TechSpot

Win32 related problem

By elliotbrady
May 28, 2009
  1. I recently was infected by the Win32 trojan downloader. I managed to run MalwareBytes Anti Malware and remove some of the Programs related, such as WinAV (supposed anti-virus).
    However, my PC is still infected. Whenever I attempt to open a program, I get an error message saying '*** encountered a problem and needs to close'. I can easily move this error message aside and continue to use the program, but after a while the program terminates itself.
    I have located the registry keys which apparently cause the infection. I have deleted a few, however the following keys are 'locked' and i cannot remove them;
    HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
    HKEY_LOCAL_MACHINE\software\classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
    HKEY_CLASSES_ROOT\WinInetApp.WinInet
    HKEY_CLASSES_ROOT\WinInetApp.WinInet.1
    HKEY_CLASSES_ROOT\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}
    HKEY_CLASSES_ROOT\Typelib\{B360243E-09E8-402F-8721-00B6798089AD}
    HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
    HKEY_LOCAL_MACHINE\software\classes\WinInetApp.WinInet
    HKEY_LOCAL_MACHINE\software\classes\WinInetApp.WinInet.1
    HKEY_LOCAL_MACHINE\software\classes\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}
    HKEY_LOCAL_MACHINE\software\classes\Typelib\{B360243E-09E8-402F-8721-00B6798089AD}
    HKEY_LOCAL_MACHINE\software\classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}



    I have used ComboFix to try and remove the above. I also ran MalwareBytes RegAssassin to try and remove the locked keys,but both programs failed.

    Any help would be much appreciated.
    Thanks in advance.
     
  2. elliotbrady

    elliotbrady TS Rookie Topic Starter

    HijackThis logfile

    If it is needed, here is a logfile from HijackThis.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Combofix shoud not be used without the instruction and guidance of a helper.

    Please follow this and attach the three logs when through: http://www.techspot.com/vb/topic58138.html
     
  4. elliotbrady

    elliotbrady TS Rookie Topic Starter

    I had a friend guiding me through the process.
    Anyways, I managed to remove the virus using Spyware Doctor. It is a brilliant program, well worth the small payment. I would reccommend it to anyone suffering from the same problem. Thanks.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good luck. Spyware/adware programs don't usually remove viruses! An antivirus program does.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...