regards,
    Jade.
     

    Attached Files:

    • Sfc.jpg
      Sfc.jpg
      File size:
      24.3 KB
      Views:
      569
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Jagan, which windows version do you have? XP or ME with system restore possible?
    If so step back if you can -- as i suppose you need windows running for that: is safe mode possible if normal is not possible?-- after Jade's recommendation to try to have Windows running again properly.

    Hope you remember exactly the files you deleted, and as which trojan they were identicated.
     
  4. JAgan Thomas

    JAgan Thomas Guest

    Hi Guys,
    I have windows 98 on my machine.
     
  5. Jagan

    Jagan Guest

    Hello,
    Also because the machine cannot detect the autorun application, I cannot run the sfc /scannow feature.
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Still cant work out exactly what has happened. Are these programs set to autostart (use ASViewer to see) and they just dont run ? It might mean some were starting trojans but otherwise im just not sure whats going on..

    If you click on any EXE file does it run ok still or is there a problem there ? (should be ok?)
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Did you ever configure the scanreg.exe /restore option?
    From msdos in that case you could be lucky with fixing the registry so with that you might get some running again.
    Is it possible to get into safe mode and run sfc from there?
     
  8. Jagan

    Jagan Guest

    Hi Guys,
    What is happening is that what I click on an .exe, instead of launching the corresponding application, it pops up the window that says "Program not found". I have been able to fix application like word or excel by manually locating the .exe to the shotcut but the major problem is when I have to launch some system setings app like ADD/REMOVE PROGRAMS OR ANYTHING FROM THE CONTROL PANEL for example. Even, i cannot launch the clock on the task bar. It say PROGRAM NOT FOUND AND ALSO SHOWS RUNDLL32.EXE SHELL32, CONTROL_RUNDLL......
    Because of this, I cannot install any application...I tried to upgrade from 98 to XP.
    The files that were detected had names like bride.exe, love.scr etc...names that were very obvious are not necessary files and they were positively identified.
    I aoplogise for this long delay in responding but that is because of the time difference....I am in Canada...

    Jagan
     
  9. Jagan

    Jagan Guest

    Before deleting the identified trojans/worms, all applications were launching as it normally does on any PC. I did the scanregw utility and it did not find any errors in the registry.
     
  10. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    love.scr
    : Yaha Virus: Possible Filenames and Subjects

    Email Attachment Filenames
    Love.scr
    i think you are having virus in your computer
    bride.exe

    Name: Win32.Bride.A@mm
    Aliases: W32/Braid.A (Sophos), Bridex (F-Secure)
    Type: Executable Mass-mailer
    Size: 118787 bytes
    Discovered: November 4, 2002
    Detected: November 4, 2002, 20:30 (GMT+2)
    ITW: Unknown
       
    Technical facts about Win32.Bride.A@mm computer virus:


    Symptoms
    - file "regedit.exe" in the Windows System folder (not in the Windows folder !);
    - file "Explorer.exe" on the Desktop (with an icon of Internet Explorer, not of Windows Explorer !);
    - email message file "Help.eml" on the Desktop;
    - file "bride.exe" in the Windows System folder;
    - the registry entry HKCU\Software\Microsoft\Windows\CurrentVersion\Run\regedit.


    Technical description
    This is a mass-mailing worm written in Visual Basic, which carries along the file infector Win32.FunLove.4070. The FunLove body and most of the character strings used by the virus are encrypted, to make reverse engineering more difficult.

    The worm arrives in an email message in the following format:

    From: (Windows registered user name of infected user)
    Subject: (Windows registered organization of infected user)
    Body:
    Hello,

    Product Name: (Windows version)
    Product Id: (Windows product id)
    Product Key: (Windows product key)

    Process List:
    (list of names and descriptions of running security processes)

    Thank you.
    Attachment: README.EXE
    just wait for some expert here to help u out
    thx
     
  11. Jagan

    Jagan Guest

    Thanks a lot subratam....I hope someone can fix this problem as I am completely stuck.
     
  12. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    If that is the problem that makes a whole lot more sense

    Symantec has a few YAHA removal tools, so check here

    http://www.sarc.com/avcenter/venc/data/w32.yaha.removal.tool.html
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    http://www.virushelp.nl/tools.htm
    Here is a whole page with repair tools.
    Bride is detected by TDS too.

    I give you this extra link for the bride because of screenshots and more files mentioned.
    http://www.bullguard.com/antivirus/vit_bride_a.aspx
    and another bride version
    http://www.bullguard.com/antivirus/vit_bride_c.aspx
     
Thread Status:
Not open for further replies.