Jump to content


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

Everything posted by sUBs

  1. Don't worry about System Restore points just yet. Check it again tomorrow. Theres should be one created by then. If not so, please let me know *HeHe ... I can always lend you one of mine.
  2. Use the machine for the next few hours. Throw in a couple of reboots in between. Then come back & tell us how the machine is coping
  3. 334 sounds like a good figure. Please reboot & see if that makes any difference.
  4. LOL ...I only wanted to find out if E:\I386 exist. Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: @echo off pushd E:\I386\ For /f "tokens=*" %%g in (' vfind -tf *.tt_ *.fo_ ') do @expand -r "%%g" %windir%\fonts\ popd dir /a/b "%windir%\fonts\" > Fonts_log.txt Start Notepad Fonts_log.txt Save this as font.bat Choose to "Save type as - All Files" It should look like this: Double click on font.bat & allow it to run Post back to tell me what it says. If all goes well, you should now have a few hundred fonts files in your \Windows\Fonts folder
  5. I counted the number of fonts you have. 49 is a bit sparse. On a freshly installed machine, the number is at least 200 (gets more as we install lingual programs). I'm going to try to repopulate your fonts cache by extracting them from the Windows CD. Please insert your CD into the CDROM. Then tell me the drive letter of your CDROM Also verify if this folder's location is correct. - < driver letter of your CDROM>\I386
  6. Hmm .. it's not going smoothly. I need to look at the files that you currently have in the C;\Windows\Fonts folder. Please go to Start > Run - copy/paste the following command & click OK cmd /c dir /a/b %windir%\fonts >Log.txt&&Log.txt&&del Log.txt It shall produce a log for you to post back here Question - Do you have access to another Windows XP SP2 machine?
  7. Here, use this guide > http://www.datarecovery.com.sg/data_recove...tem_restore.htm
  8. Seeing that we're at loss as to how to restore that function, we might as well try Windows System Restore. Take note that performing a System Restore will revert the machine back to an earlier time. This may fix the keyboard but most of the malware will be restored. We shall need to address them again.
  9. The folder C:\Windows\System is not your fonts cache. Try looking in C:\Windows\Fonts. For Windows XP to display Korean glyphs, you should need to have Gulim.ttc in there. The guide I earlier linked you to, should have sorted it out for you. Please do it again. Here's a similar guide but it's specific for Korean fonts. http://www.declan-software.com/korean_ime/...n_ime.htm#xpuse Try doing this ... * Uninstall it first. Untick "Install files for East Asian Language". Click OK & reboot * After rebooting, Re-tick "Install files for East Asian Language". Click OK &
  10. Sorry to interrupt. Which folder did you look at?
  11. Please use this guide > http://newton.uor.edu/Departments&Prog...llation_XP.html
  12. TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose Yes at the Warning prompt. Expand the Tools menu. Click Resident. Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box. In the File menu click Exit to exit Spybot Search & Destroy. Download http://www.techsupportfo
  13. What about "Spytech Software" ?
  14. 2007-11-04 21:01 <DIR> d-------- C:\Incomplete 2007-11-02 17:20 <DIR> d-------- C:\Program Files\Incomplete 2007-10-25 18:46 <DIR> d-------- C:\Downloads 2007-10-25 22:23 <DIR> d-------- C:\Documents and Settings\USER\Incomplete Are these folders created by you? Take a quick peek in them & tell me what's within C:\Program Files\Spytech Software Is this a program you installed? What is it for?
  15. That's good. Please run ComboFix now by double-clicking it. I shall need to review the log that it produces.
  16. Switch SpyBot off. We don't need it for the moment. Have you ran fix.bat yet?
  17. Let's continue with the instructs from post #21 > http://forums.pcpitstop.com/index.php?s=&a...t&p=1439789
  18. Okay, I crashed my machine to get you these pictures. This method will work.
  19. How did it go? Do you have a dot in your command ?
  20. Do you still have access to your buddy's machine? If so, let's expand the file there & save it to floppy disk so that it may be transferred to the trouble machine. When you next run the recovery console, you'll need to amend your commands to reflect the change in location. The file is now located at A:\VGAOEM.FON C:\Windows>COPY A:\VGAOEM.FON C:\WINDOWS\SYSTEM
  21. Take the CD to another machine. Open it & find out where the file vgaoem.fo_ resides. Note it down. Then try again on the trouble machine. Don't worry. Even if that fails, we still have other options.
  22. Not sure if this will work but give this a try. When you're attempting to type the '_', press these keys on your keyboard .. Press ALT & keep it depressed Then type these numbers 095 Release the ALT key Does that give you the '_' ?
  23. MS has a fix for it here > http://support.microsoft.com/?kbid=315338 Since you mentioned FIXBOOT earlier on, I'm assuming that you got all the way to the RECOVERY CONSOLE where you get a black DOS window that looks similar to this ...
  24. Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: @echo off if exist "%temp%\log.txt" del "%temp%\log.txt" pushd C:\Qoobox\Quarantine\C\WINDOWS\Fonts del /a/f/q/s *.exe.vir *.zip.vir 2>nul ren *.vir *. move /y * C\WINDOWS\Fonts\ >nul 2>&1 cd Fonts.vir ren *.vir *. move /y * C\WINDOWS\Fonts\ >nul 2>&1 popd for %%g in ( "C:\Documents and Settings\USER\.housecall6.6\Quarantine\afqdjhpo.exe.bac_a02676" "C:\Documents and Settings\USER\.housecall6.6\Quarantine\edmjipsq.exe.bac_a02676" "C:\Documents and Settings\USER\.housecall6.6\Quarantine\vasya[1
  25. Don't post the log. It's too long. Upload it to this website --> http://www.bleepingcomputer.com/submit-malware.php?channel=4 Also try locating this other file - C:\Qoobox\ComboFix-quarantined-files.txt If you find it, upload that as well. Let us know when you have done so.
  • Create New...