WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Please help....hijacked by trojan
Started by
shalane
, May 07 2006 12:59 AM
25 replies to this topic
#16
shalane
-
- Authentic Member
-
- 23 posts
Authentic Member
Posted 07 May 2006 - 04:50 PM
Register to Remove
#17
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 07 May 2006 - 05:05 PM
The very last line you posted is why the task manager is disabled.
(This one:
[HKEY_USERS\S-1-5-21-2526262675-152405091-742778981-1009\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001
)
I think this is inhibiting changing anything:
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
Can you turn that stuff "off" temporarily?
(This one:
[HKEY_USERS\S-1-5-21-2526262675-152405091-742778981-1009\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001
)
I think this is inhibiting changing anything:
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
Can you turn that stuff "off" temporarily?
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#18
shalane
-
- Authentic Member
-
- 23 posts
Authentic Member
Posted 07 May 2006 - 05:18 PM
Yea I just unistalled it I only putnit on today to try to solve my problem...so what would you recommend for my next step?
#19
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 07 May 2006 - 05:29 PM
Copy and paste the contents of the quote box below into notepad.
Save it as file name: "fixme.reg" (not including the quotes). Save it where you can get to it.
Reboot in "safe" mode.
Log into an account with "Administrator" privileges.
Then, locate fixme.reg and <double-click> it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".
Reboot in normal mode.
Then see if you can access the task manager, and let me know of other problems you are still experiencing.
Save it as file name: "fixme.reg" (not including the quotes). Save it where you can get to it.
REGEDIT4
[HKEY_USERS\S-1-5-21-2526262675-152405091-742778981-1009\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
Reboot in "safe" mode.
Log into an account with "Administrator" privileges.
Then, locate fixme.reg and <double-click> it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".
Reboot in normal mode.
Then see if you can access the task manager, and let me know of other problems you are still experiencing.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#20
shalane
-
- Authentic Member
-
- 23 posts
Authentic Member
Posted 07 May 2006 - 05:47 PM
Hey....You rock!!!! It wouldn't work in safemode so I rebooted in normal mode and it worked.....it seems that I still have quite a few issues and am unsure how to resolve them...baby steps eh!
1) Can't access system restore at all...says it was turned off by administrator I even tried to turn it on in safe mode under administrator but to no avail.
2) I can't access any sites that require a password or my outlook express
3) will not print
4) the windows music plays after my desktop has been loaded for about 45 seconds and reboot is very slow
5) Norton won't start
They may be others but these are the most important right now.....
#21
shalane
-
- Authentic Member
-
- 23 posts
Authentic Member
Posted 07 May 2006 - 06:38 PM
My command prompt has also been disabled as well as my printer drivers....I will keep listing errors as I find them......
#22
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 08 May 2006 - 05:11 AM
Go to:
Start --> Run
In the box type in services.msc then hit <enter> (or click OK)
In the Name column in the next screen look for:
System Restore Service
<Double-click> it.
Tell me what's in the "Startup type" box, and what is the "System status" (right under the "Startup type" box)?
Let's go one step "deeper"...
Copy the text in the following quote box into Notepad:
Save it to your desktop as ff.bat.
Now, <double-click> the ff.bat file on the desktop. A Notepad window will open up.
Please paste it's contents into your next post.
About your email....
Can you access any "secure" sites, such as this one?
IE-Spyad
Start --> Run
In the box type in services.msc then hit <enter> (or click OK)
In the Name column in the next screen look for:
System Restore Service
<Double-click> it.
Tell me what's in the "Startup type" box, and what is the "System status" (right under the "Startup type" box)?
Let's go one step "deeper"...
Copy the text in the following quote box into Notepad:
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" > reg.txt
notepad reg.txt
Save it to your desktop as ff.bat.
Now, <double-click> the ff.bat file on the desktop. A Notepad window will open up.
Please paste it's contents into your next post.
About your email....
Can you access any "secure" sites, such as this one?
IE-Spyad
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#23
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 08 May 2006 - 05:31 AM
And please post a new HijackThis! log also.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#24
shalane
-
- Authentic Member
-
- 23 posts
Authentic Member
Posted 08 May 2006 - 02:34 PM
Hey there, just wanted to thank you for the help. I backed up my pc and reformatted, perhaps I could get a list of your personal best for keeping my pc clean and safe. Thanks tons for all your hard work!
Cheers, Shalane
#25
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 08 May 2006 - 04:47 PM
Post Infection Items To Ponder
Personally, I have Norton Antivirus and Internet Security 2006, I have IE-Spyad installed, Cookiewall, and run Spybot and Ad-Aware once a week.
I'm glad you got your problem solved.
M68
Personally, I have Norton Antivirus and Internet Security 2006, I have IE-Spyad installed, Cookiewall, and run Spybot and Ad-Aware once a week.
I'm glad you got your problem solved.
M68
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
Register to Remove
#26
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 11 May 2006 - 08:25 PM
This topic is now closed.
If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.
If this is not your thread please start a New Topic.
If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.
If this is not your thread please start a New Topic.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
