Jump to content

Recommended Posts

A friend has a bad infection

guess it was self installing

but it showed up as antivirus 2008

malwarebytes could not do anything

superantispyware cant do anything

at the moment the computer is disabled

cd-rom cant read disks

cd-rom doesnot show when My Computer is opened

Lotsa yellow marks in device manager

the virus has disabled anyone from making any changes

nothing runs

icons wont open

IE7 is disabled

malwarebytes and other programs are all disabled

they wont open or run

heres a sample of one Trojan..... winlp32

they tried other harddrives to reformat

but cd-rom wont read disk

they have legitamate windows

before they try to reformat

they were able to uninstall service pack 3 so they can reformat

now its just dead useless computer

but it still starts and connects

and yahoo chat opens but thats about it

downloading and running programs is out

same with running programs from cd-rom

Link to post
Share on other sites

Im not sure if they have Hijackthis

but if they do im not sure if it will open

if it can open then ill post it for them in the proper forum

until then all help is appreciated

im they're only way to communicate for now

Edited by mme
Link to post
Share on other sites

Hello mme,

I am with Duanester on this one, if HJT can not be ran there really is no choice but to do a full scale reformat of that PC.

 

Sounds like a real mess, nothing opens, cd-rom wont even work. That file winlp32, are sure it is not winhlp32.exe? Doesn't really matter though, as that pc needs to be reformatted unless they can get HJT installed and the ability to use special tools an fixes. :hammer:

Let us know what happens.

Wademan

Link to post
Share on other sites

well thats what they want too do

cleanup just enough to format

but cd-rom wont read disk

or show up in my computer

 

try changing harddrives

try changing cd-rom drives

pulled ram out

advised them to pull cmos but not sure they did

Link to post
Share on other sites

Do they have a USB flash drive or can they get one? Perhaps download HJT to it an then install on pc is an idea. Then post the HJT log in the HJT forum. I would be real interested if they can do that. I will bet this infection has morphed into a bunch of Trojans an that horrible 2008 anti virus junk.

 

Wademan

Link to post
Share on other sites

I was able to get a hijackthis log

ill be posting it in the proper forum

it dont look good thanks guys

i had them search for the hijack program on there computer

they already had the program installed

they ran it from cdrive ....program files

Link to post
Share on other sites

This should help a bit:

boot into safe mode, click on start and in the run box type regedit

go to Hkey_current user, then software and delete the antivirus 08 folder (DO NOT DELETE ANYTHING ELSE! IF YOU ARE CURIOUS ABOUT A FOLDER POST IT AND WE WILL TELL YOU IF ITS GOOD OR BAD!!!)

do the same under Hkey_local machine.

to fix cdrom drive go to : Hkey_localmachine/SYSTEM/CurrentControlSet/Control/Class/4D36E965-E325-11CE-BFC1-08002BE10318 and delete the files labeled Upper and Lower filter. You should now have a cdrom when you reboot.

 

Now You should be able to begin cleaning up your computer with programs such as Malwarebytes, rogue fix or smitfraud fix. I'de suggest downloading smitfraud fix and running that. when you run that select the Clean option. should be option #2

Edited by openthat----up
Link to post
Share on other sites

Sorry i did not mention this but

We did try to delete a few registry entries

But the infection has created its own administrator account

So anything to do with regedit is useless

We even created another Admin account

It too did no good

Even deleting all accounts

Still can do anything

I havent heard from them for a few days

Guess they are celebrating the New Year

But theres hope

They can run hijackthis

they can use unlocker

and they can download but they cant run what they download

how ever they manage to download and run CCleaner

Teacup is helping

But Teacup and myself is waiting for they're response

Hopefully it will be soon

And hope they can make it to the hijackthis forum

They are a pitster

Thank You for your help in the matter

Once we can clean and gain control back

and only then we use your advice on the regedit fix you posted

 

Thank You

EDWARD

Link to post
Share on other sites

o if thats happening youll also want to download a program called LSP fix whichis designed to take care of just that problem.

 

download and run LSP fix. Here is a list of GOOD LSP entried

NLAapi

napinsp

pnrpnsp

mswsock

winrnr

 

anything else can safely be removed.

LSP files are things that load themselves into RAM before windows starts up.

Link to post
Share on other sites

like i said not everything runs when its downloaded

but we did do start run cmd

ipconfig /flushdns

things appear to be at standstill for the moment

hopefully things can get going in morning

 

you can see here

http://forums.pcpitstop.com/index.php?showtopic=163865

just waiting to hear from them

im the only connection to the pit for now

Edited by mme
Link to post
Share on other sites

If you have the know-how, edit the registry offline.

http://home.eunet.no/~pnordahl/ntpasswd/editor.html

 

Also, this program can delete/disable accounts offline as well.

This thing is a beast, I've used it several times.

 

If you need help, I could write out a list of instructions for you to have to navigate and delete the keys mentioned earlier.

Edited by porksandwich9113
Link to post
Share on other sites

Sometimes power cycling the router and modem will enable internet connection again, if connection has been a problem.

and they can download but they cant run what they download

Delete what ever it was, download again but rename it first to something different or just similar to the original name. Edited by Juliet
Link to post
Share on other sites

New computer

thats cool

Congradulations

stay clear of unwanted stuff

and leave limewire alone

stay away from google search and toolbar

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...