TechSpot

Infection. Trouble following clean up steps

By mickie
Aug 31, 2009
  1. I have Vista and have just had the misfortune of being infected by Trojan s

    I am trying to do a clean as described,. by following the recommended 8 steps..

    My immediate problem is that after installing HJT and Malwarebytes' Anti-Malware I cannot open either of them ( Although they both did open briefly and then closed down shortly after running them for the first time)

    now when I try to open the I get a message as follows :-

    windows cannot open the specified device path or file you may not have the appropriate permission to acces the item


    any help appreciated Mick
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    What antivirus program were you running originally? Right-click on the program icon you are trying to open and choose "run as Administrator". Tell us what happens
     
  3. Zyldar

    Zyldar TS Rookie Posts: 34

    I've seen some recent infections that cause malwarebytes, spybot s&d, and the rest to Close Down immediately after running them.

    It turned out to be an infection in the registry at:
    My Computer\hkey_clases_root\exefile\shell\open\command
    The right side showed: (default) REG_SZ desot.exe, "%1" %*
    It should only show: (default) REG_SZ "%1" %*
    desot.exe and skynet.sys were the infections.
    (it was on an XP operating system, but may have similiar affects in Vista)


    For Vista, you have a few options:
    1. You can run a system restore (not reformatting - just go back to an earlier date prior to getting the virus - dont go back to far or you'll have to install everying since that date back in your computer). I think the program is called RSTRUI.EXE in the system32 folder. Or you can get to it from the Start Menu in the system tools.

    2. you can try to boot to a Boot Options screen to get to a command prompt. If you know date that you got the infection, you can search the Windows, Windows/system/, Windows/system32/, and Windows/system32/drivers folders & Rename all files with the date you got infected or newer dated files. (This can be dangerous to your operating system if you rename a needed file), so I don't recommend doing this unless you know what you're doing.
    (( look for files with skynet or skynet.sys in the name ))

    3. In Safe Mode, document the background running programs listed in Task Manager and report them here - list services & running programs.

    If you can't run Task Manager, report that too, there are ways around that too.

    Hope that helps.
    Zyldar
     
  4. mickie

    mickie TS Rookie Topic Starter

    Reply ..

    I did try to right click and run as Admin and got the same message ,, as described
    I was able to run task manager in safe mode :-

    here are the processes..

    chrome.exe
    chrome.exe
    csrss.exe
    explorer.exe
    taskmgr.exe
    unsecapp.exe
    winlogon.exe
    wmpnscfg.exe


    I also installed and updated Malwarebytes, then ran it in safe mode.... This also behaved the same way ... It opened then closed down very quickly and after that I was unable to open it. When trying to open it I got the same message as before... :-(
     
  5. mickie

    mickie TS Rookie Topic Starter

    my Antivirus software at the time of infection

    it was AVG
     
  6. mickie

    mickie TS Rookie Topic Starter

    Paniky

    I am getting a bit paniky because I have Photos and other stuff on here...

    It seems to be getting much worse,,,

    the lastest thing I just encountered was a new " Seemingly antivirous softwafre that initiated called "Total Security"


    I still cannot do anything like install / run antivirous/malware exes ..


    Any help would be welcome
     
  7. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    You will have to have you current hard drive removed and have a new clean drive with Windows installed fresh. Then you can have your prize pictures and any documents recovered off the old drive if possible
     
  8. Jawshh

    Jawshh TS Enthusiast Posts: 392

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    ComboFix should never be run unless it is suggested by and guided by a trained malware helper. At this time, there are none available on TechSpot.
     
  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    "ComboFix should never be run unless it is suggested by and guided by a trained malware helper"...

    You're so serious Bobbye :)

    "At this time, there are none available on TechSpot"...

    There will be soon. With all you "trained" malware helpers gone, us untrained malware helpers here on TechSpot, will be well trained soon
     
  11. mickie

    mickie TS Rookie Topic Starter

    OK Guys ... I have given my Lappie to a mate who is dealing with it.... Thanks to all who bothered to answer me ....
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...