Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Alert + Hard Drives Not Been Shown Problem...


  • Please log in to reply
17 replies to this topic

#1 arungeorge101

arungeorge101

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 12:08 PM

I have a XP proffessional os, had a spyware attack. I downloaded malwarebytes anti malware, I scanned the system and deleted all the affected files as well as the registry entries. But each time i reboot the machine, the problem keeps repeating. My c: and d: will not be visible, the task manager and registry are also disabled. However I can access the task manager by manually adding registry key using the windows run command.

Please help me...

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:07 AM

Posted 29 August 2008 - 12:41 PM

Are you sure you are virus free? I would double-check by posting here:
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
I'll move you there
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 arungeorge101

arungeorge101
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 12:52 PM

can you please help me how to go about this???

wen i run trojanremover or any other software... it keeps deleting the affected files as well as the registry entries.. but each time i restart the problem keeps repeating and the trojan remover shows the same set of files as affected....

can you please help me how to go about this???

wen i run trojanremover or any other software... it keeps deleting the affected files as well as the registry entries.. but each time i restart the problem keeps repeating and the trojan remover shows the same set of files as affected....

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 AM

Posted 29 August 2008 - 01:24 PM

Please post the results of your MBAM scan for review.

Launch MBAM.
Click the Logs Tab at the top.
mbam-log-7-18-2008(09-52-04).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.

If you're using Windows 2000/XP, please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.
Note: If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, you will need to fix the policy restrictions created by this infection. Open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 arungeorge101

arungeorge101
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 01:42 PM

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

7:52:04 PM 8/29/2008
mbam-log-08-29-2008 (19-52-04).txt

Scan type: Quick Scan
Objects scanned: 66494
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 16
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60d2e6af-f47e-45b8-917f-de66d9c379b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomgyvnk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60d2e6af-f47e-45b8-917f-de66d9c379b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{60d2e6af-f47e-45b8-917f-de66d9c379b8} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page\Start Page (Hijack.Homepage) -> Bad: (http://lookanddiscover.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-0000356-23307) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qoMGyVnk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.



DBFix Version 1.001
Run on 29/08/2008 @ 04:05


No DelfBot Files Found

No DelfBot Run Values Found

Finished!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 AM

Posted 29 August 2008 - 01:48 PM

You did not follow the SDFix instructions properly and use the RunThis.bat in safe mode. Instead you ran the DBFix.bat.

Rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 arungeorge101

arungeorge101
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 02:02 PM

Sorry about Sdfix.. but I dint see any option to scan wen I run Runthis.bat file. thats y.

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

00:27:48 8/30/2008
mbam-log-08-30-2008 (00-27-48).txt

Scan type: Quick Scan
Objects scanned: 59389
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Arun George\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Arun George\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 AM

Posted 29 August 2008 - 02:09 PM

Sorry about Sdfix.. but I dint see any option to scan wen I run Runthis.bat file

Did you reboot in safe mode before running SDFix?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 arungeorge101

arungeorge101
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 02:32 PM

SDFix: Version 1.220
Run by Arun George on Sat 08/30/2008 at 00:54

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows Product ID To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Arun George\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Arun George\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Arun George\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Arun George\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Arun George\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Arun George\Favorites\Spyware&Malware Protection.url - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\sfsrv.exe.bat - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\TMP1.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\TMPC.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\TMP1.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\tmp17.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\tmp1B.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\tmp78.tmp - Deleted
C:\DOCUME~1\ARUNGE~1\LOCALS~1\Temp\TMPC.tmp - Deleted
C:\WINDOWS\rodqgpvlkel.dll - Deleted
C:\WINDOWS\pdoskegl.dll - Deleted
C:\WINDOWS\qalkfxor.dll - Deleted
C:\WINDOWS\rqbmvpso.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 00:59:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,d0,5e,00,1a,82,98,d8,1d,38,dd,f7,60,3a,08,7c,5c,2e,..
"hj34z0"=hex:66,82,a9,12,97,80,e1,14,3f,45,6b,28,bc,19,b0,a5,f4,17,ed,c3,0b,..
"hj34z1"=hex:f8,82,a9,12,ef,80,e1,14,3e,45,6a,28,bd,19,b0,a5,f4,17,ed,c3,3b,..
"hj34z2"=hex:f8,82,a9,12,ef,80,e1,14,3e,45,6a,28,bd,19,b0,a5,f4,17,ed,c3,3b,..
"hj34z3"=hex:f8,82,a9,12,ef,80,e1,14,3e,45,6a,28,bd,19,b0,a5,f4,17,ed,c3,3b,..
"hj34z4"=hex:f8,82,a9,12,ef,80,e1,14,3e,45,6a,28,bd,19,b0,a5,f4,17,ed,c3,3b,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000b4
"TracesSuccessful"=dword:00000002

scanning hidden files ...

C:\WINDOWS\P\Image000.jpg 24332 bytes
C:\WINDOWS\P\Image003.jpg 220513 bytes
C:\WINDOWS\P\Image004.jpg 197175 bytes
C:\WINDOWS\P\Image005.jpg 191897 bytes
C:\WINDOWS\P\Image007.jpg 217864 bytes
C:\WINDOWS\P\Image008.jpg 427077 bytes
C:\WINDOWS\P\Image009.jpg 211829 bytes
C:\WINDOWS\P\Image010.jpg 342960 bytes
C:\WINDOWS\P\Image011.jpg 224921 bytes
C:\WINDOWS\P\Image015.jpg 288405 bytes
C:\WINDOWS\P\Image016.jpg 246750 bytes
C:\WINDOWS\P\Image017.jpg 254719 bytes
C:\WINDOWS\P\Image019.jpg 486780 bytes
C:\WINDOWS\P\Image020.jpg 502010 bytes
C:\WINDOWS\P\Image078.jpg 91300 bytes
C:\WINDOWS\P\Image080.jpg 187950 bytes
C:\WINDOWS\P\Image081.jpg 160450 bytes
C:\WINDOWS\P\Image083.jpg 167023 bytes
C:\WINDOWS\P\Image086.jpg 128793 bytes
C:\WINDOWS\P\Image091.jpg 111549 bytes
C:\WINDOWS\P\Image094.jpg 131613 bytes
C:\WINDOWS\P\Image097.jpg 125749 bytes
C:\WINDOWS\P\Image106.jpg 116356 bytes
C:\WINDOWS\P\Thumbs.db 79872 bytes
C:\WINDOWS\P\Thumbs.db:encryptable 0 bytes hidden from API
C:\WINDOWS\P\Video000.3gp 250180 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 26


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 23 Aug 2008 55,655,467 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\download\BIT15.tmp"

Finished!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 AM

Posted 29 August 2008 - 02:38 PM

That's better. Do you recognize all those hidden Image .jpg files inside that P folder in Windows?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 arungeorge101

arungeorge101
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 02:39 PM

ya all those are my pics.. i had saved it earlier...
do i need to delete those??

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 AM

Posted 29 August 2008 - 02:42 PM

As long as you know what they are you can leave them.

How is your computer running now? Any more reports/signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 arungeorge101

arungeorge101
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 02:45 PM

The c: and d: are not being displayed. guess that is cause of some registry entry rite??
other than that everything is fine... thank god and thanks to u quietman!!!! :thumbsup:

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:07 AM

Posted 29 August 2008 - 02:47 PM

To fix the policy restrictions created by this infection, please open the SDFix folder or download XP_VirusAlert_Repair.inf and save it to your desktop. <- for Windows XP ONLY.
  • Right-click on XP_VirusAlert_Repair.inf and select Install from the Context menu.
  • Note: To download the .inf file, go to File, choose "Save page as" All Files and save XP_VirusAlert_Repair.inf to your desktop.
  • Then reboot to apply the changes.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 arungeorge101

arungeorge101
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 29 August 2008 - 02:55 PM

Thanks a lot quietman.... now everythin seems to work fine...
thanks a lot... :thumbsup:

i will get back to bc.. if i have any more issues....

thanks again...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users