TechSpot

I recovered, so how

By God Of Mana
Apr 8, 2008
  1. I was recently infected by a Win 32/Virut.A It caused a few .exe files to stop working, fixed the problem by using AVG, hyjacked and was clean, i fear it has infected run32dll.exe...

    I cant open the option of user accounts, the cursor turns to the working in background one for a split second and nothing else happened. (im running 4Gb ram and 3.33Ghz...don't tink its a speed problem) but nothing happens...soo..whats up with that?
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    How about you post your latest Hijackthis log
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I have a suggestion- worry about a good, updated antivirus program and at least 2 spyware/adware programs instead of all the useless software you were asking about.
     
  4. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Bobbye, please stop..ok..just stop...

    Ill post the hijack log soon.
     
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Whenever you are ready.
     
  6. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    soon as in tommrow, computer's homw, im in work ;)
     
  7. jobeard

    jobeard TS Ambassador Posts: 9,322   +620

    Our first priority ought to be to answer the question(s) or solve the problem posted when possible.

    Then we can make recommendations for alternatives we believe would be applicable.
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Yea, can't do much without a log to show us what you have or what you don't have
     
  9. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Logfile

    So sorry it took so long.
    Had a bit of a vacation issue.


    This is a scan directly after start up:
    Atttached
     

    Attached Files:

  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update Tab at the top of the Java console
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder



    You aren't running Firewall Software. Please download and install one of these first!

    Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
    Comodo
    Kerio
    Online Armor
    Zonealarm



    To get back control of your task manager/user accounts/registry editor please try this (It won't fix the infection only the policies that have been changed)
    Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

    • Double-click FixPolicies.exe
    • Click the Install button on the bottom toolbar of the box that will open.
    • The program will create a new Folder called FixPolicies
    • Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
    • A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.



    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



    Afterwards run a new scan with Hijackthis and attach here with the MBAM log
     
  11. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    It makes no sense having firewall software, I don't have internet at home... ill do everything else tho.
    Thanks alot Blind dragon :)
    (lord, a ultimate pc and no connections)
     
  12. jobeard

    jobeard TS Ambassador Posts: 9,322   +620

    that would be correct then; no internet, no need for a firewall.
    Keep the default windows version, for that day when you do get an ISP :)
     
  13. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    ok malwarebyte found 6 problems and regdit was re enabled...but i still can't access the options for user accounts and folder options
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    1) It is an entry in your registry that can be fixed but you are more than likely still infected.

    2) You aren't posting any logs to look at so I can not give any further advice without seeing what you are dealing with
     
  15. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493


    Ok ill post one soon
     
  16. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Log attached
     
  17. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    ----bump---
     
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok this should show the affected registry entry

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
  19. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    ok thanks..ill be back soon
     
  20. God Of Mana

    God Of Mana TechSpot Paladin Topic Starter Posts: 493

    Fixed the user accounts problem, the Win32virut destroys .exe files, restored it from another computer.


    Used avg 8...fixed 42,679 registry problems... XD
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...