Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Palladium Pro and Shell.reg


  • This topic is locked This topic is locked
3 replies to this topic

#1 Alan_Jr

Alan_Jr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 19 February 2011 - 04:35 PM

SO I was helping a friend with his computer after he had mistakenly installed Palladium Pro thinking he had to have it. I went to this link to try and solve it:
http://www.bleepingcomputer.com/virus-removal/remove-palladium-pro
About half way down it has a shell.reg download. I downloaded that and installed the registry settings. When I rebooted the computer Windows (Windows XP Pro) would not load. It gets to the windows loading screen and then automatically reboots. Any idea what registry settings where changed and how I can possible fix it? I have tried booting in safe mode and I get the same result. Any help would be greatly appreciated.

I have removed the hard drive and slaved it in another PC. All viruses have been removed but it still will not boot. Gets to the windows loading screen and then reboots over and over again. Not sure what the shell.reg changed. Is there anyway to find out?

Tried using "restore last known good config" and that didn't work. Does it ever? ;)

Thanks,
Alan

Edited by Alan_Jr, 19 February 2011 - 08:02 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:39 PM

Posted 20 February 2011 - 05:23 PM

:welcome:


The Shell.reg only resets the Shell value in the Winlogon key into its default value. It should not contribute to make the computer unbootable.


We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow to determine the reason for the restart loop.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • Lastly type bash query.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named RegReport.txt
  • Plug that USB back into the clean computer and post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. If too large, attach the files to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:39 PM

Posted 20 February 2011 - 07:00 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logss forum where it will stay.

Please remember to click the Watch Topic button at the top right so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:39 PM

Posted 01 March 2011 - 06:38 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users