2009-09-01, 15:41 | Link #1 |
Senior Member
Join Date: Sep 2008
|
A bit of a problem
Last week I got a problem in my computer, making it disable/close/unable to open some of these things
1) Task Manager 2) Yahoo Messenger 3) Yahoo Mail/MSN 4) Norton Anti-Virus 5) Any update etc (that I don't know) Now I got Malwarebytes' and Superantispyware to scan my computer for something bad, (Malwarebytes 2-3 times before PC restore and 1 time after PC restore then 1 time for SAS). Also did AVG before PC restore, but it mess up a bit (it didn't stop scanning). I also downloaded Spybot(?) after the PC restore, but it won't open/run for some reason. Now I can access/do 2, 3, and 5 after PC restore and scanning. Didn't redownload Norton. Still can't access Task manager. I found out I can't access regedit. I remember from the logs (whose I don't have right now) from Malwarebyte's that somethings are hijacking those files that can't easily erased/solved by Malwarbytes' even by restarting, so what do I do now? I think there's still a problem. Any websites that answers this question is also welcome. Thanks in advance |
2009-09-01, 23:50 | Link #2 |
Good-Natured Asshole.
Join Date: May 2007
Age: 34
|
Sounds like malware. Have you tried doing the above in safe mode?
Also, can HijackThis run? If it can, please have it perform a scan and put the logs up here. http://download.cnet.com/Trend-Micro...-10227353.html I'd go for a full format and reinstall if this doesn't work out. That's pretty entrenched in the OS and it'd be difficult to render it completely clean again. |
2009-09-02, 12:39 | Link #4 | |||
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
Quote:
You mean it hangs when you try to go into safemode? Had the same problem recently, need to try a few times for me. Anyway I bolded the potential malware on hijackthis already, the red on being the most suspicious. Regedit seems to be disabled, one of the first few signs of something wrong. Only the dumbest of system administrators managing a network would disable regedit IMO, because it doesn't help to slow infection of malware, only helps to deter port intrusions. 1. Uninstall Google toolbar and Superantispyware. For the latter product, DELETE anything it quarantined. Don't restart your computer yet if it does prompt. 2. Download and run CCleaner. Clean up your registry AND temp files, then go disable system restore. Now you can restart. 3. Backup your Registry if you can access regedit, and quarantine the backup in an antivirus. Delete the stuff I bolded on hijackthis. Before you do that, rename hijackthis.exe with something random like "uguuuguu123456.exe" and set the file as read-only. Post the new hijackthis log here if you can, and if possible, the safemode one too. EDIT : I am not sure if this works, but try if you want, since your computer is pretty much either a test subject or a gone case. Open notepad and copypasta this in : Quote:
This too : Quote:
Run both the .reg files and replace the registry values, then go back to step 3 before my edit to post a new hijackthis log. P.S If they don't work modify the files with these Spoiler for just in case:
I haven't been building .reg files for a bloody long time, close to half a decade.
__________________
Last edited by SaintessHeart; 2009-09-02 at 13:09. |
|||
2009-09-02, 15:45 | Link #5 | ||
Senior Member
Join Date: Sep 2008
|
Quote:
Quote:
I'll try what you said. Thanks for the reply ________________ Unfortunately, that didn't work. Added AVG. Then got up to no. 2 of your step no. 3 seems no go since I still can't access regedit CCleaner is also blocked, after I did no. 2 tried the EDIT: didn't work too here's a log now... Spoiler for hijackthis:
|
||
2009-09-02, 23:22 | Link #6 | ||
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
Quote:
Quote:
Here are some solutions : Go run and type in cmd, press enter. Type in "chkdsk /f", pressing Y when it asks you to. Type in "shutdown -r -t 01". Let it fix any errors then try to boot in safemode for a hijackthis log. If not : 1. Uninstall AVG, CCleaner, Spybot but keep their installation programs (other than AVG). Download Avast! BUT DON'T install it yet. 2. Then download these : http://www.filefactory.com/file/ah52g1c/n/uguu_reg http://www.filefactory.com/file/ah52h1a/n/desu_reg 3. And run uguu.reg FIRST, then desu.reg. You should be able to start up your registry now. Go under HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System Modify ALL the values other than default to 0 (keeping value type as hexadecimal). Then go under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ 4. Modify these values to 1 : AntiVirusDisableNotify FirewallDisableNotify UpdateDisableNotify 5. Install Avast and run a boot scan. If Avast does a restart run uguu and desu and loop the registry modifications before proceeding with the install. 6. Download Scar5's Simple File Shredder to shred out cloaker.exe if you find it on Windows search. At any rate, I need the hijackthis log in safe mode. To try an alternate method in safe mode, go Start>Run and type in msconfig. Under BOOT.INI select /SAFEBOOT. Restart. If it throws the computer into a loop, press F8 and start up in normal mode. If such an error recurrs we are in trouble. I will try and find the solution to that CLOAKER.EXE program on my end.
__________________
|
||
2009-09-03, 01:42 | Link #7 |
Good-Natured Asshole.
Join Date: May 2007
Age: 34
|
CLOAKER.exe looks like an HP driver. He doesn't need it anyway, but I'm much more worried of this one:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 I don't have time to search right now, but I'd prioritize sending that "Pol icies" directory to the sun. |
2009-09-03, 03:41 | Link #8 |
Senior Member
|
It is and the location it's running from is correct according to process library.
Also you shouldn't have more then 1 anti-virus installed since it can cause problems and even I wouldn't have AVG installed since it's a complete and total placebo. |
2009-09-03, 10:19 | Link #9 | |||||
Senior Member
Join Date: Sep 2008
|
Quote:
Quote:
Quote:
Quote:
I'll try your suggestion later SaintessHeart... ___________ Quote:
|
|||||
2009-09-03, 14:42 | Link #10 |
Senior Member
Author
Join Date: Oct 2007
Location: Philippines
Age: 47
|
Waitasec... based on the HJT results, I notice that you seem to be running both Norton Antivirus (probably an old copy) and AVG altogether, which isn't good. Only one antivirus must be running, so you'll have to uninstall the other.
Rename Hijackthis.exe to something like "dehijack.exe" so that any potential trojan running wouldn't see and try to evade its presence. If all other efforts fail, the last-ditch measure is to backup, reformat the whole hard disk, and reinstall the operating system.
__________________
|
2009-09-03, 14:46 | Link #11 | |
Good-Natured Asshole.
Join Date: May 2007
Age: 34
|
Quote:
Oh, another thing: When you're doing all these scans, physically disconnect your computer from the Internet so the malware don't get the chance to redownload and reinstall various nasties that you've removed last time. This means unplugging the ethernet cable if there is one, or taking out the wireless router if that's how Internet works in your house. If taking out the router inconveniences someone else, open your computer and take out the wireless card. If necessary, post back to us on some other computer. [EDIT]: Echoing what the rest said about antivirus software, do go ahead and take out AVG. |
|
2009-09-04, 09:31 | Link #12 | ||
Senior Member
Join Date: Sep 2008
|
Quote:
Quote:
Okay, I tried again after I got (temporarily?) access to regedit after I fix the DisableRegedit through Hijackthis. Though I can't install avast! Last edited by kakakka; 2009-09-04 at 09:55. |
||
2009-09-04, 10:32 | Link #13 | |
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
There are many ways to get something you can't buy. For everything else (i.e Vista), there is Mastercard.
Quote:
I shall be consistent and say : Uninstall AVG. I am not sure if Norton is disabled, but if you can run a boot time scan with it. This is going to be tedious, but if u still can use Regedit help me find out ALL the HKEYs for under the Norton and Symantec keywords using the find. Several HKEYs can be found under different locales, so keep searching until the results repeat themselves. Then right click on the folders and click export to desktop. Finally, right click on the .reg file, select edit, and copypasta everything inside out here under spoiler tags. Life sucks without your personal Windows disk.
__________________
|
|
2009-09-04, 10:57 | Link #14 |
Senior Member
Join Date: Sep 2008
|
For the installation, it doesn't load during the downloading setupeng.exe It closes automatically.
I tried to change the name of the setup..It went as far as asking some sort of agree/decline window. Then it closes (EDIT: I'm trying to do it again now....) I don't have AVG anymore. I don't have Norton anymore (I can't run it anyways, and doesn't do anything active). Here's the curret one... Spoiler for hijackthis:
Last edited by kakakka; 2009-09-04 at 12:50. |
|
|