Jump to content
WnSoft Forums

Virus is now preventing me from re-installing PTE


goddi

Recommended Posts

Greetings,

I have been trying to deal with a virus I got a couple days ago. I noticed the problem when I tried to do a 'Create Exe'. The error message said something that had to do with the 'PteViewer5.exe' file. Everything froze. So I dumped the entire program and tried to reinstall 5.64. However, I keep getting the following set of error message:

"Extracting files...

C:\PicturesToExe 56\5.64\ogg.dll" and,

C:\PicturesToExe 56\5.64\ogg.dll

An error occurred while trying to rename a file in the destination directory:

MoveFile failed; code 5.

Access is denied"

I was able, it seems, to get rid of the virus, 'Packed Win32.Krap.Gen'. When I found the virus, the path of the virus scan showed: c:\picturestoexe 56\showvideopte\HideShowTB.exe. I don't know if 'HideShowTB.exe is a PTE file that was corrupted or is an actual virus file.

I found that over 100 files have become corrupted and over 90% of these corrupted files were exe files that I had made with PTE. The first few files that showed up to be corrupted were: ogg.dll, PteViewer5.exe and wma.dll, all in the 5.64 folder.

I think I can replace all of the corrupted files from my backup that I had to delete. However, my big problem is that I can not reinstall 5.64. (I also had 5.7 installed and it became infected so I dumped it. I can not install it either).

When I try to do an install, I get the error message above. The install process creates some tmp files in C:\Documents and Settings\Admin...\Local Settings\Temp but they disappear when I abort the install process. Two of the files are called 'is-EBNOU.tmp' and 'is-C6HE.tmp'. There are a couple other files there that can't be deleted. Might be associated with this problem...don't know.

So....my question is, how can I get PTE reinstalled? I have been trying different things for 2 days but no luck, yet.

I'd appreciate any suggestions. :blink:

Thanks... Gary

Link to comment
Share on other sites

Goddi

I am not technical expert at this, but from time to time virus software definitions pick up some PTE shows as a virus. I have had this happen to me personally with AVG and Avast and I have heard of others affecting the exe files too. The files affected are usually the older made PTE shows.

Its not something like that is it? Usually in a couple of days the newer virus definistions put right the problem

Link to comment
Share on other sites

Goddi

I am not technical expert at this, but from time to time virus software definitions pick up some PTE shows as a virus. I have had this happen to me personally with AVG and Avast and I have heard of others affecting the exe files too. The files affected are usually the older made PTE shows.

Its not something like that is it? Usually in a couple of days the newer virus definistions put right the problem

===========

No, unfortunately, this is the real thing. This 'Packed Win32.Krap.Gen' is a Trojan that has infected the PC and is preventing the re-install of PTE. Over 100 files have been quarantined and have to be deleted. Most are PTE's exe slideshows that I have created. Some were exe's from several other programs and a bunch of Window's restore files. It is strange how it zeroed in on PTE's exe slideshows.

Gary

Link to comment
Share on other sites

Goddi...

Its not something like that is it? Usually in a couple of days the newer virus definistions put right the problem

===============

Well, after I cleared my head by posting my problem on this Forum, I think I solved it. I had mentioned that there were a couple files in the 'C:\Documents and Settings\Admin...\Local Settings\Temp' folder that could not be deleted. I thought they might be associated with this problem but wasn't sure. I just could not get rid of them. A light bulb just went off in my head and I went into the Safe Mode. I was able to delete the two file and then, I rebooted to regular Windows. I was than able to reinstall 5.64!!!! I am too tired to try 5.7 but I'll try it tomorrow.

Thanks...It's always the last thing you try, right???

Gary

Link to comment
Share on other sites

When the PC works well its heaven, but when they start their nonsense it can be very annoying.

Been there, done that, got the T shirt ! :rolleyes:

=============

Yep..it is a Love/Hate relationship. I am now in the Hate phase as I try to replace the 100 or so files that became corrupted and I had to delete.... :( :( :( :(

Gary

PS But I love it when I can figure out how to defeat the beast when it acts up!!! :rolleyes: :rolleyes: :rolleyes:

Link to comment
Share on other sites

Gary,

Your problem concerning the deletion of 100 PTE.Exe Files....

It may not be necessary to go to those extremes, it may be possible to restore those Exe's to their original state.

You mentioned a Trojan infection ~yes that obviously happened, but the method as to how it happened seem's

to be that you 'ripped' some Music Files having downloaded them first. During this rip/download process you appear to

have used your "ogg-dll" which is an encoded/decoder used by the 'ripping/download' process.

Then the infection seems to have attacked the 'Sound-Files' within your Pte.Exe's but I very much doubt it would have

effected your Exe.Photographs or the performance of the Pte-Program ~ to me it seems as if the Exe's have "stalled"

because of problems with the Music Files.

This is not a serious Trojan ~ its a Malware-Delivery System that attaches itself to the 'Address-Line' in various Programs

with the silent intent of re-directing your Browser to other Malware-Sites. In effect your Browser is "infected" and then

it shows up as Program-Infections which are false-positives (hiding techniques) to force you to open the Browser for help.

