Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery Virus Aftermath


  • Please log in to reply
3 replies to this topic

#1 rookiepc

rookiepc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 08 June 2011 - 12:30 AM

I am running WinXP SP3. My computer got infected with the windows XP recovery virus, and I was able to remove it - at least that's what I think. I was able to recover the icons on my desktop - even though they look like hidden files - but I am not able to see the programs, and I am not able to update Malwarebytes. I tried to install it from scratch, and I am able to download the file, the install starts, but right before it completes, I get the error ACESS DENIED. I have MSE and it has the latest version. I run a full scan and this is what it found:

Trojan:Win32/Alureon.EP
Trojan:Win32/Alureon.EZ
Trojan:Win32/Sirefef

After the reboot, I am still having the same issue - unable to see programs and update Malwarebytes. I started to look for a solution, and found this website.

I installed Rkill, and it worked fine - I think - but still not able to update Malwarebytes.

Please let me know what further information you need in order to assist me further with this issue.

Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:23 AM

Posted 08 June 2011 - 06:37 PM

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 rookiepc

rookiepc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 08 June 2011 - 07:46 PM

Hi Broni, I was abel to fix the issue by downloading Unhide.exe by Grinler - I found it in one of the post. Once I had them back, I noticed that that the windows security was not updating. I ended up re-regestering the following:

■REGSVR32 WUAPI.DLL
■REGSVR32 WUAUENG1.DLL
■REGSVR32 ATL.DLL
■REGSVR32 WUPS2.DLL
■REGSVR32 WUCLTUI.DLL
■REGSVR32 WUPS.DLL
■REGSVR32 WUWEB.DLL
■REGSVR32 WUAUENG.DLL

After all these, I was able to update every single program successfully. Computer is working fine now. I am not sure if you need me to still run Rootkit Unhooker. Let me know.

Thanks for your reply.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:23 AM

Posted 08 June 2011 - 07:48 PM

Good job :)

I'd like to see RKUnhooker log, if you don't mind.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users