Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome ( Log In | Register )
Easy as 1,2,3!

7 Pages V  « < 5 6 7  
 Reply to this topicStart new topic
> Google redirects & spybot,hijack this problems
noahdfear
post Nov 18 2009, 05:00 PM
Post #91


Authentic Member
Group Icon

Group: Malware Expert
Posts: 179
Joined: 14-June 05
Member No.: 34,633
Operating System: XP Pro & Vista
Hi arfon,

While working with the serv.txt log you uploaded I noticed that it appears some essential service keys are missing from your registry, and I need to verify. Please load MiniXP and Registry Editor PE, no user hive necessary, then copy and paste the contents of the code box below into a command window.

CODE
@echo off
reg save HKLM\_REMOTE_SYSTEM\ControlSet005\services "%userprofile%\desktop\services.hiv"
exit
cls


A file named services.hiv should appear on the desktop.
Please upload that file to my submission channel.
Go to the top of the page
 
+Quote Post
arfon.jones
post Nov 18 2009, 05:21 PM
Post #92


Authentic Member
**

Group: Authentic Member
Posts: 50
Joined: 4-October 09
Member No.: 88,235
Operating System: windows xp
hi dave
file has been uploaded
arfon
Go to the top of the page
 
+Quote Post
noahdfear
post Nov 18 2009, 05:49 PM
Post #93


Authentic Member
Group Icon

Group: Malware Expert
Posts: 179
Joined: 14-June 05
Member No.: 34,633
Operating System: XP Pro & Vista
Received, thanks!

This may take me a while. wink.gif
Go to the top of the page
 
+Quote Post
noahdfear
post Nov 18 2009, 08:51 PM
Post #94


Authentic Member
Group Icon

Group: Malware Expert
Posts: 179
Joined: 14-June 05
Member No.: 34,633
Operating System: XP Pro & Vista
I found only a couple of inconsistencies and have fixed them.
Please download this file to the MiniXP desktop.
Start Registry Editor PE, no user hive necessary.
Once loaded, double click the downloaded file on the desktop.
When it closes, exit the registry editor, wait for the All Finished message and restart to see if the machine will boot normally.
Go to the top of the page
 
+Quote Post
arfon.jones
post Yesterday, 04:07 PM
Post #95


Authentic Member
**

Group: Authentic Member
Posts: 50
Joined: 4-October 09
Member No.: 88,235
Operating System: windows xp
Hi Dave
sorry to say but the last updated file was not succesful .one thing i noticed on boot up that i havent seen before, just before the windows xp logo with strobing lights
a mesage in top left corner . INVALID BOOT INI FILE
BOOTING FROM C:\ WINDOWS\
dont know if that has any relevance
Many thanks Arfon
Go to the top of the page
 
+Quote Post
noahdfear
post Yesterday, 09:15 PM
Post #96


Authentic Member
Group Icon

Group: Malware Expert
Posts: 179
Joined: 14-June 05
Member No.: 34,633
Operating System: XP Pro & Vista
I'd like to make sure the hive was successfully imported. Please load MiniXP and Registry Editor PE, no user hive necessary, then copy and paste the contents of the code box below into a command window.

CODE
@echo off
reg save HKLM\_REMOTE_SYSTEM\ControlSet005\services "%userprofile%\desktop\services2.hiv"
exit
cls


A file named services2.hiv should appear on the desktop.
Please upload that file to my submission channel.

Next, lets check the boot.ini file. Paste the following into the command window then post the log that opens.

CODE
type c:\boot.ini>%temp%\boot.txt
start notepad %temp%\boot.txt
exit
cls
Go to the top of the page
 
+Quote Post
arfon.jones
post Today, 02:08 PM
Post #97


Authentic Member
**

Group: Authentic Member
Posts: 50
Joined: 4-October 09
Member No.: 88,235
Operating System: windows xp
hello dave
i have posted a services2.hiv to your submission channel . i also ran the second boot ini file but the result in metapad came up blank.
Go to the top of the page
 
+Quote Post
noahdfear
post Today, 02:53 PM
Post #98


Authentic Member
Group Icon

Group: Malware Expert
Posts: 179
Joined: 14-June 05
Member No.: 34,633
Operating System: XP Pro & Vista
The hive appears to have been merged successfully. Please take a look in Local Disk C: using Windows Explorer and tell me what files are there who's name begins with boot (like boot.ini, boot.backup, boot.basevid, etc).

This post has been edited by noahdfear: Today, 02:54 PM
Go to the top of the page
 
+Quote Post
arfon.jones
post Today, 04:13 PM
Post #99


Authentic Member
**

Group: Authentic Member
Posts: 50
Joined: 4-October 09
Member No.: 88,235
Operating System: windows xp
hi there are 2 files
1 boot.backup
2 boot.basevid
Go to the top of the page
 
+Quote Post
noahdfear
post Today, 04:21 PM
Post #100


Authentic Member
Group Icon

Group: Malware Expert
Posts: 179
Joined: 14-June 05
Member No.: 34,633
Operating System: XP Pro & Vista
Please right click the boot.backup file and Rename to boot.ini

Still working on the next attempt at normal bootup.
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

7 Pages V  « < 5 6 7
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2009 - 07:03 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2009  IPS, Inc.