Executables not behaving properly.

Metalmurphy · 14 Feb 2013

I was fixing a laptop that was having several issues, (special keys wouldn't work properly, internet explorer would crash, PDF files wouldn't open, etc) and I found a suspicious file (C:\User\<user>\AppData\Roaming\Elofen\moma.exe) that was booting on startup. Virustotal hit me with only 3 results for a trojan, which is actually quite low, but this file was clearly the problem, the details seemed to be in russian and it's Regedit entry was random letters.

So I cleaned all evidence of this file and now the keyboard works properly, but I'm still having problems with executable. Most of the times when I open a program nothing shows up, yet the process is running, after opening it 3 or 4 times one window finally opens, but there's still 3 or 4 idle processes before it with no window in sight. Some times when I force close the first process all the other windows suddenly show up. I also noticed that the processes for setups, chrome, internet explorer tend to stay idle even after closing them normally (in the program itself, manually closing the process works).

Usually I would just format the PC, but this is a very complicated PC to format, the owner has tons of certificates that he needs and most of them he doesn't even remember how to reinstall them again.

Does anyone have any idea what could be causing this behavior and how to fix it?

Kaktussoft · 14 Feb 2013

If his data is so important, he should have made backups!

Create a new (temporary) user acoount. Does it have the same problems?

Only EXE files have this problem, or msi, cmd files as well?

Metalmurphy · 14 Feb 2013

The problem with backuping up the certificates he uses is that some of them still require passwords to be reactivated and he doesn't even know them. And we're talking about ALOT of them. Unfortunately it's incredibly difficult to educate your average joe to have some common sense when it comes to computers. -.-

Yes, msi files have the same problem. Not so sure for cmd files. I'll reply back in a bit after trying with a new user.

Kaktussoft · 14 Feb 2013

Default File Type Associations - Restore
use this
exe - Executable application files.

Kaktussoft · 14 Feb 2013

Metalmurphy said:

The problem with backuping up the certificates he uses is that some of them still require passwords to be reactivated and he doesn't even know them. And we're talking about ALOT of them. Unfortunately it's incredibly difficult to educate your average joe to have some common sense when it comes to computers. -.-

Yes, msi files have the same problem. Not so sure for cmd files. I'll reply back in a bit after trying with a new user.

I know what you mean. 95% of people never make backups.... unbelievable.
Any idea when problems started? Maybe you can do "system restore" so go back in time to date/time prior to having problems.

Removing malware and viruses is a difficult job and you're never sure it's gone totally. Or malware has downloaded new virus that's unknown yet, so not detected.

You can also try Troubleshoot Application Conflicts by Performing a Clean Startup (reset to boot normally afterwards)
Still same problem?

Metalmurphy · 14 Feb 2013

I'll let you know in a few hours, I'm scheduled to do another remote assistance in 2 hours so I won't know till then.

Many thanks for the help btw.

Kaktussoft · 14 Feb 2013

Already done SFC? SFC /SCANNOW Command - System File Checker

Metalmurphy · 14 Feb 2013

Already have that on the list to do actually. Last time I was only able to be on for 1 hour, during lunch time, all I did was check autostart items on regedit, run malware bytes, highjackthis, housecall and installed a PDF alternative. Didn't have time to do much more.

Hopefully it'll all be sorted today.