Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit and regedit.exe infection


  • Please log in to reply
No replies to this topic

#1 croakingfrogs

croakingfrogs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:23 AM

Posted 28 March 2011 - 06:17 PM

This is my first time posting and if this is the wrong area to post, I apologize.

Am working on a machine and have tried everything I can think of and nothing has worked.

Is windows XP, SP3

The taskbar and start button are gone, the desktop icons and wallpaper are fine. Did try extracting explorer.exe file from disk, this did nothing in case this file was corrupt is why I tried this.

Can not install anything. The windows installer will not run and neither do many services (services.msc)

There is no system restore, am told "system restore will not work for you this time, please reboot and try again" or similar message. The copy and paste do not work and can not move desktop icons. They do work when clicked. The search function will not work. Gpedit will not work. Msconfig works to a point. Does boot up slow also


Have had no problems getting on internet and using keyboard, task manager is fine, the 'run' function works when bringing up using keyboard, regedit opens and works fine, using keyboard the start button still does not work and taskbar is not on autohide. That was first thing I tried

Malware-bytes will not run. SUPERAntispyware runs and finds nothing. Spybot search & destroy runs and finds nothing. SFC /scannow finds nothing. Can not install anti-virus either from online or using flash drive. CCleaner does run. Ran esent online scanner which finds nothing. Have tried dunno how many other programs and none have found anything

Did use combofix after trying other programs but before posting here, can not install it but did run from flash drive. Is the only thing that found anything and says rootkit found and it reboots and also says regedit.exe is infected but has not been able to remove either. Have tried in normal, safe mode, as "run as" admin., safe mode admin.

I do know may just have to wipe and re-install but not sure if just wiping the disk gets rid of whatever is in this machine or if would re-appear again.

Thank you in advance for any help / suggestions and have unplugged the infected machine and will do nothing else until / unless advised. Thank you. Hope this is enough info. Thank you

Am adding this part later.

I used another computer with 'autoplay' disabled and scanned the flash drive have used on the infected computer as I can not download & install directly on infected machine and Adware found 2 variants of Win32.Hoax.Renos in the flash drive used on the infected computer. I do not know if this is helpful, thought I would add it in here

Thank you

Edited by croakingfrogs, 29 March 2011 - 12:12 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users