FaceBook Users: Beware,this infection started to spread through Facebook since 22nd.July.

This might be worth trying:- Go into 'PC Safe-Mode' and then scan any Pte.Exe with your Anti-Virus Program and ask it to "fix-it".

You may have to update your Anti-Virus. If it tries to 'quarantine' the Exe ~ thats a sure sign your A/V is not up to date.

Alternatively download and run the Microsoft-Scanner (at end of page) Microsoft Link shown below).

Link:- http://www.microsoft.com/security/portal/T...tID=-2147349123

Hope this helps you...

Brian.(Conflow).

Link to comment
Share on other sites

Brian... Thanks for the link to the Microsoft-Scanner. I will run it to double-check that the PC has cleaned up.

I had already deleted the 100 or so files. When I ran my AV program, it quarantined these files. The choice was to delete them or to restore them. Since I could print out the filenames and paths of all the files and I have backups of them, I chose to delete them just to be safe.

It is interesting that you relate the 'ogg.dll' to music files as the source of the virus. A couple weeks before all of this happened, I used a PTE exe file from a member of our Forum that had an ogg music attached. I noticed the first file that the AV program listed as being infected was that PTE exe file. It seems that that ogg music file infected my ogg.dll and then infected every PTE exe file through the music file (?).

I discovered the problem when I tried to do a Create Exe. I would just not do it and PTE just froze. After trying to reinstall the PTE program, the 'ogg.dll' came up in the error messages. Then running my AV program started showing that it was quarantining a few files, then more and more files. The vast majority of the files were PTE exe's that I had made. There were a few exe's from other programs infected and a bunch of Window Restore files that were infected.

I just wish my AV program could have discovered this when I put the infected file on my PC. :)

Thanks... Gary

Link to comment
Share on other sites

Greetings All,

I think I know what might have put me in this hot water with this virus. I just put 2 and 2 together.

A few weeks ago, I had posted that I could not do a 'Create Exe' without locking up the file. I had discovered that if I untick the "Check files when they are opened or copied" in my AV program, the problem went away. So with this protection level unchecked, maybe this allowed the virus to get into my system.

I still have the problem when I try a 'Create Exe' so I have to have to have it unticked when I have to do a 'Create'. I'll have to be more careful to re-tick this selection when I am not doing a 'Create'.

Maybe???

Gary

Link to comment
Share on other sites

Gary,

This 'Malware' is still on your PC - You wrote...."I still have the problem when I try a 'Create Exe' so I have to have it unticked

when I do a 'Create'. I'll have to be more careful to re-tick this selection when I am not doing a 'Create"....

If you refer back to the Microsoft File I sent you, you will see this "thing" creates 4 Registry enteries and then changes the Address-Line

in any program it infects. As I said this is not a malicious Trojan, in fact its 'childrens stuff' written by some dopehead trying to impress his

friends or someone else trying to sell Ad-crap. Today I believe they call such malware "recretional-vandalism" ~ god help us !!!

(This type of 'bummer' is not new, its a variation of the rubbish which was all too evident in the days of Windows'98).

In your case when you try to create an Exe, this "thing" chages the 'address-line' of your new Exe (in construction) consequently the

PTE Program will freeze as it can no longer write to the 'work-in progress' because it no longer recognises the File its trying to write to.

So don't delete your Show-Folders just yet...

You need to get yourself a 'Wiper'~ These are free (stand-alone) Once-run Programs which wipe the infection from the PC.

They are available free from:- McAfee, Symantec-Norton, Kaspersky-Labs, CNet Downloads, Major-Geeks etc.

Just type into your Search page: (1) Trojan-Remover or (2) Malware-Removers

Also below is the Microsoft-Link for their (Once-run) Trojan-Removers for XP,2000,Vista:. The previous Link was for the Scanner only.

Link:

http://www.microsoft.com/security/malwareremove/default.aspx

Other Readers:- Bookmark this Link you never know the day you will need it.

Best of luck with the work ~ don't worry, this is 'fixable.

Brian.(Conflow).

Link to comment
Share on other sites

Brian...

Thanks for the links. I will be running all the 'wipers' I can find. You think the 'malware' is still on my PC. That may be true since I still have this 'Create' problem. Also, I talked to the originator of the ogg file that you suggested that it might have been contaminated through a download. It was actually created by him on his PC...not downloaded.

I found a Windows site that provides links to a bunch of 'wipers' that I will be trying:

http://www.microsoft.com/security/antivirus/xpsp2.aspx

Thanks... Gary

======================

Gary,

This 'Malware' is still on your PC - You wrote...."I still have the problem when I try a 'Create Exe' so I have to have it unticked when I do a 'Create'. I'll have to be more careful to re-tick this selection when I am not doing a 'Create"....

If you refer back to the Microsoft File I sent you, you will see this "thing" creates 4 Registry enteries and then changes the Address-Line in any program it infects. As I said this is not a malicious Trojan, in fact its 'childrens stuff' written by some dopehead trying to impress his friends or someone else trying to sell Ad-crap. Today I believe they call such malware "recretional-vandalism" ~ god help us !!!

(This type of 'bummer' is not new, its a variation of the rubbish which was all too evident in the days of Windows'98).

