Strange Result

I administer a system which includes two servers running Windows 2003 Server and 48 workstations running Windows XP Pro.

One of the workstations was infested with XP Defender and Total XP Security to the point where it was impossible to access MS Outlook for email or perform any other useful work.

Under my administrator's account, I downloaded, installed, and updated MalwareBytes on the workstation and did a quick scan which removed all the bad stuff. A restart and rescan confirmed that it was all quarantined.

But now the user can't start any programs. Clicking on the icons for Outlook, Word, Adobe Reader, etc. gives the popup, "Application not found". Going to the actual executable under c:\Program Files pops up the box asking what application you want to run the file under. Apparently, the system is no longer recognizing .exe files as executables.

This is, however, only a problem when running under the user's account. It does not occur when running under the Administrator's account.

Suggestions?

M. David Johnson

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Thanks - I'll give that a try tomorrow.

BTW, if XP Defender et.al. are spoofs trying to trick us into buying their product, do they actually have a website where they sell the stuff and collect money?

If so, why can't we go there and do unpleasant things to them like, oh I don't know, say expose them and get them all arrested ??

Well, it's not that easy.

Websites can be tracked to where they are hosted, but the guys who register them can use whois protection so they just see the hoster and not the real person controlling the domain.

Worst they can do is contact the ISP hosting them and ask they shut them down, sadly hardly anyone is listening to our claims.

If they did have a website, yes there is bad things people can do to the website, but they are illegal and would lower you to their level in attacking back like that.

I agree. Stooping to their level is unacceptable.

But what they are doing is internet fraud, is it not?

Would the Justice Department not be interested?

M. David Johnson

Well, yes and no.

They are trying, but these malware writers use hacked domains to host their crap, so when the sites are shut down, they've shutdown some innocent persons website.

Other sites hosted overseas, not much can be done. Countries like Japan and China, they aren't part of the EU and have different laws, so these kind of countries tend to have governments that don't care about malware.