| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 88237 | 2008-03-20 07:30:00 | Virus, Trojan, Spyware infection | colinf (13530) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 651911 | 2008-03-23 05:14:00 | Your system seems to be majorly infected with alot of bad stuff. If you can't even edit the registry, I would recommend you format you hard drive and reinstall XP. That's just my opinion though. | SPARTAN 860 (2618) | ||
| 651912 | 2008-03-23 05:24:00 | Thats what most people try and avoid (if they can) | Speedy Gonzales (78) | ||
| 651913 | 2008-03-23 05:24:00 | I,m beginning to think the same thing.It looks like your registry is in someway messed up.Combofix should have fixed these registry entries without any problem.This should have been a straight forward fix...I will get an opinion from some of the other analyst and see what they can come up with.As Speedy says.we dont want to format... | Pancake (6359) | ||
| 651914 | 2008-03-23 05:42:00 | Looks like they beat me to it as I was talking to them about it this morning.They have looked at it and are of the same opinion as me in saying that the files have been delete by Combofix and only the runkeys have been left.So we will clean up the stuff that Combo has created and lets see if things are running better... This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below and click OK. ComboFix /u Follow that up with this repair registry utility... www.microsoft.com |
Pancake (6359) | ||
| 651915 | 2008-03-23 06:54:00 | I'm going to suggest you run Prevx Csi and see what it finds. Excellent program which doesn't get much mention in here. http://www.prevx.com/ |
apsattv (7406) | ||
| 651916 | 2008-03-23 09:13:00 | Hi A further note to my registry editing problems . It is not the case that I cant edit any of the registry . Only those keys and values that have been altered by some of the malware that has infected the pc . The problem, is I believe mainly based in the software hive of the registry, as one of the Spyware checks I did, while the disc was attached to a friends pc, as a non boot disc, recommended that I delete the software registry hive file . I decided against this as it would mean reinstalling everything anyway . Or at least that is my understanding . Colin |
colinf (13530) | ||
| 651917 | 2008-03-23 09:16:00 | Did you select all of the options under the utilities menu in trojan remover before. This may reset everything. Well it should When you said Trojan remover said access denied, is that when you clicked on scan, or when you selected the options under the utilities menu? |
Speedy Gonzales (78) | ||
| 651918 | 2008-03-23 09:17:00 | If you don't mind reformatting, do it, will save you alot of time | SPARTAN 860 (2618) | ||
| 651919 | 2008-03-23 09:52:00 | Hi Some responses to some of the latest questions To Speedy: Yes I did try all the options and they reset with no problems . Yes the access denied message occured during the scan To spartan860: I am fixing this pc for another friend (i . e not the one to whose pc I attached the disc to) and apart from them not being contactable over easter . I dont have all thier installation discs with me so I cant do a reformat, reload at the moment anyway . To apsattv: Have just run PrevX CSI, it found the following problem C:\WINNT\FireFoxUpdater . exe InMem: 0 Det [BP] MD5: FAA78EA3E3964F414A3008A86CCF6661 PX5: 0BAA5BC3000B3E9C426C003ED7AB18008700E3C6 Malware Group: Trojan . DownZero I can supply the whole log if you wish . Colin |
colinf (13530) | ||
| 651920 | 2008-03-23 09:57:00 | If trojan remover is still installed open my computer / windows explorer whatever its called. And select C, right mouse and scan with trojan remover See what happens then. And see if it deletes whatever files |
Speedy Gonzales (78) | ||
| 1 2 3 4 5 6 | |||||