Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows\system32\desote.exe


  • Please log in to reply
5 replies to this topic

#1 tescott

tescott

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:calif
  • Local time:06:42 PM

Posted 02 September 2009 - 12:36 PM

Hi All,

A friend ask me to look at his computer a HP Pavilion Xp home , I can't get to sys info black screen comes up. Every time I try to access a windows program the black screen comes up. On start up about 14 black screens come up I think they are the start up programs ! I've tried to load mbam-setup by flash drive and DVD but It won't let me! The INTERNET access is blocked to . I looked through your forms and have not seen anything like this! I believe he has POLICE PRO & System Pro infected in this computer! Is there anything to do other than reformatting? I even tried to change the mbam set up to zztoy.exe still nothing. Any ideas!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:42 PM

Posted 02 September 2009 - 02:03 PM

We have a self-help area for removing common malware. Please see the tutorial How to remove Police Pro

When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tescott

tescott
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:calif
  • Local time:06:42 PM

Posted 02 September 2009 - 02:38 PM

Thanks for the reply! The problem I'm having is i can't load Malwarebytes or any other help programs: DDl, HJT, internet access is not working but say's it is connected. Can't get into files or regestry alls I get is a black screen with a dos prompt that dosen't work with the windows\system32\desote.exe

#4 imcrazzy956

imcrazzy956

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 04 September 2009 - 11:49 AM

I'm having the same problem I have Police Pro and Windows Antivirus Pro on my laptop. I cant install or run MBAM or any exe file other than internet explorer or text pad. everytime i try to run a program a cmd style window pops up with c:windows\system32\desote.exe in hte name bar and says not enough memory.
Please help! My computer is basically unuseable.

EDIT: Your topic has been moved and answered
Please read my PM

Edited by garmanma, 04 September 2009 - 04:16 PM.


#5 Tisiphone

Tisiphone

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:08:42 PM

Posted 04 September 2009 - 02:54 PM

SANS has an excellent write up on this and how to fix it today:

http://isc.sans.org/diary.html?storyid=7066#comment

There are several suggestions in the article and the comments, most include booting in another OS or editing the registry manually.

In a nutshell, this desote.exe hijacks the EXE handler in the registry.

Thanks to CC_DKP in the SANS comments:

The regkey responsible is:
HKEY_CLASSES_ROOT\exefile\shell\open\command
The (default) key should be set to:
"%1" %*


Judging from what I and other users have seen, Norton does not detect this.

Edited by Tisiphone, 04 September 2009 - 03:22 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:42 PM

Posted 04 September 2009 - 04:59 PM

Hello imcrazzy956

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users