**** is not a valid win32 application...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View



It was suggested that I post this problem here. Maybe one of you can
help me.


 I'm about to rip my hair out.

 I got a pop up the other day saying something about how Windows
 Security Alerts detected some virus. Like an idiot, I clicked "OK"
 without thinking. Now, I have a constant pop-up from some supposed
 security alert center asking me to buy it. UNlike other rogue
 anti-spyware viruses I've had, though, this one won't let me do
 ANYTHING.

 I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
 Systemcare. It won't let me open anything .exe save for Internet
 Explorer. I have tried running all of these in Safe Mode. This
doesn't
 work either. I have surfed the web and found numerous supposed
"fixes," but once I download them, I can't use them as the error
 message pops up once again telling me that it's not a valid Win32
 application. I've tried system restore, and it tells me that system
 restore was shut off by the administrator.

 Please someone help me. I don't want to have to completely redo
 EVERYTHING if I don't have to.
Thanks in advance.

Re: **** is not a valid win32 application...





| It was suggested that I post this problem here. Maybe one of you can
| help me.


|  I'm about to rip my hair out.

|  I got a pop up the other day saying something about how Windows
|  Security Alerts detected some virus. Like an idiot, I clicked "OK"
|  without thinking. Now, I have a constant pop-up from some supposed
|  security alert center asking me to buy it. UNlike other rogue
|  anti-spyware viruses I've had, though, this one won't let me do
|  ANYTHING.

|  I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
|  Systemcare. It won't let me open anything .exe save for Internet
|  Explorer. I have tried running all of these in Safe Mode. This
| doesn't
|  work either. I have surfed the web and found numerous supposed
| "fixes," but once I download them, I can't use them as the error
|  message pops up once again telling me that it's not a valid Win32
|  application. I've tried system restore, and it tells me that system
|  restore was shut off by the administrator.

|  Please someone help me. I don't want to have to completely redo
|  EVERYTHING if I don't have to.
| Thanks in advance.

Plaese download and execute Gmer on the affected computer...
http://www.gmer.net/#files

Close ALL applications and run a full scan.

If it doesn't like EXE files, rename the file to .COM

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: **** is not a valid win32 application...





| It was suggested that I post this problem here. Maybe one of you can
| help me.


|  I'm about to rip my hair out.

|  I got a pop up the other day saying something about how Windows
|  Security Alerts detected some virus. Like an idiot, I clicked "OK"
|  without thinking. Now, I have a constant pop-up from some supposed
|  security alert center asking me to buy it. UNlike other rogue
|  anti-spyware viruses I've had, though, this one won't let me do
|  ANYTHING.

|  I can't run Antivir, Spyware Doctor, MalwareBytes, or Advanced
|  Systemcare. It won't let me open anything .exe save for Internet
|  Explorer. I have tried running all of these in Safe Mode. This
| doesn't
|  work either. I have surfed the web and found numerous supposed
| "fixes," but once I download them, I can't use them as the error
|  message pops up once again telling me that it's not a valid Win32
|  application. I've tried system restore, and it tells me that system
|  restore was shut off by the administrator.

|  Please someone help me. I don't want to have to completely redo
|  EVERYTHING if I don't have to.
| Thanks in advance.

Arianna:

Please ignore the fake MS MVP and malicious person known as "The Real Truth"
(aka;
PCBUTTS1)
The software he is promoting is malicious and will block reputable web sites and
deliberately corrupt Malwarebytes' anti-malware amognst other things.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: **** is not a valid win32 application...



Arianna:
If I were you I would not believe anything David says. It is well known in
these groups that he and The real Truth do not like each other. Because of
that he will steer you in the wrong direction and do just about anything to
keep you from using anything from the MVP's website. I used the Removeit
software and it did appear to fix my issues but everyone including David
kept saying that my system is really screwed up now. I believed them and
reformatted my system. I then sent a copy of that removeit software to
various anti virus companies for analysis and they told me it was clean and
will not harm my system. I reported my findings to The Real Truth and he
told sent me a long history of the feud he has been having with people in
this group. He also sent me copies from other users who have used his stuff
and are still running fine to this day, I have emailed them to verify. The
purpose of this group is to help and not flame each other The Real Truth is
always here helping but everyone else is here to flame him. I wasted 4 hours
formatting my system when I did not have too and I don't care what other
response I will get from this post but the Removeit software from
www.ms-mvp.org is NOT malicious and will NOT hurt your system. Anyone who
says otherwise is lying.







Quoted text here. Click to load it


Re: **** is not a valid win32 application...



Quoted text here. Click to load it

PC Butts' program might not actually be malicious by most peoples
definitions, but PC Butts *is* a liar and a thief. This has been proven
to the complete satisfaction of any thinking person in these groups by
the exposure of one of the markers the *real* author of the stolen
software put in the software. On the other hand, David H. Lipman has a
good reputation of helping people here. In fact, warning people away
from PC Butts *is* helping people to avoid problems in malware removal.



Re: **** is not a valid win32 application...



Quoted text here. Click to load it

Has there every been anyone in the history of usenet who does/has done so
poor a job of socking up as Christopher Butts?




Quoted text here. Click to load it

--
Rhonda Lea Kirk Fries

The right to be heard does not automatically include
the right to be taken seriously. Hubert H. Humphrey



Re: **** is not a valid win32 application...



On Mon, 7 Sep 2009 09:47:49 -0700 (PDT), Arianna

Quoted text here. Click to load it

I think my wife just ran across the same kind of site. When she
clicked a link to a page that she wanted to see, a dialog box popped
up telling her that her computer is at risk. There is only an OK
button, so she clicked it, allowing the rest of the page to load.
Instead of getting the content that she expected, the page looked like
Windows Explorer down to the last detail, with the common tasks on the
left side and the drives shown in the center of the screen, and when
it finished loading it said that X viruses (different number for each
drive) were found on the respective drives. Lastly, it presents a
download dialog box, offering to let you download an .exe that will
remove everything and get you back in business. The .exe is named
"setup_build7_201.exe"

All in all, I thought it was fairly well done, and had to look twice
before advising my wife to exit without downloading or running
anything from that page. I don't _think_ she got infected by anything,
but we're running scans now. MBAM first, then SAS. NOD32 is resident
and active, and Gmer is standing by.

An example can be found here:
hxxp://thephotoessay.com/chiyin/_notes/t/?5=pacquiao-vs-cotto

Sometimes the page loads with a harmless looking list of CNN news
articles, while other times it loads as described above.



Re: **** is not a valid win32 application...




Quoted text here. Click to load it

Sometimes, in addition to the social engineering aspect, there are
software exploits attempted. That first click may have been enough to
infest, so it is a good thing to have those tools at hand.

[...]



Re: **** is not a valid win32 application...



On Mon, 7 Sep 2009 15:00:47 -0400, "FromTheRafters"

Quoted text here. Click to load it

Cool, thanks. Here's another link that appears to do what I described
earlier, in case people are interested in seeing how it works. By
changing the http to hxxp, my newsreader may allow the URL to wrap.

<hxxp://windowsprotection-zone.com/?p=WKmimHVmaGqHjsbIo22EfYCIt1POo22dU9LXoKitioaLw8ydb5aYen5arK3NapmXZWSSaJRxmWGXVqXUltTZyG5nWKrYnpRrZ2ZsaGxsbW%2BHkMej>



Re: **** is not a valid win32 application...




Quoted text here. Click to load it
<hxxp://windowsprotection-zone.com/?p=WKmimHVmaGqHjsbIo22EfYCIt1POo22dU9LXoKitioaLw8ydb5aYen5arK3NapmXZWSSaJRxmWGXVqXUltTZyG5nWKrYnpRrZ2ZsaGxsbW%2BHkMej>

I'm sure someone will download that and marvel at how long it takes AV
scanners at VT to recognize and identify it.



Re: **** is not a valid win32 application...



Char Jackson wrote:
Quoted text here. Click to load it

See how it works and retain the ability to delete the whole mess;
http://www.sandboxie.com/

Quoted text here. Click to load it

When you get sandboxie installed, try the URL this way, without the
wrapping issues; http://tinyurl.com/m4sbas

If you decide to run it outside of a sandbox (virtual zone) you might
want to have this handy http://ddhomepage.tripod.com/appswat.html

Re: **** is not a valid win32 application...



says...
Quoted text here. Click to load it

PCBUTTS1, you've exposed yourself as the PIRATE/THIEF we all have said
you are.

You've been clearly exposed as a thief when you pirated code containing
a special marker enter by the real author,  the file named
"obatssrsghde.exe" was a marker inserted into Stuarts batch file you
stole from him, it was a KEY that proves you're a thief:

For those that don't know, Stuart inserted the obatssrsghde.exe marker
into his batch file to prove, to the community, that PCBUTTS1 / The Real
Truth MVP is actually a lying thief, and PCBUTTS admitted in his own
post that he created the marker and claimed to know what it was - even
claimed to have submitted the malware to anti-virus vendors, but the
joke was on him, Stuart told everyone in the community about it BEFORE
it appeared in PCBUTTS1 download.... There is no actual file named
obatssrsghde.exe in the malware community, it was a ruse.

The key is in the spelling (shifted one character):

obatssrsghde.exe
pcbuttsthief

If you change (add) 1 character to each letter you will see that
"obatssrsghde" is actually the marker "pcbuttsthief" - proving that
PCBUTTS1 is a thief.

Are there other markers - YES, does PCBUTTS1 know about them - no,
they've been there for a long time, but this is the most obvious one.

Face it Chris/PCBUTTS1/TRT, you've exposed yourself in public.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: **** is not a valid win32 application...



97ea-be0b2f96a92b@o41g2000yqb.googlegroups.com:

Quoted text here. Click to load it

http://www.malwarebytes.org/forums/index.php?act=idx

Post your issue here, You have malware that's intentionally attacking our
software and others. Someone there at our forums can help you. :)

--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk

Re: **** is not a valid win32 application...

Quoted text here. Click to load it

<snicker>

This isn't the first time I've been post edited, but it's right up there
with the funniest.

--
Rhonda Lea Kirk Fries

The right to be heard does not automatically include
the right to be taken seriously. Hubert H. Humphrey



Re: **** is not a valid win32 application...



Quoted text here. Click to load it


| <snicker>

| This isn't the first time I've been post edited, but it's right up there
| with the funniest.

Isn't that really post post-editing  :-)

The re-edit does kinda hit the phunny bone.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: **** is not a valid win32 application...

Quoted text here. Click to load it

<groan>

Quoted text here. Click to load it

There is all too little humor in the world, so every little bit helps.

--
Rhonda Lea Kirk Fries

The right to be heard does not automatically include
the right to be taken seriously. Hubert H. Humphrey



Site Timeline