Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.w32.ep problem + IE not working [RESOLVED]


  • This topic is locked This topic is locked

#31
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Press the "Windows" button and press "R" while the Windows button is being held down.
  • 0

Advertisements


#32
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
even thought my windows XP CD is in, I get a message saying " files that are required for Windows to run properly must be copied to the DLL cache. Insert your Windows XP Professional Service Pack 1 CD now"
  • 0

#33
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Souss,

Let me check a couple of things -

Did you install any software recently ??? or any hardware ???

Do you have any important files on your PC which were created /modified recently??

We may have to do a system restore to a point in recent past when the PC was not giving problems. Let me first check with others on how to best proceed !!!!

Edited by tampabelle, 28 June 2005 - 10:07 AM.

  • 0

#34
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Souss,

Got a bunch of ideas.


Can you see if regedit.exe if there in the C:\Windows\System32 folder ?? Let me know if it is not there.

Can you upload the wininet.dll file at http://virusscan.jotti.org/ and do a scan ??Save the scan report and let me know what it finds.

Can you download winrar from http://www.download....0-10007677.html and install it ??
  • 0

#35
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
1- I could not find regedit.exe in system32
2- Here is the scan report


Service
Service load: 0% 100%

File: wininet.dll
Status: INFECTED/MALWARE
MD5 e166471211c0f662d84e7de5d53179ef
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found Trojan.Oleadm.Callgate
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.2636
F-Prot Antivirus Found nothing
Fortinet Found Nsag.A
Kaspersky Anti-Virus Found Virus.Win32.Nsag.a
NOD32 Found Win32/Oleloa.A
Norman Virus Control Found nothing
VBA32 Found Virus.Win32.Nsag.a

3- I could not install winrar. same message as before appears "...application configuration is incorrect..."
  • 0

#36
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Can you try and copy regedit.exe from C:\Windows\i386 folder into C:\Windows???
  • 0

#37
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
there is no i386 folder in C:\WINDOWS

I have 3 i386 folders located in the following places:

C:\System Files
C:\WINDOWS\Driver Cache
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles
  • 0

#38
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Souss,


Will have to dig deep for ideas !!!!! This seems to be the worst case of smitfraud ever seen by me

Can you check if your XP CD has regedit file?? it might be named as regedit.ex_. Copy it into c:\Windows and rename it as regedit.exe
  • 0

#39
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
my windows CD has 3 regedit files

regedit.ch_
regedit.hl_

and regedit without an extension. when I click on properties it says "type of file: application" and "description: registry editor"

Which one is it?

and do you think we might be done tonite?

Thanks

Edited by Souss, 28 June 2005 - 08:47 PM.

  • 0

#40
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Souss,

try the regedit without the estension just copy it. It has a different icon symbol right ??

We will tackle the rest tomorrow.

Looks like we are getting somewhere now !!!!!!!! YES
  • 0

Advertisements


#41
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Tampabelle,

I noticed there is the same file (regedit with a different icon) in C:\WINDOWS. Should I go ahead and copy the one from the XP CD anyway?

Edited by Souss, 28 June 2005 - 09:01 PM.

  • 0

#42
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Yes copy it from the CD anyway. THis will ensure that the regedit copy is clean !!!
  • 0

#43
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
done and renamed it regedit.exe
  • 0

#44
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please make sure that the file extensions are visible. Open Windows Explorer, click on Tools ---> Folder Options ---> View Tab. Locate the box "Hide extensions for known file types" and uncheck it.

Download the attached files and save it on your PC.

