18 replies to this topic

[jepiper76]

I have been trying to remove Home Antivirus 2010 for awhile now. I used the avenger program to remove some files. I have search through several HKEY Registry's, files and delete all I could find. I then go to run the malwarebytes program and I start a quick scan. After about ten to fifteen seconds the program just stops. I then try to reopen the program and it will not let me giving me the following window "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I have tried reinstalling malwarebytes to the same result.

I have uninstalled malwarebytes shutdown and then reinstalled to the same result.

What now?

[jepiper76]

jepiper76, on Jul 23 2009, 08:40 PM, said:

I have been trying to remove Home Antivirus 2010 for awhile now. I used the avenger program to remove some files. I have search through several HKEY Registry's, files and delete all I could find. I then go to run the malwarebytes program and I start a quick scan. After about ten to fifteen seconds the program just stops. I then try to reopen the program and it will not let me giving me the following window "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I have tried reinstalling malwarebytes to the same result.

I have uninstalled malwarebytes shutdown and then reinstalled to the same result.

What now?

I have also tried running hijackthis program to the same effect as malwarebytes. It starts the program but then part way through it stops the program then it gives me a pop that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" any time I try to reopen.

[AdvancedSetup]

Sorry for the long delay, if you still need help please let me know

[jepiper76]

AdvancedSetup, on Aug 7 2009, 02:12 AM, said:

Sorry for the long delay, if you still need help please let me know

Yes, please, as I have yet to be able to run malwarebytes. I have removed the virus, but I would still like to be able to run malware.

[AdvancedSetup]

What happens or what error do you get?

Please run the following.

[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

[AdvancedSetup]

Please post a status update on this. Thanks

[AdvancedSetup]

Are you still with us?

[jepiper76]

Yes, I am.

I downloaded the DDS module. I ran it but I do not recieve a yes prompt. I think that I have disabled all the scipt blockers but am unsure as I have norton antivirus corporate installed.

I have tried just typing yes into the DDS text prompt but to noavail.

What next?

[jepiper76]

I have a screen print of the D.D.S. command prompt.

Attached Files

•  dds_screen_print.doc   206K   32 downloads

[AdvancedSetup]

it should have created the log files already. You just need to attach them.

Please try running the following.

Please download the following scanning tool. GMER
[indent]

• Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.
  
• Double click on random named exe file and run it.
  
• It may take a minute to load and become available.
  
• Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
  
• Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
  
• Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
  
• DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
  
• Click OK and quit the GMER program.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista
[/indent]

[jepiper76]

I downloaded the GMER file onto the desktop.
I double clicked, and it opened the scan portion.
I started the scan. It scanned for about an hour an one half (not for sure because I walked away from the computer). When I came back the scan screen was closed out, and I cannot open GMER file again nor can I delete the file and start over. Here is the message I recieve when I try to reopen "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

What now?

[AdvancedSetup]

Step #1

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

Quote

@echo off
copy C:\WINDOWS\system32\dllcache\scecli.dll c:\scecli.dll
Exit

3. Save the file as "fixes.bat". Make sure to save it with the quotation marks.

4. Double click fixes.bat.




Step #2

We need to execute an Avenger2 script
Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Please download The Avenger2 by SwanDog46.
  
• Unzip avenger.exe to your desktop.
  
• Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
  

  Files to move:
  c:\scecli.dll | C:\WINDOWS\system32\scecli.dll

• Now start The Avenger2 by double clicking avenger.exe on your desktop.
  
• Read the prompt that appears, and press OK.
  
• Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  
• Press the "Execute" button.
  
• You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
  Note: It is possible that Avenger will reboot your system TWICE.
  
• Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Step #3

Now try running Malwarebytes, then post the logs here, or let me know what happens.

[jepiper76]

I ran Malwarebytes, and it stopped again with no log file.

I tried to reopen Malewarebytes, and it gives me a popup "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Still working.

[jepiper76]

I thought that I posted the avenger log, but it did not show up so here it is again (I also attached the txt file):

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\scecli.dll" not found!
File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Attached Files

•  avenger_july_13.txt   1.27K   28 downloads

[AdvancedSetup]

Do you have a Windows XP CD or access to one so that you can replace that file?

[jepiper76]

AdvancedSetup, on Aug 13 2009, 03:25 PM, said:

Do you have a Windows XP CD or access to one so that you can replace that file?

Yes, I have my original XP Install CD.

Can I do this without loosing all my files? Or do I need to save all files to an extral or disc and completely reboot Windows XP?

How do I find just the one file to reinstall?

Thank you for your time.

[AdvancedSetup]

Take a look here on how to install and run the Recovery Console. http://support.microsoft.com/kb/307654

I would first copy the file scecli.dll from the CD to a new folder you create such as C:\NEW
Then after installing and booting to the Recovery Console use the COPY command to copy the file C:\NEW\scecli.dll to C:\WINDOWS\system32\scecli.dll and overwrite the current one there.

Then reboot back into normal Windows and run Combofix again and post back that log.

[AdvancedSetup]

Please post a status update on this.

Thanks.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.