BleepingComputer.com: infected by some type of malware

tried the command prompt by pasting your instruction but on trying to run it, the error C:\windows\system32\pstores.exe is not recognised as an internal or external command etc.

Then tried to run microsofts fixit, got the message that windows installer service is not accessible in safe mode, use system restore etc.

tried to reboot into normal windows but it will only start in safe mode

Not doing very good am I.

regarding your query re the registry, I have deleted items in the past without any problems so I am confident that with you guiding me averything should be ok

Alright, this is operation Internet

You are backed up with ERUNT. If you get unsure at any stage then post before you try something.

Remember the registry is a dangerous place but it isn't lethal.


To run regedit just click on the start button and then select run.

Then type regedit in to the box and click ok

When you are there we need to navigate through the registry.

Here are the two navigation paths we are going to take.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]


To get to the first one, look for HKEY_LOCAL_MACHINE and click the folder. This will expand to a list of subfolders. Again look for the next entry, this is SYSTEM. When the list expands under that you then look for CurrentControlSet, and so on.

When you reach Winsock you right click and delete it.

You do the same with Winsock2.

When you have done this then restart your PC and then post back.

This post has been edited by m0le: 28 November 2009 - 07:29 PM

winsock and winsock2 deleted and machine restarted

Good job, now to reset the connection.

1. Right-click the network connection, and then click Properties.
2. Click Install.
3. Click Protocol, and then click Add.
4. Click Have Disk.
5. Type C:\Windows\inf and then click OK.
6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.

Restart the computer and let's see if you can now access the internet.

unless I am misreading your instructions, I have accessed the internet connections icon via control panel and on right clicking I can only open or explore, in open the icon is totally devoid of any information.. in explore it reverts to the control panel menu

What does the icon look like and what status does it say?

This Microsoft link will make sure you have navigated correctly to the network connections.

yes, same shaped icon but in safe mode it is in classic view,, it is the shape of the world with a connection in it. As I have said. to right click the only options are as Ive described, and to double click it gives the same result, nothing,

I am concious that I am monopolising your valuable time, do we still continue????

We can continue for a bit longer before we refer to you another forum.

Besides, I hate being beaten

The connection is a problem in safe mode so let's attempt to regain your normal mode again.

1. Exit all programs.

2. Click Start > Run.

3. In the Run dialog box, type the following text:

msconfig

4
Click OK.

5
In the System Configuration Utility, on the BOOT.INI tab, check /SAFEBOOT.

6. Click OK.

7. When you are asked to restart the computer, click Restart.

The computer restarts in Safe mode. This can take several minutes.


After you complete the work in Safe mode, use the System Configuration Utility to start Windows XP in Normal mode.

1, Close all programs.

2. Click Start > Run.

3. In Run dialog box, type the following text:

msconfig

4. Click OK.

5. In the System Configuration Utility, on the BOOT.INI tab, uncheck /SAFEBOOT.

6. Click OK.

7. Close all programs, and restart the computer.

YIPEE, windows started normally,
but a message popped up saying that it was in diagnostic or selective startup and on acknowledging that message, the system configuration utility reappeared with 'selective startup' selected and 'use modified BOOT.INI'

Thanks for sticking with me, I have all the time in the world but I am aware that others have not.

Okay, that's not so bad.

Select a diagnostic startup and restart

When the startup configuration panel comes up after the diagnostic startup you should be able to select normal startup and restart the PC.

My fingers are crossed.

Done, started normally, this time in network connections there are two items. one a dial up, which I dont use. the second a LAN which is currently disconnected

Done, started normally, this time in network connections there are two items. one a dial up, which I dont use. the second a LAN which is currently disconnected

Done, started normally, this time in network connections there are two items. one a dial up, which I dont use. the second a LAN which is currently disconnected

Okay, what exactly does the wording next to the icon say.

Network connections,, accessed via control panel, am I looking at the right conection?

Quote

You said there were two icons inside of Network Connections, one of them was The LAN icon, does it show "disconnected"?