Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse generic


  • This topic is locked This topic is locked

#31
Cat5

Cat5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Agent ST,

Here is the update. The computer would not boot normally. It gave me the following message, Windows root>\system32\hal.dll Please re-install a copy of the above file.

Thank you :-)
  • 0

Advertisements


#32
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please boot back into OTLPE and open up OTL and run this OTL fix for me:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - [2011/09/03 15:05:17 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\3415913608 -- (88b49acb)
    O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast") - File not found
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/09/03 15:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3415913608
    [2011/09/02 06:46:39 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\aqaeidou.dll
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safe List
  • Under Custom Scan paste this in


    netsvcs
    drivers32
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\*.exe
    /md5start
    hal.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %ProgramFiles%\Microsoft Common\*.*
    %USERPROFILE%\Favorites\*.url /x
    %USERPROFILE%\Cookies\*.txt /x
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

  • 0

#33
Cat5

Cat5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Agent ST,

I've been absolutely swamped at work. I won't be able to work on the computer until some point tomorrow.
I hope you are having a good weekend so far!
  • 0

#34
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Cat5!

Thanks for letting me know you're still with me.

I'm so glad the weekend is finally here!! I hope you're enjoying the weekend as well!

Kindest Regards,
Agent ST
  • 0

#35
Cat5

Cat5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Agent ST,

I tried to boot back into OTLPE and again it was giving me the Runscanner error Target folder is not Windows 2000 or later message. I ran the CHKDSK utility and re-booted, now that won't even work and it is still giving me the error message.
  • 0

#36
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Cat5!

Oh no!! That is not good at all! This infection is pretty nasty and it appears it's done some pretty severe damage to your computer.

At this point, I think your best option is going to be to reformat and re-install your operating system.

I wish the results could have been different, but we've reached the end of the line in terms of what we can do to try and remove the infection and recover the infection.

Kindest Regards,
ST.
  • 0

#37
Cat5

Cat5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Agent St,

I was afraid that was going to be the result. Do you know if there is a way to back up my data at this point? Thankfully nothing major is stored on that computer, but it does contain all of my pictures and music files and I would like to retrieve them if possible. Oh man I don't even have a clue where my Windows disk even is. This should be fun! Thank you so much for all of your help!
  • 0

#38
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I know a colleague of mine mentioned the use of a commercial recovery software, but they had no idea how successful it would be nor, which one would work the best.

I'm going to suggest that you post in the Windows XP forum and see if the techs have any suggestions for things to try and retrieve some of the data off of it.

When you post in the Windows XP forum, please post a link back here to the new thread, so that I can follow it, and ensure that a tech responds to it.

Kindest Regards,
ST.
  • 0

#39
Cat5

Cat5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
http://www.geekstogo..._1#entry2071068

Here is the link to the data recovery topic in the XP forum. I am about to try what has been suggested, maybe for some crazy reason it will actually let me access the drive this time.
  • 0

#40
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

Advertisements


#41
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP