Infected could NOT complete Steps 4 or 5

By eurylino ยท 4 replies
Jan 12, 2010
  1. Computer Info:
    PC: Dell Dimension 3000 Desktop
    OS: Windows XP Home Edition Version 5.1 Service Pack 2


    Fake Windows Security Center: So far I have been able to get rid of this but that is the only thing that is gone. All of my problems started with this malware/virus

    System Restore disabled: I was denied access, fixed that, did a restore then got infected again before I completed "cleaning" computer. Now System restore calendar is blank. Tried the following:
    regsvr32 jscript - COMPLETED
    regsvr32 vbscript - COMPLETED
    regsvr32 /i MSHTML - recieved the following error: MSHTML was loaded, but the DDLRegServer entry point was not found. MSHTML does not appear to be a .ddl or .ocx file.

    MSCONFIG denied access

    Safe Mode Disabled: When I boot up into safe mode a ton of lines run on the screen and it asks to Cancel

    Search Engine Redirect: Some searches are redirected to spy/malware pages

    Indirect User Access: My History is FULL of sites I never went to and sometimes I can hear sites through my speakers that are not open in my browser


    I had the Fake Windows Security Center virus 6 months ago. I was denied access to System Restore and MSCONFIG but Malwarebytes took care of it. I then got McAfee which made my pc run slowly and it allowed this re-infection.

    What I have tried:

    Protection: Uninstalled McAfee and installed Avira. I cannot open Avira. I can open Avira Desktop settings but I cannot open the Scan or the Guard

    Malwarebytes: I downloaded Malwarebytes and renamed the exe file because it wojld not open. This worked but when it came to extractring the files during setup, it took 20 minutes to complete. At teh end of installation when you select run the program nothing happens. I've restarted my pc many times and I cannot open Malwarebytes.

    SuperAntiSpyware: Same as above. I can open it but it either doesn't properly install or if it does install I cannot open it.

    CCleaner: This program runs well. I ran it many times until it came back with no results. My computer is running faster now.

    Updated Java Runtime Environment: I downloaded the latest version and uninstalled all old versions.

    Add/Remove Programs: Removed Utorrent, McAfee Virus Protection and Viewpoint Media Player. Didn't have any other stuff found on lists of apps to remove.

    Hijackthis: Ran this program. Also Scanned my computer with Trend Micro HouseCall and it came back with no viruses. Hijackthis Log Attached

    Rootkit Buster: Ran this program from Trend Micro as well. Log Attached

    What do I do now? PLEASE HELP and thank you in advance all assistance will be greatly appreciated.

    Attached Files:

  2. raybay

    raybay TS Evangelist Posts: 7,241   +10

    How much memory is installed. That seems to be part of the problem... inadequate resources.

    I suggest you first run the free version of Avira Antivir, Malware Bytes, and perhaps SuperAntispyware, as McAfee is not always up to the task when the system is flooded with problems.
    Then get back to us. If you have 512MB or less of memory, you may want to upgrade with another module or two.
  3. eurylino

    eurylino TS Rookie Topic Starter

    ALL ATTEMPTS FAIL...even re-formatting

    I have 512mb of RAM. I could not run any of the anti-virus or malware software. I tried re-naming them and I was able to install but none will open. I uninstalled Internet Explorer and downloaded Foxfire so I could actually use the web.

    I have decided to re-format my hard drive to get rid of these problems once and for all but I havn't been able to do so, I keep being told access denied from the dos prompt when I try it that way. I also get an error when I try to do it through windows telling me a program is accessing my C: drive so it cannot format it. WHAT DO I DO NOW? Anything I try I am blocked
  4. raybay

    raybay TS Evangelist Posts: 7,241   +10

    Why not upgrade the memory, when that is clearly the heart of your problem.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I don't think it has anything to do with memory, Raybay.

    eurylino, please reopen HijackThis to 'do system scan only.'. Check each of the following entries if found:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O1 - Hosts: ***
    O1 - Hosts: 1 #spysweepercass
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - AppInit_DLLs: cru629.dat
    O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\

    Close all Windows except HijackThis and click on "Fix Checked."

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Double click on the setup file on the desktop to run
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • Query- Recovery Console image
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    The rescan with HijackThis.

    Attach the Combofix report, Eset scan log and new HJT log to next reply.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...