Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help! Internet not working! MalwareBytes showing hijack.regedit...


  • Please log in to reply
3 replies to this topic

#1 DJDJ2

DJDJ2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 20 March 2009 - 09:40 AM

Ok, this nasty little virus is bugging poop out of me!! If you can help in any way... please reply ASAP. need computer operational, and need to avoid complete reinstall at this point. :flowers:

at first i had a virus that caused pop up warnings, etc, and internet did not work. I found forum post mentioned that the following log from MalwareBytes was only fixable by uninstalling Service Pack3 (XP), so I did that... (malwarebytes seemed to fix, but on reboot the virus would magically return)

MalwareBytes (original log)
Malwarebytes' Anti-Malware 1.34
Database version: 1871
Windows 5.1.2600 Service Pack 3

3/20/2009 8:13:56 AM
mbam-log-2009-03-20 (08-13-55).txt

Scan type: Quick Scan
Objects scanned: 74057
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


So after unistalling SP3, the virus seems to have gotten worse! Still no internet... and running malwarebytes comes back with a new, different log: :thumbsup:

Malwarebytes' Anti-Malware 1.34
Database version: 1871
Windows 5.1.2600 Service Pack 2

3/20/2009 10:28:23 AM
mbam-log-2009-03-20 (10-28-18)2

Scan type: Quick Scan
Objects scanned: 69745
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And same type of thing... malwarebytes states it is removed, but on reboot its still there. I've attached screenshot of what my desktop does NOW on reboots. looks like with this nasty bugger... whatever I am doing seems to be making things worse?!?!

Posted Image


Any help!? pretty please...
thanks,
DJ

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,607 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:13 PM

Posted 20 March 2009 - 09:57 AM

The log states that no action was taken... Or did you only do the scan again to post it here?
As for the restart, there is a known worm-variant that does this kind of stuff, does it do this in safe mode as well?
It might be a good thing to back up all your essential data on a removable storage device, just in case...
Because Malwarebytes doesnt come up with anything special, I would suggest to use Dr. Web Cure it (http://www.freedrweb.com/cureit//), however there are more experienced members on this forum, so you may want to wait for their opinions as well.

Edited by elise025, 20 March 2009 - 10:00 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 DJDJ2

DJDJ2
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 20 March 2009 - 10:18 AM

Thanks for the reply. Yes, malwareBytes states that the files are deleted... but when I reboot, they are there again. Also, for some weird reason, the original screen shot (desktop) is gone again now... but internet still does not work.. here's screen grab of IE7 when I try to go on internet...

I am trying to back my stuff up right now... would a Windows XP "repair" fix all these issues? if I did reinstall XP on my C drive I would not lose data on other partitions, right?

thanks!
DJ

Posted Image

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,607 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:13 PM

Posted 20 March 2009 - 10:50 AM

I dont think a repair install would do the trick, because most likely this problem is caused by malware. If you reinstall XP, the data on your other partitions would not be lost, but might be infected and reinfect your new XP installation.
I understand you have time to do things before the shut-down thing, so maybe you can do some cleaning and try to fix things. Malwarebytes obvious doesnt get the stuff this time, I googled a bit and my best option still would be to run Dr. Web Cure-it (download link in previous post). As for your internet problems, many malware can cause your internet to drop.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users