Rename the sm.txt file as sm.reg

Rename the Hosts.txt file as hosts (without any extension)

Also download this file - DelDomains.inf

Copy the text in the Notepad and save this file as sm.bat.

attrib -s -a -h -r %systemdrive%\wp.exe
attrib -s -a -h -r %systemdrive%\wp.bmp
attrib -s -a -h -r %systemdrive%\bsw.exe
attrib -h -a -s -r %windir%\wp.exe
attrib -h -a -s -r %windir%\wp.bmp
attrib -h -a -s -r %windir%\bsw.exe
attrib -h -a -s -r %windir%\sites.ini
attrib -h -a -s -r %windir%\popuper.exe
attrib -h -a -s -r %windir%\system32\hhk.dll
attrib -h -a -s -r %windir%\System32\wldr.dll
attrib -h -a -s -r %windir%\System32\helper.exe
attrib -h -a -s -r %windir%\System32\intmon.exe
attrib -h -a -s -r %windir%\System32\shnlog.exe
attrib -h -a -s -r %windir%\System32\intmonp.exe
attrib -h -a -s -r %windir%\System32\msmsgs.exe
attrib -h -a -s -r %windir%\system32\msole32.exe
attrib -h -a -s -r %windir%\System32\ole32vbs.exe
attrib -h -a -s -r %windir%\System32\shnlog.exe
attrib -h -a -s -r %windir%\System32\intmon.exe
attrib -h -a -s -r %windir%\popuper.exe
attrib -s -a- h -r %windir%\System32\Log Files\*.*
attrib -s -a- h -r %systemdrive%\Program Files\Search Maid\*.*
attrib -s -a- h -r %systemdrive%\Program Files\Security IGuard\*.*
attrib -s -a- h -r %systemdrive%\Program Files\Virtual Maid\*.*
attrib -s -a -h -r %systemdrive%\Program Files\AntiVirusGold\*.*
attrib -s -a -h -r %windir%\System32\LogFiles\A5281300.so
attrib -s -a -h -r %windir%\System32\winnook.exe
attrib -s -a -h -r %windir%\system32\hookdump.exe
attrib -s -a -h -r %windir%\desktop.html
attrib -s -a -h -r %windir%\screen.html
attrib -s -a -h -r %systemdrive%\Program Files\AntiVirusGold


del /q %systemdrive%\wp.exe
del /q %systemdrive%\wp.bmp
del /q %systemdrive%\bsw.exe
del /q %windir%\wp.exe
del /q %windir%\wp.bmp
del /q %windir%\bsw.exe
del /q %windir%\sites.ini
del /q %windir%\popuper.exe
del /q %windir%\system32\hhk.dll
del /q %windir%\System32\wldr.dll
del /q %windir%\System32\helper.exe
del /q %windir%\System32\intmon.exe
del /q %windir%\System32\shnlog.exe
del /q %windir%\System32\intmonp.exe
del /q %windir%\System32\msmsgs.exe
del /q %windir%\system32\msole32.exe
del /q %windir%\System32\ole32vbs.exe
del /q %windir%\System32\shnlog.exe
del /q %windir%\System32\intmon.exe
del /q %windir%\popuper.exe
del /q %windir%\System32\Log Files\*.*
del /q %systemdrive%\Program Files\Search Maid\*.*
del /q %systemdrive%\Program Files\Security IGuard\*.*
del /q %systemdrive%\Program Files\Virtual Maid\*.*
del /q %windir%\system32\hp*.tmp
del /q %windir%\System32\LogFiles\A5281300.so
del /q %windir%\System32\winnook.exe
del /q %windir%\system32\hookdump.exe
del /q %windir%\desktop.html
del /q %windir%\screen.html
del /q %systemdrive%\Program Files\AntiVirusGold\*.*

rd /q %systemdrive%\Program Files\Search Maid
rd /q %systemdrive%\Program Files\Security IGuard
rd /q %systemdrive%\Program Files\Virtual Maid
rd /q %windir%\System32\Log Files
rd /q %systemdrive%\Program Files\AntiVirusGold

Copy hosts %windir%\system32\drivers\etc /y


Run sm.bat

Run regedit and click on File ----> Import. Locate and the file sm.reg and click ok.

Right click on Deldomains.inf and click on Install.

Reboot the PC and post a fresh HJT log
  • 0

#45
Souss

Souss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I can't open notepad. Can I do this in Word?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP