Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

system recovery virus (P1kAlMiG2Kb7Fz.exe)


  • Please log in to reply

#46
moogart

moogart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hi
Its seems that i cannot follow the link provided because the unlock button doesn't appear.

thanks
  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Does not work or is not there?

If not work then try putting the UAC slider to the bottom and reboot:

http://www.howtogeek...-windows-vista/

You will get an alarm from the security panel but just ignore it for now. Put the slider back when done of if it doesn't help.

Ron
  • 0

#48
moogart

moogart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hi!
some of my programs are now on the start programs, i have to do each one manually, putting the shortcuts to their folder. But after I restart, I receive this system error.:
Modem.exe - system error
The program cant start because WAITINGFORM.DLL is missing from your computer. Try reinstalling the program to fix this problem
  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Don't know what happened to it but it's part of Smart Bro. You have a Smart Bro program installed on your PC. Uninstall it and download a new copy and reinstall. That should fix that error.
  • 0

#50
moogart

moogart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
hi i uninstall smart bro the reinstalled it, but theres still an error on startup, and also when i open another program, an error pops out, for example i opened yahoo messanger, system error Yimage.dll is missing etc. I think theres a problem on shortcuts that i created earlier.
  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
The missing Smart Bro dll should be at:


C:\Program Files (x86)\SMART BRO\WaitingForm.dll

Is it there? Right click on it and select Properties then Security and make sure you have full control. ZA likes to play games with permissions on files.

If it is then Start, All Programs, Accessories, right click on Command Prompt and Run As Administrator, Continue, and type:

cd  "\Program Files (x86)\SMART BRO"

regsvr32  WaitingForm.dll


Do you get an error message? What does it say? Your other file should be at:
\Program Files (x86)\Yahoo\Messenger\
Is it there? Right click on it and select Properties then Security and make sure you have full control.

cd  "\Program Files (x86)\Yahoo\Messenger"

regsvr32  Yimage.dll


These aren't shortcut issues unless the shortcut has forgotten which folder to run in. You can right click on the shortcut and select properties and it should tell you what folder or directory it is starting in. Should be the same directory that the .exe lives in.

Ron
  • 0

#52
moogart

moogart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
it says
The module waitingfor,.dll was loaded but the entry point dllregisterserver was not found
make sure that waitingform.dll is a valid dll or ocx file then try again
  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
So the file is there and it doesn't need registering.

Let's see if we can reset the permissions:

Copy the next line:

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose


Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator

Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Ron
  • 0

#54
moogart

moogart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
hi

An extended error has occured
The task has completed with an error
see log %windrd%\security\logs\scesrv.log for details
  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I assume it really said %windir% which would be c:\windows.

Can you find the log and attach it?

Are you still getting the dll errors?

Ron
  • 0

Advertisements


#56
moogart

moogart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
yes i still receive the system error

here's the log

-------------------------------------------
Saturday, September 17, 2011 11:42:01 AM
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-19.
Configure S-1-5-20.
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-559.
Configure S-1-5-32-545.
Configure S-1-1-0.
Configure S-1-5-6.
Configure S-1-5-21-753146767-2697306927-1494964165-501.
Configure S-1-5-32-555.
Configure S-1-5-80-0.
Configure S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420.

User Rights configuration was completed successfully.


----Configure Group Membership...
Configure Users.

Group Membership configuration was completed successfully.


----Configure 64-bit Registry Keys...
Configure users\.default.
Configure machine\software.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Macrovision.

Configuration of Registry Keys was completed with one or more errors.


----Configure 32-bit Registry Keys...
Configure machine\software.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Macrovision.

Configuration of Registry Keys was completed with one or more errors.


----Configure File Security...
Configure c:\program files\common files\speechengines\microsoft\tts.
Warning 2: The system cannot find the file specified.
Error setting security on c:\program files\common files\speechengines\microsoft\tts.
Configure c:\programdata\microsoft\windows\drm.
Configure c:\programdata\microsoft\windows\drm\cache.
Configure c:\windows\repair\default.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\default.
Configure c:\windows\repair\ntuser.dat.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\ntuser.dat.
Configure c:\windows\repair\sam.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\sam.
Configure c:\windows\repair\security.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\security.
Configure c:\windows\repair\software.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\software.
Configure c:\windows\repair\system.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\system.
Configure c:\windows\system32\windows media.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\system32\windows media.
Configure c:\windows\syswow64\export.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\export.
Configure c:\windows\syswow64\ias.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\ias.

File Security configuration was completed successfully.


----Configure General Service Settings...
Configure sysmonlog.
Error 1060: The specified service does not exist as an installed service.
Error opening sysmonlog.
Configure SamSs.
Configure ntmssvc.
Error 1060: The specified service does not exist as an installed service.
Error opening ntmssvc.
Configure netddedsdm.
Error 1060: The specified service does not exist as an installed service.
Error opening netddedsdm.
Configure netdde.
Error 1060: The specified service does not exist as an installed service.
Error opening netdde.
Configure dmserver.
Error 1060: The specified service does not exist as an installed service.
Error opening dmserver.
Configure clipsrv.
Error 1060: The specified service does not exist as an installed service.
Error opening clipsrv.
Configure Browser.

General Service configuration was completed successfully.


----Configure available attachment engines...

Configuration of attachment engines was completed successfully.


----Configure Security Policy...
Configure password information.
Administrator account is disabled.
Guest account is disabled.

System Access configuration was completed successfully.
LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
Configure LSA anonymous lookup setting.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.

Configuration of Registry Values was completed successfully.
Configure log settings.

Audit/Log configuration was completed successfully.


----Configure available attachment engines...

Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...
  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Follow the procedure on http://blogs.msdn.co.../04/739820.aspx

Make sure that once you download the file you edit it to replace all the YourUserName with Gestalt. Also change the extension like they say to do.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP