TechSpot

Can't run regedit after infections

By ericks
May 27, 2009
  1. Man, do I need some help with my daughter's computer. She called saying her PC keeps crashing.

    First look I found:
    Yes, computer crashed, with 'no hard drive found' on reboot.

    Finally rebooted, ran PCDoctor > 150+ infections, ran Malwarebytes > 50+ infections.
    cleared those, but McAfee security center did not appear to be functioning properly. Cannot get to site for updates, nor any security sites. Tried running regedit, screen blanks and then give me initial screen. will not run, nor will anything from 'Run'.

    Created alt 'msconfig' and that runs, alt regedit still will not.

    I found she was still on XP - SP2, tried to update to SP3, could not download from Microsoft.

    Could not reinstall McAfee, (opted for the download option) and whatever is in there blocks the re-install. Last definition update was 5/9.

    I ran the 8 Step fix. It helped somewhat. I keep running scans, each one keeps finding yet another infection. I finally was able to run a McAfee scan (first one stopped the scan after I saw '2 infections' flash on the screen). McAfee found and deleted more. I ran MS Malicious Software Removal Tool after all scans were clean. It found 1 Trojan - Win32/Alureon.

    Finally got to install SP3 this morning, thought that might repair some things. No.

    Thought about doing a Restore Point, all restore points before May 13 are gone. I have no way to know if that one is good, but I would doubt it. I'm figuring that is about when things went south.

    Notes on attachments: include first and last logs for 'mbam' and 'SUPER'

    Does anyone have any ideas? Or am I just toast? How can I restore OS functionality and clean out the infections once and for all (or at least this iteration?) I know a rebuild will fix it, but I would like to avoid that. (I spent 2 weeks on my wife's PC)

    Thanks, Eric


    <><><><><><><><><><><><><><><><><><><><><><><><><>
    Update: 10:30 CDT
    I've been working on this for a while. More clues:

    It appears my problems started after KER.EXE installed itself. (since removed)

    Could not RUN > COMMAND - it gave me an error on AUTOEXEC.NT

    Tried to boot in safe mode w/ command prompt. It did not come up with a command prompt. Managed to copy AUTOEXEC.NT from my PC to my daughter's PC (file was missing). COMMAND successfully runs.

    Tried regedit again, would not run. Copied regedit.exe regedit.com. From command prompt I ran c:\windows "Start regedit.com". Regedit runs!

    Checked HKLM\Software\classes\exefile\shell\open\command set to "%1" %*

    Now, I still cannot get to McAfee.com to update my virus definitions.

    New questions are: What do trojans do to block access to security sites? Since I now have access to the registry, what should I look for set or reset?

    Eric
     
  2. touch

    touch TS Rookie Posts: 978

    Hello ericks

    We need to get a comprehensive report of what is present in your system.
    Please download DDS: http://download.bleepingcomputer.com/sUBs/dds.scr
    to your Desktop and doubleclick on DDs.scr to run it.
    If your security software includes script blocking features, please disable these before you run this utility.
    When the scan has finished, two logs will open. Copy and paste both reports in this topic.
    The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
     
  3. ericks

    ericks TS Rookie Topic Starter

    Touch,
    Thanks for getting back to me. I finally got fed up last night and formatted my drive and reinstalled my operating system. I waited for a while but needed get this task off my plate. I'll keep this in mind.

    Thanks again.
    Eric
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...