Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"infected by unknown trojan..." [RESOLVED]


  • This topic is locked This topic is locked

#31
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
tried to delete those, but when i close i am unable to save. it says to make sure the path and file name are correct, and will only save as a txt file.

i still have no background. should i try rebooting or something?

Edited by shawshank24, 23 March 2008 - 12:12 AM.

  • 0

Advertisements


#32
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

tried to delete those, but when i close i am unable to save. it says to make sure the path and file name are correct, and will only save as a txt file.

this is a long shot, but try selecting save on the edit menu and the close.

i still have no background. should i try rebooting or something?

give it a shot, but i am pretty sure we will still have to get your desktop background back.

andrewuk
  • 0

#33
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
there's no 'save' under the edit menu. is that what you meant?
  • 0

#34
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
try these:

1. Click Start, click Run, type notepad %windir%\system32\drivers\etc\hosts, and then click OK.

Note If you are prompted to choose a program to open the hosts file with, click Notepad, click to select the Always use the selected program option, and then click OK.
2. Remove those lines 127.0.0.1 www.legal-at-spybot.info and 127.0.0.1 legal-at-spybot.info
3. On the File menu, click Save.
4. Exit Notepad.
5. Restart the computer
  • 0

#35
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
it's the same thing. does this host file not have a file extension? it seems it only will let me save as a txt file.

(what is hosts anyway? it's tons of websites, most of them bad, most of them which i've never been to... sorry, just a side-comment/question!)

Edited by shawshank24, 23 March 2008 - 12:28 AM.

  • 0

#36
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
internet search showed me that spybot search and destroy has a host file editor where you can remove entries...

but the files i want to remove are spybot files, so i don't know if that helps lol...
  • 0

#37
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
aha! i went into the file properties and unchecked 'read-only' and then it allowed me to save it!

just rebooted, i think the computer is running fine. i haven't had the pop-up since the scan that found it, and the BSOD issues have been fairly rare and unpredictable so far. everything seems good.

i still have no desktop background. i go to properties and i have the same one i had before selected, it just doesn't show up. even in the preview, it's not there. my desktop is just black right now.

tried to change the photo, and nothing happens. blank in the preview and the desktop is still just black. went back into it and the original background was selected again, but still not showing up...

Edited by shawshank24, 23 March 2008 - 12:55 AM.

  • 0

#38
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
there is a good explaination here as to what the hosts file is. it serves several purposes, one of which is to block bad sites as explained below:

Block Spyware/Ad Networks - This reason is becoming a very popular reason to use the HOSTS file. By adding large lists of known ad network and Spyware sites into your hosts file and mapping the domain names to the 127.0.0.1, which is an IP address that always points back to your own machine, you will block these sites from being able to be reached. This has two benefits; one being that it can make your browsing speed up as you no longer have to wait while you download ads from ad network sites and because your browsing will be more secure as you will not be able to reach known malicious sites.


but the files i want to remove are spybot files, so i don't know if that helps lol...

the hosts file was effectively blocking those spybot sites

so, we just have your Desktop background to get back now?

andrewuk
  • 0

#39
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
yep, just the background i believe! see my last post for some more details.
  • 0

#40
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
lets see what is in certain Registry Keys.

open a notepad and copy and paste the text in the codebox below:

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system" >> output121.txt

reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" >> output121.txt

save the notepad as runthis.bat to your desktop

on your desktop should appear an icon called runthis.bat. doubleclick runthis.bat and in a short moment a text file should appear called output121.txt

could you copy the contents of output121.txt in your next reply

andrewuk
  • 0

Advertisements


#41
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system
DisableRegistryTools REG_DWORD 0x0


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorAdmin REG_DWORD 0x2
ConsentPromptBehaviorUser REG_DWORD 0x1
EnableInstallerDetection REG_DWORD 0x1
EnableLUA REG_DWORD 0x1
EnableSecureUIAPaths REG_DWORD 0x1
EnableVirtualization REG_DWORD 0x1
PromptOnSecureDesktop REG_DWORD 0x1
ValidateAdminCodeSignatures REG_DWORD 0x0
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0x0
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
FilterAdministratorToken REG_DWORD 0x0
EnableUIADesktopToggle REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
  • 0

#42
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

wallpaper

[Exclude]

[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

  • 0

#43
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
that link to registry search is invalid. do you know an alternate dl location?

Edited by shawshank24, 23 March 2008 - 01:51 AM.

  • 0

#44
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
.....ok, i will go away and think about this.....but it is bed for me. i'll be back later

andrewuk
  • 0

#45
shawshank24

shawshank24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
ok. thanks again for the help andrewuk. can't thank you enough.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP