Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Major problems


  • Please log in to reply

#1
Metal God

Metal God

    Banned

  • Banned
  • PipPip
  • 49 posts
A few weeks ago or a month or so ago, i found like 10,000 files each 1kb each in my shared folder for ares, i didnt download it or neither did anyone from my family, they were all winzip files and they were named like Ball, Duck, Dog, Beach, Ferrari, Cars, in like alphabetical order, i deleted all of them and i didnt open any.

now for the last few weeks my computer wont isntall anything using the windows installer or uninstall anything using the windows installer, i cant access cmd, regedit or msconfig normally, i have to use emergency utilities, i cant find the system32 folder in windows but i can access it through internet explorer, i cant install an antivirus system like norton...any ideas?

Plz dont say reformat
  • 0

Advertisements


#2
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Metal God.

Deleting a bunch of small files from a p2p folder shouldn't do that. Did this stuff start happening right after you deleted those files, or was it not immediate?

Is it InstallShield that gives you those windows installer errors?
When you say you can't access "cmd, regedit or msconfig,” does it give you a specific error, or does it just not show up altogether?

By the way, format isn't in my vocabulary :tazz: Though an xp repair may be. Do you have an xp cd or just recovery discs, it usually depends what brand/model your computer is.

Edited by OwNt, 02 September 2005 - 07:36 PM.

  • 0

#3
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
haha thats good to hear.

Um its the Windows Installer, that msi thing. cmd opens for a like a second, regedit doesnt open msconfig doesnt open, but i can open them using some emergency thing id ownloaded

The problem happened way later after i deleted those files

I do have recovery discs, its ACER, i put them in and looked they dont even run i have no idea how to run those discs
  • 0

#4
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Metal God.

Please either access the registry the way you are with the "emergency" program and go to the area in bold print, or follow these instructions. download RegLite Here.

Copy and paste HKEY_CURRENT_USER\Software\Microsoft\Command Processor into it. It should open that section up, when it does find the entry EnableExtension Under value, is it 0 or 1?

Have you run any spyware/adware/virus scans yet? One of those may have also caused this problem.
  • 0

#5
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
Hi

There is nothing saying value as a title but it does say under data "0x00000001 (1)

Ive run a microsft antispyware scan, but to my knowledge all it has removed was some stuff not directly linking to the computers major files, but i remember my AVG doing something with SystemVolumeInformation, i do not think it deleted it but im not too sure what it did, i set it to quarantine, i dont know if it deleted later if a quarantine failed, and ive removed AVG now anyways so i cant check, and i did not delete the files in the vault so if anything was in there it should be still on the computer.
  • 0

#6
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
hold on i tried this time with the REGLITE it says now : 1 (0x01), which im guessing is a short form right?
  • 0

#7
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Metal God.

That's fine, I was just checking that out. I would like to clarify something though, do msconfig/regedit give an error, or just not appear altogether?

Please leave the value at 1, that is the correct value.

It looks like avg found some suspicious stuff in system restore, don't worry about that. let's see about fixing you up now.

Click Here and download this file, let it extract to the folder pre selected. See if that changes anything for you.
  • 0

#8
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
aight im gonna do that extraction thing now, and msconfig now opens, but regedit doesnt appear.

Thnx for helping this far :tazz:
  • 0

#9
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
extraction done, to C:\windows\system32, 3 files unzipped successfully
  • 0

#10
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
what should i try now? and i tried opening regedit and cmd again it just blinks for a second, a prompt screen like the cmd one opens for less than a second
  • 0

Advertisements


#11
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
nope windows installer still doesnt run it says it cannot be accessed so im guessing the msi is missing or corrupted? i think ive tried reinstalling using a microsoft method, but that failed.
  • 0

#12
Scorpex

Scorpex

    Visiting Staff

  • Member
  • PipPipPip
  • 266 posts
Metal God,

The symptoms you described are most likely due to Malware (sometimes known as Backdoor.Win32.Rbot.pd or P2P-Worm.Win32.Alcan.a)

Please Click here!, and follow the recommendations in the guide. Note: The infection you have will require additional steps to remove but following the guide will possibly reduce the amount of any other malware on your system.

We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and post your log as a new topic in the Malware Removal - Hijack This forum.

Most of what HijackThis lists will be harmless or even essential - DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Scorpex
  • 0

#13
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Way to steal it away Scorpex :tazz: (Just kidding)

Metal God, since this did possibly arise from a p2p application, a worm/virus/malware may likely be the culprit. Although I know of other cases of when the system was free of crap and still did this. Please keep us updated in this thread. Thanks

-OwNt
  • 0

#14
Metal God

Metal God

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 49 posts
yer i will, should i try fixing through something called registrydix?
  • 0

#15
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
registrydix? Could you supply a link please? Thank you

-OwNt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP