Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Google Chrome Not Working


  • This topic is locked This topic is locked
67 replies to this topic

#46 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 02:34 AM

try it in C:\ by typing: cd\

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

    Advertisements

Register to Remove


#47 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 02:38 AM

Hi, I don't think that also would work. Please hang tight as I'll ask my colleagues about this. Thanks.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#48 Shiftlemac

Shiftlemac

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 28 April 2010 - 02:52 AM

Hey, yeah, that didn't work either. I'll hang tight :)

#49 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 03:01 AM

Hi,

Reboot to OTLPE.

Then open your OTLPE folder and navigate to :\PROGRAMS\RegistryEditorPE, can you see RegistryEditorPE.exe there?

If so please double click it, see if it loads your remote registry.

Edited by inzanity, 28 April 2010 - 03:02 AM.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#50 Shiftlemac

Shiftlemac

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 28 April 2010 - 03:15 AM

Hi, yes, there's a link to it on the desktop as well. It starts but then prompts me to "Select the remote Windows directory", and I have no idea what to then select..... (i.e. where does the registry live?!) Thanks, Mark

#51 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 03:19 AM

It's in your C:\Windows, expand C: by clicking on the "+" sign then go to C:\windows, click OK. It will now select the SAM hive, just click on open on the pop ups to load the registry hive.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#52 Shiftlemac

Shiftlemac

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 28 April 2010 - 03:36 AM

Ok, I'm in... I can navigate to HKEY_LOCAL_MACHINE, and then there's a variety of different possibilities: \SYSTEM\CurrentControlSet\Services contains "iastor55", "iastor70", "iastor78" and "iastor86". \_REMOTE_SYSTEM\ contains ControlSet001, ControlSet002 (and ControlSet003), the first two of which contain \Services\iastor keys, and all of those interestingly have an ImagePath key with a value of "system32\drivers\tsk29.tmp" - the file that came up a while ago as a problem when running GMER. Thanks, Mark

#53 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 03:47 AM

Alright! :thumbup:

Let's do this:

If you are not able to save in OTLPE, create this fix in your other pc then save them in you flash drive.

Insert it into the infected pc then double click it to run.

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the text inside the Code box into it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iastor]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,61,00,53,00,74,00,6f,00,72,\
00,2e,00,73,00,79,00,73,00,00,00

Save this as fixme.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry.

--Next--

Reboot your computer then remove OTLPE disc. Reboot in normal mode.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#54 Shiftlemac

Shiftlemac

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 28 April 2010 - 03:58 AM

Hey, no luck :( Well, I ran the fix and it said it had successfully added it to the registry, but I still get the same error message when I try and reboot normally..... Thanks, Mark

#55 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 03:59 AM

Boot using OTLPE again please then navigate to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStor

Post back what it says.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

    Advertisements

Register to Remove


#56 Shiftlemac

Shiftlemac

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 28 April 2010 - 04:13 AM

There's no "iaStor" in there. There's a iastor55, 70, 78 and 86, like in the "CurrentControlSet". I presume the above code should have added an "iastor"? ..... Mark

Edited by Shiftlemac, 28 April 2010 - 04:14 AM.


#57 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 04:15 AM

Should be in ControlSet001, my mistake there. Run the second fix I've posted for ControlSet001 please. Thanks.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#58 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 04:22 AM

\_REMOTE_SYSTEM\ contains ControlSet001, ControlSet002


Can you tell me the exact path here?

Is it HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\ControlSet001\Services\iaStor?

If so please hold off the fix for now.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#59 Shiftlemac

Shiftlemac

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 28 April 2010 - 04:37 AM

Hi, ok I ran the fix before I saw the latest message, but having rebooted, I can't see either of the two keys I thought I'd added (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iastor or HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iastor). I'm guessing that's because we need to look at _REMOTE_SYSTEM instead? Anyway, as far as your most recent comment goes, the exact paths are: 1) HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\ControlSet001\Services\iastor (no capital "s") which contains 8 keys, including an "ImagePath" with a value of system32\drivers\tsk29.tmp 2) HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\ControlSet002\Services\iastor (identical to the above) Both also contain "Parameters" subfolders. Thanks, Mark

#60 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 28 April 2010 - 04:41 AM

Hi,

Yes that was my mistake. Run this fix please:

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the text inside the Code box into it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\ControlSet001\Services\iastor]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,61,00,53,00,74,00,6f,00,72,\
00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\ControlSet002\Services\iastor]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,61,00,53,00,74,00,6f,00,72,\
00,2e,00,73,00,79,00,73,00,00,00

Save this as fixme.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry.

--Next--

Reboot your computer then remove OTLPE disc. Reboot in normal mode.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users