Virus and Code 31 connection Has

[Kjonnnn]

Virus and Code 31 connection

Has anyone experienced any viruses or other malware that sets off a "ShellExecuteEx Failed Code 31" error.

Helping a buddy. This error pops up, randomly, and is triggered by trying to run or install any new virus or spyware protection software.

I checked start up, nothing odd was in there.

Thoughts?

 

[goombawaho]

You didn't say which O.S. and how you looked at the startup items. Try the following.
First, does a system restore to an earlier time help?
Have you tested the memory to make sure it's not something like that? Can cause funky errors.

If not, run the following in the order indicated. Run from safe mode if they won't run from regular mode. Download apps from another computer onto memory stick if internet is not cooperating on infected PC.

Reboot as asked by application - don't proceed to next step if asked to reboot.
1. Run CCleaner and clean out all temp files that it finds.
2. Download and run RKILL (rkill.scr or rill.com)
3. Run TDSSKiller
4. Run MalwareByte's Anti-Malware
5. Run Combofix AFTER removing anti-virus and rebooting

Report back.

 

[Kjonnnn]

Oh, I'm sorry. It's VISTA

It doesn't let any any cleaners run. I use hyjackthis and got rid of unnecessary stuff in start up. This person didnt have any virus protection other than the 6 month trial of nortons, which of course they never extended so that was useless.

I tried system restore, but the system hadn't made any restore points.
The message pops up after the installation of Malwarebytes so it won't run.
He had Advance System Care already on the computer, but hadnt been using it. So I did run that.
I can work on the computer remotely via Teamviewer. So I can add removal software, but once the software is installed, the message pops and I can't continue.

What are RKIIL, TDSSKILLER and COMBOFix... never heard of those.

I'll have to try to instruction him to install the programs in SAFEMODE, since I won't be able to have access.

Thanks for you help.

 

[goombawaho]

Did you try running RKILL before running MalwareByte's? Did you try running in safe mode and then running RKILL before running MalwareByte's (or any of the other tools). Here's another link on trying to get MBAM to run if malware is stopping it.

http://forums.malwarebytes.org/index.php?showtopic=12709

However, I might just say to move on to Combofix in safe mode. Right click and Run As Administrator.

What are RKIIL, TDSSKILLER and COMBOFix... never heard of those

I hate to say this, but Google them and you will know. bleeping computer has info on them and the links to get RKILL and Combofix. And just trust me on what to do, I've been doing this for a while.

I'm very dubious about you helping this person remotely and an inexperienced person being put in charge of malware removal when you have no connection. It's possible that running these tools could disable the computer from booting. Then, professional help will be needed ON SITE. So, just know that going forward.

Try what I said and then maybe it's time to try a bootable CD:
Windows Defender Offline

 

[Kjonnnn]

Thanks for the advice, I do appreciate it. I did IT for tens, but Ive moved on to management, so I haven't been hands on a in few years.