Its seems that i cannot follow the link provided because the unlock button doesn't appear.
thanks
system recovery virus (P1kAlMiG2Kb7Fz.exe)
Started by
moogart
, Sep 12 2011 08:19 PM
#46
Posted 16 September 2011 - 04:20 AM
moogart
- Topic Starter
-
- Member
-
- 53 posts
Member
Its seems that i cannot follow the link provided because the unlock button doesn't appear.
thanks
#47
Posted 16 September 2011 - 09:31 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Does not work or is not there?
If not work then try putting the UAC slider to the bottom and reboot:
http://www.howtogeek...-windows-vista/
You will get an alarm from the security panel but just ignore it for now. Put the slider back when done of if it doesn't help.
Ron
If not work then try putting the UAC slider to the bottom and reboot:
http://www.howtogeek...-windows-vista/
You will get an alarm from the security panel but just ignore it for now. Put the slider back when done of if it doesn't help.
Ron
#48
Posted 16 September 2011 - 10:37 AM
moogart
- Topic Starter
-
- Member
-
- 53 posts
Member
Hi!
some of my programs are now on the start programs, i have to do each one manually, putting the shortcuts to their folder. But after I restart, I receive this system error.:
Modem.exe - system error
The program cant start because WAITINGFORM.DLL is missing from your computer. Try reinstalling the program to fix this problem
some of my programs are now on the start programs, i have to do each one manually, putting the shortcuts to their folder. But after I restart, I receive this system error.:
Modem.exe - system error
The program cant start because WAITINGFORM.DLL is missing from your computer. Try reinstalling the program to fix this problem
#49
Posted 16 September 2011 - 10:56 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Don't know what happened to it but it's part of Smart Bro. You have a Smart Bro program installed on your PC. Uninstall it and download a new copy and reinstall. That should fix that error.
#50
Posted 16 September 2011 - 11:50 AM
moogart
- Topic Starter
-
- Member
-
- 53 posts
Member
hi i uninstall smart bro the reinstalled it, but theres still an error on startup, and also when i open another program, an error pops out, for example i opened yahoo messanger, system error Yimage.dll is missing etc. I think theres a problem on shortcuts that i created earlier.
#51
Posted 16 September 2011 - 12:08 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
The missing Smart Bro dll should be at:
C:\Program Files (x86)\SMART BRO\WaitingForm.dll
Is it there? Right click on it and select Properties then Security and make sure you have full control. ZA likes to play games with permissions on files.
If it is then Start, All Programs, Accessories, right click on Command Prompt and Run As Administrator, Continue, and type:
Do you get an error message? What does it say? Your other file should be at:
\Program Files (x86)\Yahoo\Messenger\
Is it there? Right click on it and select Properties then Security and make sure you have full control.
These aren't shortcut issues unless the shortcut has forgotten which folder to run in. You can right click on the shortcut and select properties and it should tell you what folder or directory it is starting in. Should be the same directory that the .exe lives in.
Ron
C:\Program Files (x86)\SMART BRO\WaitingForm.dll
Is it there? Right click on it and select Properties then Security and make sure you have full control. ZA likes to play games with permissions on files.
If it is then Start, All Programs, Accessories, right click on Command Prompt and Run As Administrator, Continue, and type:
cd "\Program Files (x86)\SMART BRO" regsvr32 WaitingForm.dll
Do you get an error message? What does it say? Your other file should be at:
\Program Files (x86)\Yahoo\Messenger\
Is it there? Right click on it and select Properties then Security and make sure you have full control.
cd "\Program Files (x86)\Yahoo\Messenger" regsvr32 Yimage.dll
These aren't shortcut issues unless the shortcut has forgotten which folder to run in. You can right click on the shortcut and select properties and it should tell you what folder or directory it is starting in. Should be the same directory that the .exe lives in.
Ron
#52
Posted 16 September 2011 - 12:15 PM
moogart
- Topic Starter
-
- Member
-
- 53 posts
Member
it says
The module waitingfor,.dll was loaded but the entry point dllregisterserver was not found
make sure that waitingform.dll is a valid dll or ocx file then try again
The module waitingfor,.dll was loaded but the entry point dllregisterserver was not found
make sure that waitingform.dll is a valid dll or ocx file then try again
#53
Posted 16 September 2011 - 12:42 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
So the file is there and it doesn't need registering.
Let's see if we can reset the permissions:
Copy the next line:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator
Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
Ron
Let's see if we can reset the permissions:
Copy the next line:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator
Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
Ron
#54
Posted 16 September 2011 - 09:08 PM
moogart
- Topic Starter
-
- Member
-
- 53 posts
Member
hi
An extended error has occured
The task has completed with an error
see log %windrd%\security\logs\scesrv.log for details
An extended error has occured
The task has completed with an error
see log %windrd%\security\logs\scesrv.log for details
#55
Posted 16 September 2011 - 09:33 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
I assume it really said %windir% which would be c:\windows.
Can you find the log and attach it?
Are you still getting the dll errors?
Ron
Can you find the log and attach it?
Are you still getting the dll errors?
Ron
#56
Posted 16 September 2011 - 09:43 PM
moogart
- Topic Starter
-
- Member
-
- 53 posts
Member
yes i still receive the system error
here's the log
-------------------------------------------
Saturday, September 17, 2011 11:42:01 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-19.
Configure S-1-5-20.
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-559.
Configure S-1-5-32-545.
Configure S-1-1-0.
Configure S-1-5-6.
