Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DOS/Alureon.A Trojan (and other variants) Infection and possible Maste


  • This topic is locked This topic is locked

#91
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The admin profile should have full rights.

I appreciate your efforts.


Step 1.

Let's remove the admin access for now.

Open the elevated prompt, type in

net user administrator /active:no

Then close the elevated command prompt box.


Step 2.

Difficult registry merges that appear to not have sufficient privileges.
If you need it here is the BITs.reg file again:
Attached File  BITS.reg   6.14KB   38 downloads


1.Download PsTools,extract from this psexec.exe file and put it in C:\Windows\System32
2.Download fix for BITS service to your desktop.
3..Run cmd.exe with administrative privileges (right click on cmd.exe and choose "run as admin") and type:

psexec -s -i -d C:\WINDOWS\regedit


//This command runs regedit from System account.//

4.Go to File>>Import choose location where you stored BITs.reg file,choose it and apply.

5.Restart Computer


Once restarted try to update and let me know the outcome.
  • 0

Advertisements


#92
cleftuppercut

cleftuppercut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
i am currently attempting to download the updates. However, it has been about 30 minutes and the progress information still shows as 0 KB and 0%. Fingers crossed, but it isn't looking good. One thing I have to report is that when i went to run the regedit program, when I clicked import, I got a popup about the system32 folder not being available on (if i recall correctly) any of the storage devices available, or something similar. Unfortunately, I didn't write it down, so I cant provide the complete transcript of what the popup said. But if this download fails, do you want me to retry the regedit thing so I can provide you with that message?
  • 0

#93
cleftuppercut

cleftuppercut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
All updates just failed. Error code 80246008. Wait. I think I extracted the whole PStools folder into system32, and not just the psexec.exe file. Would that be the possible problem?
  • 0

#94
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Make sure the file psexec.exe is in the c:\windows\system32 directory and not a sub directory beneath it.
  • 0

#95
cleftuppercut

cleftuppercut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
if i re-extract the file into system32, will that work, or will the previous extract of the files interfere?
  • 0

#96
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The only thing that is important is if the file is in the C:\WINDOS\System32\ directory.
  • 0

#97
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Click Start >> Computer >> c: local drive >> Windows >> system32 and make sure that psexec.exe is there. :thumbsup:
  • 0

#98
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Once you have verified the file I need you to run another OTL scan:

Please re-open OTL

  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

Posted Image

  • At the top of the console click the greyed out None button.<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Please copy paste the following lines in the Custom Scans/Fixes box:

    HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open a notepad window, OTL.txt.

Please post the contents.
  • 0

#99
cleftuppercut

cleftuppercut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Back at home. The DNS was not a problem when I set the computer up at home for some reason. Also, I verified that the PsExec.exe file is present in sys32. Here is the OTL log:

OTL logfile created on: 8/16/2012 6:05:12 PM - Run 7
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Bryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 9.23 Gb Available Physical Memory | 77.06% Memory free
23.95 Gb Paging File | 20.82 Gb Available in Paging File | 86.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 36.14 Gb Free Space | 12.93% Space Free | Partition Type: NTFS
Drive D: | 394.18 Gb Total Space | 355.13 Gb Free Space | 90.09% Space Free | Partition Type: NTFS

Computer Name: BRYAN-PC | User Name: Bryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"WOW64" = 1
"ObjectName" = LocalSystem
"DelayedAutostart" = 1
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll
[HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2010/11/20 08:18:08 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2002
"Last Counter" = 2018
"First Help" = 2003
"Last Help" = 2019
"Object List" = 2002
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY-LOCAL-MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

< End of report >
  • 0

#100
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We have a solution from an elevated command prompt :

Go Start > >All Programs >> Accessories
Right click command prompt and select run as administrator
In the black box type the following :

sc delete bits

Reboot and then merge the registry file you downloaded previously
  • 0

Advertisements


#101
cleftuppercut

cleftuppercut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Done :thumbsup: . Merged the BITS file, and received a prompt saying something along the lines of 'these files and values have been successfully added to the registry.' Now what?
  • 0

#102
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Reboot and run updates.
  • 0

#103
cleftuppercut

cleftuppercut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
17~18 updates downloaded and installed! Just let me know what the next step is. :)

Edited by cleftuppercut, 18 August 2012 - 12:58 AM.

  • 0

#104
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.


  • Update Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the the update is finished, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3.

Please post:


mbam log
security check log


Please give me an update on how your computer is doing!
  • 0

#105
cleftuppercut

cleftuppercut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
MBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bryan :: BRYAN-PC [administrator]

8/18/2012 6:10:53 PM
mbam-log-2012-08-18 (18-10-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241928
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP