Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User accounts and search option issues


  • Please log in to reply
8 replies to this topic

#1 wassoh

wassoh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 13 July 2009 - 05:47 PM

Hi,
My pc got infected by downloading a freeware program from the internet. I forgot the name of the program and the internet site because after a week only i realized that my pc was infected. The mshta.exe is infected as the anti-virus said, it removed the infection but still the user account in control panel and search options do not appear ,the paga is blank.
I viewed some topics only, they recommended to download some anti-virus program and repair the mshta.exe using the CD of windows xp sfc.exe /scannow. But still nothing has changed, so i do need some help. I do not want to format my pc all over again.
Can you post the steps needed so i can give you the necessary information.
Thank you for the help.


Mod Edit: Topic moved to more appropriate forum~ TMacK

Edited by TMacK, 13 July 2009 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 PM

Posted 14 July 2009 - 05:49 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 wassoh

wassoh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 18 July 2009 - 07:43 AM

Hi,
i did as you instructed and here is the log, but i must note that i did use the malwarebytes before posting the original post and stiil the user accounts and search options did not work.
This log is from the recent scan (perform quick scan) that you order me to do. After the scan the software asked to restart the pc to complete the removal and i did that immediately.

the log----->

Malwarebytes' Anti-Malware 1.39
Database version: 2456
Windows 5.1.2600 Service Pack 2

7/18/2009 3:32:23 PM
mbam-log-2009-07-18 (15-32-21).txt

Scan type: Quick Scan
Objects scanned: 92914
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
C:\documents and settings\Wasso\local settings\application data\omgcq.exe (Adware.Navipromo.H) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omgcq (Adware.Navipromo.H) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Wasso\local settings\application data\omgcq_navps.dat (Adware.Navipromo.H) -> No action taken.
c:\documents and settings\Wasso\local settings\application data\omgcq_nav.dat (Adware.Navipromo.H) -> No action taken.
c:\documents and settings\Wasso\local settings\application data\omgcq.dat (Adware.Navipromo.H) -> No action taken.
c:\documents and settings\Wasso\local settings\application data\omgcq.exe (Adware.Navipromo.H) -> No action taken.
c:\documents and settings\Wasso\local settings\application data\wuuaciy_nav.dat (Adware.NaviPromo) -> No action taken.
c:\documents and settings\Wasso\local settings\application data\wuuaciy_navps.dat (Adware.NaviPromo) -> No action taken.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 PM

Posted 18 July 2009 - 04:15 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 wassoh

wassoh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 20 July 2009 - 05:00 PM

Hey,
I follow the instructions step by step in the link you gave me but still nothing has changed. the user account and the search options are still blank, it is suprising that nothing has worked.
Any other possible solutions or instructions Budapest?

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 PM

Posted 20 July 2009 - 05:11 PM

What happens when you double-click on the User Accounts icon in the Control Panel?

Also, which Search Options are not working?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 wassoh

wassoh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 21 July 2009 - 01:31 AM

well i press Start, Control Panel, User Accounts and the page appears blank, nothing in it just white. Only the icon for back,forward and home appears on top.
I go to Search= Start then Search, and the search option in the page does not appears only the icon ( dog,magician depends on what you have chosen). And when i try Ctrl+f in other location such as \My-pictures for example, the same happens, the search options does not appear, only the dog (the icon) chosen as an option appeared.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 PM

Posted 21 July 2009 - 01:40 AM

Go Start > Run and type "regedit". Navigate to the following entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind

If "NoFind" has the value "01 00 00 00" change it to "00 00 00 00" and then reboot.

With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 wassoh

wassoh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 21 July 2009 - 03:21 AM

I do not have "Nofind"
I have the following:

-NoChangeStartMenu
-NoClose
-NoDriveTypeAutoRun
-NoLogOff

i have windows xp service pack 2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users