Russ
--
Russell Grover - SBITS.Biz [SBS-MVP]
MCP, MCPS, MCNPS, SBSC
Microsoft Certified Small Business Specialist
SBS2003 SBS2008 Support - www.SBITS.Biz
Question or Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
"D." <wd...@sover.net> wrote in message
news:OQ312V0s...@TK2MSFTNGP02.phx.gbl...
*What* malware do you have? How do you know you have it?
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
Download this Avira Antivir Rescue System program which will burn a CD
image to a blank CD. It's updated a few times per day. Insert the CD
into the damaged machine and let it do a scan of your system. Before
starting the scan, select "Configuration" and set to repair or rename
the infected files. Sometimes your machine won't restart after such a
repair process, so you might want to save needed files to another system
before using this. If you can't, then you can move the hard drive to
another machine to copy needed files. You can do that before, or after
this scan.
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
Then run these:
Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html
You can try of the CD's mentioned at the following site. BitDefender
was my favorite, but if the infected machine can't connect to the
internet to get updates, Avira comes with current virus definitions.
Also, some of these just won't run on some systems, perhaps because
there's no drivers available for some system devices, motherboard,
graphics card, etc. So try a few of these till you find one that works:
Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
Download the executable rather than the .iso image, if one is available,
(though no .exe is available for BitDefender).
After the scan is run, if you elect to quarantine files, they're
quarantined to RAM and lost after you reboot. You'll need to copy any
quarantined files to the hard drive, a thumb drive or elsewhere before
exiting.
--
Joe =o)
What happens when you try a normal boot? I normally boot into a foul
mood. Try that sometime (couldn't resist).
Did you use msconfig to change any of the boot.ini settings (or
anything else) to try to remove the malware?
What have you tried so far?
If you can get into Safe Mode with networking and get on the Internet,
do this:
Perform some scans for malicious software, then fix any remaining
issues:
Download, install, update and do a full scan with these free malware
detection programs:
Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
They can be uninstalled later if desired.
"Ken Blake, MVP" <kbl...@this.is.an.invalid.domain> wrote in message
news:0up3o59q83or9fsps...@4ax.com...
Oh, I see... Do you have Windows Defender installed? If yes, it is
broken but fixable.
Using explorer, navigate to:
C:\Program Files\Windows Defender
Locate and delete the afflicted manifest file called:
MSASCui.exe.manifest
Do not delete the MSASCui.exe file itself!
Restart your computer.
You can't start MBAM and/or SAS?
Then you are still infected and should fool the malware you have by
renaming the mbam.exe to something else - like nick.exe and run
nick.exe instead.
If the MBAM downloads okay and the installation will not launch,
rename mbam-setup.exe too, then run the renamed file.
You have to sometimes outsmart the malware that recognizes these
executable processes and will not let them run.
Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/
Otherwise...
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.
2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm
3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
Checking for/Help with Hijackware:
� http://mvps.org/winhelp2002/unwanted.htm
� http://inetexplorer.mvps.org/tshoot.html
� http://www.mvps.org/sramesh2k/Malware_Defence.htm
� http://www.elephantboycomputers.com/page2.html#Removing_Malware
**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
--
Russell Grover - SBITS.Biz [SBS-MVP]
MCP, MCPS, MCNPS, SBSC
Microsoft Certified Small Business Specialist
SBS2003 SBS2008 Support - www.SBITS.Biz
Question or Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
"NICK MEALE" <nmea...@earthlink.net> wrote in message
news:upNU90$sKHA...@TK2MSFTNGP02.phx.gbl...
I am driving at the post where you said:
Getting to desktop a box will say MSASCui.exe application error
0x80000003..
MSASCui,exe is installed by Windows Defender. WD wants to run
automatically when your system restarts and it is having a problem
running.
When you see 0x80000003 and a reference to MSASCui.exe, that means
Windows Defender is broken. It probably really says
MSASCui.exe.manifest? It doesn't really matter - it is broken or
something is keeping it from running.
Usually you can fix this issue by simply deleting the
msascui.exe.manifest file from c:\program files\windows\defender and
rebooting (see earlier post).
If the file does not exist or deleting it does not solve the problem,
then Windows Defender should be uninstalled and reinstalled to fix
this problem.
If you have some malware infections already, this will not remove the
malware from your system so you need to do some other better scans.
Since this may be caused by some infection, you should also try to get
MBAM and SAS running (see earlier post again) since (in my opinion)
they are more likely to relieve you of malware that Windows Defender.
Windows Defender is also a tremendous consumer of Virtual Memory (see
Task Manager with the VM Size column enabled), but that may not be an
issue for you.
You can certainly call the 866 number, and I just did, and they are
experiencing high call volumes as usual. I tuned on my speaker phone
and ate a sandwich and was still on hold. I think it would take less
time to try to fix the problem yourself. I am still on hold. I
recreated your problem on my system and know I can fix it, but I I
want to see what they say when I tell I have the problem you have.
The two times in my life I have talked to those 866 people, instead of
helping me fix my problem, they gave up after a few minutes and said I
needed to reformat my drive, reinstall Windows and all my
applications. Of course, I did not do that and never will.
Maybe you will have better luck with them. Let us know how it works
out and I will let you know how they "help" me with this silly new WD
issue.