Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hkey_users Infected On Xp Media Center Edition


  • Please log in to reply
3 replies to this topic

#1 breakxeggs

breakxeggs

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 17 February 2006 - 03:56 PM

On the 16th of this month my computer contracted somewere between 5 to 10 trojan horses all at once. I have fixed/healed or deleted all the files infected but two files remain and popups are still popping up.

the two files that show up in Spybot - Search & Destroy are as follows::
Settings
HKEY_USERS\S-1-5-18\Software\XBTB07618

Settings
HKEY_USERS\.DEFAULT\Software\XBTB07618


(both files have been written exactly as Spybot - Search & Destroy listed them with the word Settings printed above both files)

I believe these to be in my Bootup files because I could not heal/delete them even in Safemode.

I also don't have the boot-up disks for Windows XP Media Center Edition and can't reformate my computer.


Thank you for all your help

BC AdBot (Login to Remove)

 


m

#2 breakxeggs

breakxeggs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 17 February 2006 - 04:07 PM

The spyware program that these are infected by is called Max Search

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:02:11 PM

Posted 17 February 2006 - 04:09 PM

You can download the bootdisks from Bootdisk.com

http://bootdisk.com/bootdisk.htm

Have you tried posting a Hijack This log in our Hijack This forum to correct the problems instead of reinstalling the op system?

#4 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:03:11 PM

Posted 17 February 2006 - 05:33 PM

What anti-spyware program are you using, if any? If you are using Norton, it should find and delete Max Search, as long it is properly updated and working correctly.

Or,

Depending on your level of expertise:

There is a forum here at Bleeping Computer for self help, you can find it HERE.

Or, for help with removing your infection I would like to refer you to the Highjack This (HJT) forum here at BleepingComputer.com:

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait for a response. It can sometimes take a few days.

Third: If, after finishing your work with the folks at the HJT forum you have issues with XP related to the removal of the infection, then come back in here and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users