In your case when you try to create an Exe, this "thing" chages the 'address-line' of your new Exe (in construction) consequently the PTE Program will freeze as it can no longer write to the 'work-in progress' because it no longer recognises the File its trying to write to.

So don't delete your Show-Folders just yet... You need to get yourself a 'Wiper'~ These are free (stand-alone) Once-run Programs which wipe the infection from the PC. They are available free from:- McAfee, Symantec-Norton, Kaspersky-Labs, CNet Downloads, Major-Geeks etc. Just type into your Search page: (1) Trojan-Remover or (2) Malware-Removers Also below is the Microsoft-Link for their (Once-run) Trojan-Removers for XP,2000,Vista:. The previous Link was for the Scanner only.

Link:

http://www.microsoft.com/security/malwareremove/default.aspx

Other Readers:- Bookmark this Link you never know the day you will need it.

Best of luck with the work ~ don't worry, this is 'fixable.

Brian.(Conflow).

Link to comment
Share on other sites

Gary,

I actually sent you the "Microsoft Removal Tool" as a Link in my last Post #10 above.

I have just run the 'Utility' myself to make sure I am O.K....thats an affirmative.

When you hit the 'download-button' select Run and it works immediately. You can also save

a copy to run later on.

See the 'screen-shot' below

Regards,

Brian (Conflow).

post-1416-1249403449_thumb.png

Link to comment
Share on other sites

Brian...

Thanks for the links. I will be running all the 'wipers' I can find. You think the 'malware' is still on my PC. That may be true since I still have this 'Create' problem. Also, I talked to the originator of the ogg file that you suggested that it might have been contaminated through a download. It was actually created by him on his PC...not downloaded.

I found a Windows site that provides links to a bunch of 'wipers' that I will be trying:

http://www.microsoft.com/security/antivirus/xpsp2.aspx

Thanks... Gary

======================

Goddi, this free program, has saved my bacon before. (SUPERAntiSpyware)

It can't hurt to try it.

Best regards, Gayland.

http://www.superantispyware.com/?tag=GOOGLE-SUPERANTISPYWARE

Link to comment
Share on other sites

  • 2 weeks later...

Greetings Everyone...

I have not been on the Forum for a good while due to this virus problem I had. I just want to let everyone know that the Virus was conquered and I am back to 'normal'. Whatever it was, attacked about 100 of my PTE's exe slideshows. I was able to dump all of them and recreate them since the .pte files were not damaged. We think it had to do with a maleware that came in through an ogg file, or something like that. After dumping a few of the strange ogg.dll files that apparently should not have been there, thing got back to normal.

In addition to this, Brian (Conflow) worked with me extensively to insure that I got all the virus' remnants out of my PC. He spent at least 7 days giving me programs and advice and walking me through a lot of investigative processes. So this does not just end with me getting all the good help, let me pass on some of his cool programs which are free that you can use to examine the health of your PCs:

* http://www.iobit.com/ - download the Advanced Window Care 2 Personal Edition (free)

* https://www.regcure.com/ - RegCure: it does a free scan that can tell you if something is amiss (but the free version won't actually fix anything).

* http://www.snapfiles.com/screenshots/comodoregcleaner.htm - This will fix your Registry errors. It found and cleaned out the last of my problem files.

Brian also recommended using BitDefender for active virus protection: http://www.bitdefender.com/ . I am using the 30 trial version and it has be ranked very high. It is easy to use. (As I am typing this, BitDefender popped up and said it deleted a file that had a virus that could not be cleaned...so it really works!)

Also, I have dumped my 3rd party firewall and now use the Windows Firewall.

Brian had me run many other programs to get rid of my problem, but these programs above should help me, and you, keep you PC clean. I hope this helps.

Thanks all... Gary

Link to comment
Share on other sites

Hi Gary,

The file "HideShowTB.exe" is not a PTE file, but is a file which is used along with Showvideo.exe to hide the task bar. It "may" have become infected, but it's very easy to just dump it and download it again if you are using showvideo.exe to add videos to your slideshows. The HideShowTB.exe file was recently updated by the author and the combination with showvideo.exe work very well and do not contain any virus code.

Just informational....

Best regards,

Lin

............I was able, it seems, to get rid of the virus, 'Packed Win32.Krap.Gen'.When I found the virus, the path of the virus scan showed:c:\picturestoexe 56\showvideopte\HideShowTB.exe. I don't know if'HideShowTB.exe is a PTE file that was corrupted or is an actual virusfile............

Link to comment
Share on other sites

Lin... I had forgotten where that file came from. But I had some feeling that I had seen it before. Thanks for reminding me and letting me know what it was. Yea...it came from Boxig...if I remember right.

Gary

==================

Hi Gary,

The file "HideShowTB.exe" is not a PTE file, but is a file which is used along with Showvideo.exe to hide the task bar. It "may" have become infected, but it's very easy to just dump it and download it again if you are using showvideo.exe to add videos to your slideshows. The HideShowTB.exe file was recently updated by the author and the combination with showvideo.exe work very well and do not contain any virus code.

Just informational....

Best regards,

Lin

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...