Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sality


  • This topic is locked This topic is locked
2 replies to this topic

#1 bblackjr

bblackjr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 05 February 2013 - 02:00 PM

Received friends lptp with boot loop. Used Hiren's to gain access. After removal of a number of infections and finally removing a sality trojan the lptp is left with reduced functionality. No install disk. Have the following hijack log:

Any help would be appreciated

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:22:37, on 2013-02-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
X:\i386\system32\csrss.exe
X:\i386\system32\services.exe
X:\i386\system32\lsass.exe
X:\i386\system32\cmd.exe
X:\i386\system32\svchost.exe
X:\i386\System32\svchost.exe
X:\i386\system32\svchost.exe
X:\i386\System32\svchost.exe
X:\i386\explorer.exe
E:\HBCD\HBCDMenu.exe
X:\i386\system32\msiexec.exe
X:\i386\system32\keybtray.exe
X:\i386\system32\spoolsv.exe
B:\Temp\HBCD\AutoMountDrives.exe
X:\i386\system32\PENetwork.exe
X:\i386\system32\svchost.exe
B:\Temp\HBCD\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O10 - Broken Internet access because of LSP provider 'x:\i386\system32\rsvpsp.dll' missing
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - X:\i386\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - X:\i386\system32\browseui.dll
O23 - Service: DCOM Services (DcomLaunch) - Unknown owner - svchost.exe (file missing)
O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - X:\i386\system32\imdsksvc.exe

--
End of file - 2333 bytes

BC AdBot (Login to Remove)

 


#2 bblackjr

bblackjr
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 05 February 2013 - 04:24 PM

Never mind but thanks anyway. Used NTFS Access in Hirens and was able to solve the remaining issues.

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:17 PM

Posted 05 February 2013 - 04:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users