Double confirmation by checking logs

[duraiy_india]

i got the same problem with serial99.com and i need to get rid of it asap.

im including logs from combofix, dss, and hijackthis.

Best Solution
===========

Durai>> I realised my system was affected by Serial99 virus with in an hour, because it disables the system shutdown and task manager, Run etc. So what I did is I just restore the system to the previous system restore point. This is working very well and itsvery superb!!

I'm happy now

To do this, open windows system restore option
Start>>Programs>>Accessories>>System Tools>>System Restore.

But one important thing, already you should have enabled the system restore in Windows XP, otherwise thisway is not possible!!!!

How to check whether is it enabled or not,

Right Click My computer and click properties, which opens "System Properties". Choose "System Restore" Tab. In that "Turn off system resource" should NOT be checked.

Happy anti-hacking!!!

One more Note:
I have chose the restore point of the previous week on which my system is not affected by virus. Otherwise restoring the point of day, where already system is affected is no use.

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.

 

[duraiy_india]

From my understanding, serial 99 infects system by taking the control of system thru the Registry and it disables the shutdown, task manager, Run, etc via registry. So I feel this method could be quite good.

Also this is my practical experience. After doing this, I was able to sucessfully accesss Task manager, Run, Shut down etc.

Also, momok what do you mean by "other parts of the system can you please brief it"

Regards,
Durai

Also one thing, all the viruses gets active every login because of these "Core System Files". First to unload the virus from your active memory / process, you need to use the above "Solution".

Regards,
Durai

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.

 

[evilfantasy]

Some malware problems can be solved with System Restore. But, normally you don't get struck with just one infection. If it is a trojan of the vundo variety, it will just recreate itself.

System Restore is not advised for malware removal. It is better to use tools made for removing malware and know everything is gone, rather than to just hope it is gone.

 

[momok]

Well if it was that easy, then there would not be a need for this forum, and dozens of other malware fix forums on the net.

There are plenty of loading points during a system start up that malware reside in. That is why there is a need for a thorough check using software like HijackThis, ComboFix etc. I should reiterate that System restore should never be used as a one-stop fix-all solution.

Serial99 may be a single infection, but malware infections tend to come together. It is not uncommon to see multiple infections on a single system.

By "other parts of the system" I'm referring to other files and folders in the computer. I would still highly recommend you start a new thread to post your HijackThis and ComboFix log for checking just in case it is not clean.

 

[duraiy_india]

See friends, I'm very beginner to this FORUM (just one day old,ok).
I did this solution, luckily this works well and wanted to share it with you all, OK.

Last Friday (7-dec) , seriall 99 infected my system and today (monday, 10 dec) I used this method. As I said ealier, I was able to acess all resources (Shutdown, Run, Task Manager)

Please let me know what kind of reports you want at this moment, to confirm my system is clean (Even I'm not very sure that my system is 100% clean, but I have access to Task manager, run, shutdown etc, but I strongly feel its reverted back to my previous system)

For your information my system was already protected by both AVG anti vir and Symantec AV.

Lets help tech-spot FORUM members!!!!

 

[momok]

Please download HijackThis and ComboFix and run them as per the instructions in Viruses/Spyware/Malware, preliminary removal instructions thread, step 12 and step 15.

Post the logfiles as attachments to this thread for review; we'll give you an all clear if your system is clean, or help you to clean any existing infections.

Regards,
momok