The system could not find the environment option that was entered

Page 1 of 2 12 LastLast

  1. Posts : 5
    Windows 7 Home Premium 64-bit
       #1

    The system could not find the environment option that was entered


    I think i have some kind of malware. I am unable to use many functions on my computer, I always get the same error message "C:\windows\system32\rstrui.exe The system could not find the environment option that was entered." I can't open system restore, because I get that same error message. I think its any .exe operations that I cannot use. My malware program won't open normally but when I tried it in safe mode, it didnt find any problems. I also tried system restore in safe mode and from the boot screen, and it told me system protection was turned off, so I tried to turn it back on and the security tab that was needed to do this was missing. I don't have the windows 7 install disc because it was a factory install. I can't install any new programs and now I keep getting error messages saying I may have counterfeit software. In the bottom right corner of the desktop it says "Windows 7 Build 7600 This copy of Windows is not genuine"
      My Computer


  2. Posts : 10,994
    Win 7 Pro 64-bit
       #2

    Hello kdaughtridge and welcome to Seven Forums.

    It sounds like you have several issues going all at once. It will help us help you if you list your system specs. At the top of every Seven Forums page you'll see User CP. Click on that and in the left column you'll see Edit System Spec. From there you can provide details about your computer.

    You didn't say what anti-malware you're using. Try to download and install the free Malwarebytes from here. (You may have to use safe mode or install to a thumb drive if you aren't able to instlal any new programs.) Update the data base and run the full scan. You can either post the Malwarebytes log here for review or let it delete whatever malware it might find.

    Please post back with your results so we can determine the next best course of action.
      My Computer


  3. Posts : 5
    Windows 7 Home Premium 64-bit
    Thread Starter
       #3

    I updated my CP information with all of the info that I knew. I actually already have malware bytes program, I have ran the complete scan twice since I've been having these problems. Each time, the scan finds about 3 Trojans, and removes them, but the problem remains. Regardless, I am running the scan once more.

    Additionaly, I am not sure if this is relevent, but whenever I click on a link from Google, it redirects me to an advertisement site.
      My Computer


  4. Posts : 5
    Windows 7 Home Premium 64-bit
    Thread Starter
       #4

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 6538
    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385
    5/9/2011 10:47:07 AM
    mbam-log-2011-05-09 (10-47-07).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 285473
    Time elapsed: 26 minute(s), 36 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
      My Computer


  5. Posts : 10,994
    Win 7 Pro 64-bit
       #5

    From what I could determine, rstrui.exe is a trustworthy file from Microsoft and is part of the System Restore application. However, some malware camouflage themselves as rstrui.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. The rstrui.exe error message could be confirmation that System Restore has been compromised.

    Since your browser is redirecting you at least some of the time I believe that would be another indication of "browser hijacking", usually caused by spyware or other malware. Two more tools you can try are SuperAntiSpyware (free edition) and Norton Power Eraser.

    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Norton Rescue Tools

    Heed the warning for Power Eraser: Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.

    Unfortunately, once a machine becomes infected there's no guarantee it will ever be 100% clean. Malware can be so deeply embedded that only a clean install (either from a recovery partition on the hard drive, a known clean system image, or the installation disk) can assure the user of a malware-free system. Let us know if you are able to run the other scans and what the results were.
      My Computer


  6. Posts : 1,326
    Windows 7 Ultimate RTM (Technet)
       #6

    kdaughtridge said:
    I updated my CP information with all of the info that I knew. I actually already have malware bytes program, I have ran the complete scan twice since I've been having these problems. Each time, the scan finds about 3 Trojans, and removes them, but the problem remains. Regardless, I am running the scan once more.

    Additionaly, I am not sure if this is relevent, but whenever I click on a link from Google, it redirects me to an advertisement site.
    That sounds like you have a rootkit and Malwarebytes may not remove it. Download and run this tool. Let us know if it finds anything:

    How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
      My Computer


  7. Posts : 5
    Windows 7 Home Premium 64-bit
    Thread Starter
       #7

    marsmimar-
    I tried both programs to no avail. The superantispyware gave me the error message "error reading setup data". I tried the NPE and when I tried to use the rootkit scan, it gave me the message "An error has occured Element not found Error code: 0x80070490, n44, n65". I then tried using it without the rootkit scan, and after scanning it came up with an infected file, and I restarted as prompted for removal, only to have nothing change when I log back in. The same file even came up when I tried the PSE w/o rootkit again. Keep in mind this is all in safemode. I normal mode i wouldnt have even been ableto download any of these programs.

    MacGyvr- I tried the rootkit program and the scan came up clean. In addition, i tried sfc /scannow in the cmd, and also came up clean.
      My Computer


  8. Posts : 1,326
    Windows 7 Ultimate RTM (Technet)
       #8

    Okay, I don't normally advise this, but I think you should run ComboFix. If it can't fix this, nothing can, and the next step is wipe and reinstall. Download ComboFix, follow all the promps, post the results here.

    Bleeping Computer Downloads: ComboFix Download
      My Computer


  9. Posts : 10,994
    Win 7 Pro 64-bit
       #9

    kdaughtridge said:
    marsmimar-
    I tried both programs to no avail. The superantispyware gave me the error message "error reading setup data". I tried the NPE and when I tried to use the rootkit scan, it gave me the message "An error has occured Element not found Error code: 0x80070490, n44, n65". I then tried using it without the rootkit scan, and after scanning it came up with an infected file, and I restarted as prompted for removal, only to have nothing change when I log back in. The same file even came up when I tried the PSE w/o rootkit again. Keep in mind this is all in safemode. I normal mode i wouldnt have even been ableto download any of these programs.

    MacGyvr- I tried the rootkit program and the scan came up clean. In addition, i tried sfc /scannow in the cmd, and also came up clean.
    Did NPE show the path of the infected file? By that I mean did it show (just as an example)
    C:\Windows\system32\something\something\something
    or was it just a generic name? If it showed a specific path you could use the start menu search to locate the file and either rename it (in case it's a necessary file) or delete it outright (not what I would recommend.) And to repeat what I said earlier, once a machine is infected there's no guarantee it's malware-free no matter how many scans say it is.
      My Computer


  10. Posts : 5
    Windows 7 Home Premium 64-bit
    Thread Starter
       #10

    it was just a generic term that was given for NPE.
    I ran Combofix and no changes are noticed.
    I don't have the windows 7 disc, also.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:05.
Find Us