Can't Launch AVG, Avast or Any Other AntiVirus Application

[muskyx1]

Few days ago my PC started to act up. Here's the sequence of events.

1/ Login and Password Screen started to appear during startup despite the fact I deactivated them when I got the PC 6 months ago.

2/ Error message Unable to load icon skins at PC startup would appear during PC startup

3/ AVG or Avast would no longer launch during stratup

4/ When I manually startup either AVG or Avast, I get

xxxx.exe IS NOT A VALID WIN32 APPLICATION.. This message only appears with the start up of Antivirus programs.

5/ Tried to run online virus scan using Kapersky and PC would shutdown a few seconds into the test

6/ Launch in safe mode would cause PC to go into a loop of constant rebooting.

Any ideas would be appreciated.

 

[corkyg]

Sounds like you are seriously infected. You need a current AV program on a bootable CD to bypass your HDD and clean it up. If that doesn't work, you may be looking at reformat and clean install.

 

[Ryland]

It definitely sounds like you need to be booting off of a CD and run a virusscanner. I think TrendMicro has something you can use with uptodate databases that is downloadable. Anotehr option would be to goto kaspersky's website and try running their online scanner.

Here is the link for the utility.

 

[mechBgon]

You might also want to try a System Restore to before the problem began, reduce your confidence in antivirus software to realistic levels, and look at some proactive security ideas to supplement the antivirus protection.

If System Restore doesn't help either, definitely try that Kaspersky utility, a rootkit scanner, and maybe post a HijackThis log as well. If HijackThis cannot run, rename the executable to something random and try again.


Thread moved from Software For Windows to Security.

AnandTech Moderator
mechBgon

 

[John]

Download my rogueremoval kit and check the README.

 

[muskyx1]

Thanks all, I'm going down the list of suggestions. I'm currently running Trend Micro in DOS and it's detected multiple occurrences of [WORM_BAGLE.JT]. I Googled it and it indicated that this worm causes the win32 application error. Several of the hits mentioned that it totally crippled all anti-virus programs on their systems. I hope the scan can fix my system.
I'll post results when it's completed scanning.

 

[muskyx1]

Holy crapola:

Seems every suggestion hit a brick wall. Whenever I tried using a program to obtain a logfile to display here, that win32 error prevented it from running. I did manage to run that trend micro scan in DOS and it did detect at least a dozen instances of the bagel worm variant and it did remove them. But it did not eliminate the multiple problems I had. Even Hijack This failed to startup because of the win32 error.

So the next thing I tried was uninstalling Avast and then reinstalling it. I knew that a fresh install of Avast would allow it to scan my system during the next reboot which would avoid the win32 error. So during that scan it removed several minor infections that were not bagel related, but upon windows startup, all the same problems remained. All AV programs were still crippled and the skins icon error was still present

In desperation, I downloaded AntiVir free edition and it performed a full systems scan. Not sure why it was not affected by the win32 error. Anyway, to my amazement, it detected and removed over 200 occurrences of the bagel worm and 70 other infections. When the scan was completed and the PC rebooted, everything was back to normal. AV programs started up OK, that icons skin error was resolved and I was also able to launch windows into safe mode.

Seriously, how the h-ll did all that crap get onto my PC. I'm so meticulous when it comes to scanning files. Every time I download anything I run 4 scans without exception. First it's Avast, then AVG, Spyware Terminator and A-squared. Nothing gets on to my PC without passing through those 4 checks.

After this freaking nightmare, I have a whole new respect for AntiVir. Considering Avast and Micro trend missed 270 infections, AntiVir is now my primary AntiVirus tool.

Hopefully my thread will help others who get rectally probed by the bagel worm.



PS. I also forgot to mention that I ran 2 programs that were specifically for use on the Bagel Worm and they did not detect a single one, just before I ran AntiVir.

 

[John]

muskyx1, I am pleased to see that you were able to install Antivir and remove assorted infections. However the bagel virus may not be the only thing infecting your PC. Were you able to run any of the tools in my rogueremoval kit? You should do all scans in safe mode.

 

[mechBgon]

Seriously, how the h-ll did all that crap get onto my PC.

1) maybe you downloaded and ran a Trojan that none of your scanners recognized.

2) maybe your system has easily-exploited vulnerabilities that need patching or eliminating, and you had bad luck and hit a site designed to exploit them while you were logged on as an Administrator-class user. Check for vulnerabilities with the Secunia Personal Software Inspector (see link in my previous post). Consider non-Admin user accounts for daily-driver stuff, if they'll work for your needs.

3) I don't specifically recall whether recent Bagle variants travel by USB drives, cameras/pictureframes, CDs and DVDs, but that's another attack vector you have to be aware of these days. On WinXP, it would be a good idea to disable AutoPlay if your system sometimes is exposed to discs/drives/devices which were in contact with other computers.

 

[muskyx1]

Originally posted by: John
muskyx1, I am pleased to see that you were able to install Antivir and remove assorted infections. However the bagel virus may not be the only thing infecting your PC. Were you able to run any of the tools in my rogueremoval kit? You should do all scans in safe mode.

It also detected something called spybot worm/virus.

The rogueremoval kit was the 3rd thing I tried and the win32 error would prevent anything from initiating.

Here's another wierd update. Before running anything, I cloned the infected the 500 Gb HDD using Acronis Easy Migrate just in case something catestrophic happened. After I was able to fix the original, I decided to try repairing the clone. The first thing I tried was using AntiVir hoping it was the silver bullet. Unfortunately it was also crippled by whatever was on it. So I performed a system restore and repeated everything I did with the original. NOTHING WORKED !!!!! Even when I ran Trend Micro all kinds of problems popped up and it only detected a fraction of the infections that was on the original HDD.

I can only imagine that it was a combination of the software I used that eventually fixed my original. I'll see if I can retrieve the logfile from the AntiVir scan that fixed the original HDD and post it here.

Originally posted by: mechBgon

Seriously, how the h-ll did all that crap get onto my PC.

1) maybe you downloaded and ran a Trojan that none of your scanners recognized.

2) maybe your system has easily-exploited vulnerabilities that need patching or eliminating, and you had bad luck and hit a site designed to exploit them while you were logged on as an Administrator-class user. Check for vulnerabilities with the Secunia Personal Software Inspector (see link in my previous post).

3) I don't specifically recall whether recent Bagle variants travel by USB drives, cameras/pictureframes, CDs and DVDs, but that's another attack vector you have to be aware of these days. On WinXP, it would be a good idea to disable AutoPlay if your system sometimes is exposed to discs/drives/devices which were in contact with other computers.

Thanks, I'll run Secunia when I get home tonight and I'm going to deactivate Auto-Play.