Configure S-1-5-21-753146767-2697306927-1494964165-501.
Configure S-1-5-32-555.
Configure S-1-5-80-0.
Configure S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420.
User Rights configuration was completed successfully.
----Configure Group Membership...
Configure Users.
Group Membership configuration was completed successfully.
----Configure 64-bit Registry Keys...
Configure users\.default.
Configure machine\software.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Macrovision.
Configuration of Registry Keys was completed with one or more errors.
----Configure 32-bit Registry Keys...
Configure machine\software.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Macrovision.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files\common files\speechengines\microsoft\tts.
Warning 2: The system cannot find the file specified.
Error setting security on c:\program files\common files\speechengines\microsoft\tts.
Configure c:\programdata\microsoft\windows\drm.
Configure c:\programdata\microsoft\windows\drm\cache.
Configure c:\windows\repair\default.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\default.
Configure c:\windows\repair\ntuser.dat.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\ntuser.dat.
Configure c:\windows\repair\sam.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\sam.
Configure c:\windows\repair\security.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\security.
Configure c:\windows\repair\software.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\software.
Configure c:\windows\repair\system.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\system.
Configure c:\windows\system32\windows media.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\system32\windows media.
Configure c:\windows\syswow64\export.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\export.
Configure c:\windows\syswow64\ias.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\ias.
File Security configuration was completed successfully.
----Configure General Service Settings...
Configure sysmonlog.
Error 1060: The specified service does not exist as an installed service.
Error opening sysmonlog.
Configure SamSs.
Configure ntmssvc.
Error 1060: The specified service does not exist as an installed service.
Error opening ntmssvc.
Configure netddedsdm.
Error 1060: The specified service does not exist as an installed service.
Error opening netddedsdm.
Configure netdde.
Error 1060: The specified service does not exist as an installed service.
Error opening netdde.
Configure dmserver.
Error 1060: The specified service does not exist as an installed service.
Error opening dmserver.
Configure clipsrv.
Error 1060: The specified service does not exist as an installed service.
Error opening clipsrv.
Configure Browser.
General Service configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Configure Security Policy...
Configure password information.
Administrator account is disabled.
Guest account is disabled.
System Access configuration was completed successfully.
LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
Configure LSA anonymous lookup setting.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configuration of Registry Values was completed successfully.
Configure log settings.
Audit/Log configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...
here's the log
-------------------------------------------
Saturday, September 17, 2011 11:42:01 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-19.
Configure S-1-5-20.
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-559.
Configure S-1-5-32-545.
Configure S-1-1-0.
Configure S-1-5-6.
Configure S-1-5-21-753146767-2697306927-1494964165-501.
Configure S-1-5-32-555.
Configure S-1-5-80-0.
Configure S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420.
User Rights configuration was completed successfully.
----Configure Group Membership...
Configure Users.
Group Membership configuration was completed successfully.
----Configure 64-bit Registry Keys...
Configure users\.default.
Configure machine\software.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Macrovision.
Configuration of Registry Keys was completed with one or more errors.
----Configure 32-bit Registry Keys...
Configure machine\software.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Macrovision.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files\common files\speechengines\microsoft\tts.
Warning 2: The system cannot find the file specified.
Error setting security on c:\program files\common files\speechengines\microsoft\tts.
Configure c:\programdata\microsoft\windows\drm.
Configure c:\programdata\microsoft\windows\drm\cache.
Configure c:\windows\repair\default.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\default.
Configure c:\windows\repair\ntuser.dat.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\ntuser.dat.
Configure c:\windows\repair\sam.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\sam.
Configure c:\windows\repair\security.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\security.
Configure c:\windows\repair\software.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\software.
Configure c:\windows\repair\system.
Warning 3: The system cannot find the path specified.
Error setting security on c:\windows\repair\system.
Configure c:\windows\system32\windows media.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\system32\windows media.
Configure c:\windows\syswow64\export.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\export.
Configure c:\windows\syswow64\ias.
Warning 2: The system cannot find the file specified.
Error setting security on c:\windows\syswow64\ias.
File Security configuration was completed successfully.
----Configure General Service Settings...
Configure sysmonlog.
Error 1060: The specified service does not exist as an installed service.
Error opening sysmonlog.
Configure SamSs.
Configure ntmssvc.
Error 1060: The specified service does not exist as an installed service.
Error opening ntmssvc.
Configure netddedsdm.
Error 1060: The specified service does not exist as an installed service.
Error opening netddedsdm.
Configure netdde.
Error 1060: The specified service does not exist as an installed service.
Error opening netdde.
Configure dmserver.
Error 1060: The specified service does not exist as an installed service.
Error opening dmserver.
Configure clipsrv.
Error 1060: The specified service does not exist as an installed service.
Error opening clipsrv.
Configure Browser.
General Service configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Configure Security Policy...
Configure password information.
Administrator account is disabled.
Guest account is disabled.
System Access configuration was completed successfully.
LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
Configure LSA anonymous lookup setting.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configuration of Registry Values was completed successfully.
Configure log settings.
Audit/Log configuration was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...
#57
Posted 17 September 2011 - 12:35 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Follow the procedure on http://blogs.msdn.co.../04/739820.aspx
Make sure that once you download the file you edit it to replace all the YourUserName with Gestalt. Also change the extension like they say to do.
Ron
Make sure that once you download the file you edit it to replace all the YourUserName with Gestalt. Also change the extension like they say to do.
Ron
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
