Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help! cannot remove trojan -- REGEDIT, CMD DOES NOT WORK


  • Please log in to reply

#1
vafmar4

vafmar4

    New Member

  • Member
  • Pip
  • 3 posts
Hello.
Please help me out! I have been browsing and working on this for about a week and nothing fixed!
(initially I had more problems like browsing the web, spitting out http errors and specified method is not supported, or just saying no-output, outlook was not retrieving email kept asking me for my username and password and although they were correct nothing happened --- I have fixed those.) NOW --->

It seems that I cannot open regedit, cmd, regedt32, and other exes from the Start/Run.
When I type it in it seems like soft-rebooting my system or opening the My Documents folder.
I have run any antivirus program I could find. I have Norton Antivirus 360 installed. Nothing. Malwarebytes Anti-malware, Spybot, Ad-aware from Lavasoft, escan... nothing! I also run the Kaspersky Online Scanner (twice) nothing. Also the NOD32 online scanner... nothing.
I did all these from Safe mode while have system restore unchecked.
Hijackthis does not show anything suspicious (as fas as I can tell).
I have also run the Symantec's removal tool for Erkez.b but nothing found to fix.
To be precise, Malwarebytes does not update. I updated to the latest rules.ref from another PC and put it in mine.

Also, I cannot access Mcafee's websites. Still getting error HTTP 505 or 400.

However, when I run every 1-2 hours (while still working on the problem) the Norton antivirus it keeps finding a tracking cookie saying that the risk is low and when I look up the details it always says:
Cookie: [email protected]
cookie: [email protected]
couple of other cookies to some other boggus (to me) sites
and last
cookie: Orpan cleanup.
WINPATROL from time to time asks me if I will allow a change for file type .scr from "%1" to "%1 /s".

Please let me know what further info I can provide to get some advice on this.
Your help is much appreciated!
  • 0

Advertisements


#2
vafmar4

vafmar4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I have actually finally resolved this!
The problem was CATCHME.sys. After running all kind of legit antivirus I could find (which none found the problem) I was finally able to resolve this while running COMBOFIX in safe mode. That was the one that found it and resolved it.
Now, regedit, cmd, and other exes will run from Start/Run normally. I am also able to update Malwarebytes.
Run RegistryBooster successfully. And can now browse Mcafee pages with no errors whatsoever!


My question now is this: ComboFix has the catchme.log in the quarantine folder and the catchme.sys in folder named "C".
Should I manually delete those?? I have manually deleted from the registry the key LEGACY_CATCHME.
Should I post the log from Combofix to get a more expert advice on what to do after?

And another thing I would like some help or info: I am still running Winpatrol and it is still popping from time to time a window asking me if I will allow a change for file type .scr from "%1" to "%1 /s", or allow for file type .exe from "%1 1*" to "%1 %". Is this normal? Should I allow or not?


Thanks a lot in advance for all the help you can give me!

P.S. I run Norton 360, should I report this to them?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP