Avatar of 123456
123456Flag for Iran, Islamic Republic of

asked on 

Get rid From Bad Situation(Hijack, Antivirus and Regedit Dont work)

Dear Experts,
I have A real Problem with a Virus or Trojan.
My Os is WinXp with Sp1
I cant Execute Hijackthis.exe .
I can t Install a Antivirus(symantec).
I can t Run Regedit.
When I execute those files windows was shutting down.
I cant do these works on Safe mode Too.
How Can I collect More Information For you?
How Can I get rid From this Situation?


Best  Regards
Hamid Reza

OS SecurityAnti-Virus Apps

Avatar of undefined
Last Comment
rpggamergirl
ASKER CERTIFIED SOLUTION
Avatar of Tolomir
Tolomir
Flag of Germany image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of rindi
rindi
Flag of Switzerland image

Try renaming hijackthis.exe to something else (do that on another PC). Then reboot the bad one into safemode and run the renamed version of hijackthis.
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

I saw Newfolder.exe in each directories too.
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

i dont think virus works based on names.
i did it but this problem existed on that computer.
i think when every file wants to acess to regedit,  it goes  to shutdown mode.

Avatar of younghv
younghv
Flag of United States of America image

You may want to consider removing that hard drive from the computer and 'Slaving' it off another (or using a USB Enclosure).
That way, the AV/Anti-spyware programs on the other computer can do a complete scan.

As rindi suggested, try this: http://danborg.org/spy/hjt/alternativ.exe

Look here: http://www.spywareremove.com/removenewfolderexe.html

Vic
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Is this just when you're running an .exe?
rename hijackthis and change the extension to .com as in hijackthis.com or some.com
Also try renaming regedit.exe to regedit.com and see if it runs.
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

>>You may want to consider removing that hard drive from the computer and 'Slaving' it off another (or using a USB Enclosure). That way, the AV/Anti-spyware programs on the other computer can do a complete scan. <<
Is this way be safe for master Computer?

>>Is this just when you're running an .exe?
rename hijackthis and change the extension to .com as in hijackthis.com or some.com
Also try renaming regedit.exe to regedit.com and see if it runs <<
I test it tommorrow.

hint:
I cant open Task manager in Normal startup(It was closed very fast).
But i Can open Task Manager in Safe mode.






SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
Avatar of younghv
younghv
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

Do you think  this Virus be Familiar For other AV/Anti-spyware  Programs?

Avatar of younghv
younghv
Flag of United States of America image

It is very old (3-4 years) so any AV (and Anti-spyware) program should be able to deal with it.

Vic
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

Can you bring it s name?
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

Is Newfloder.exe Behaviors similar to my conditions?
May be NewFolder.exe is one of the  Existed Viruses on My computer.
I cant see Shutting down in Newfolder.exe specifications.


Avatar of younghv
younghv
Flag of United States of America image

Download and run the "Iddono" removal application from the link I gave you.

Vic
Avatar of rindi
rindi
Flag of Switzerland image

Or use the linux cd that was suggested earlier
SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

rpggarmgirl:
link dont work for me.
Avatar of Tolomir
Tolomir
Flag of Germany image

@ 123456: do you need any help with the Trinity Rescue Kit?

It's really not THAT hard to burn the iso to a CD, boot from it and press a few buttons for a full system scan with current antivirus patterns...

see http://trinityhome.org/Home/index.php?wpid=40&front_id=12 as reference

Tolomir
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

I scanned infected disc from another master disk.
it found many viruses on it. after it i installed symantec antivirus to it but i cant run scan command from it.
also i cant access to regisrery.
this message was raised :
regedit was disable with administrator.

Logfile of HijackThis v1.99.1
Scan saved at 12:36:37 &#1602;.&#1592;, on 2007/03/05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Security Files\hijackthis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [System4224411] D:\WINDOWS\System32\Systemdll.exe
O4 - HKLM\..\Run: [StatusClient 2.6] D:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] D:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "D:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe




SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Ooops sorry rindi, that's what happen when I don't refreshed the page, I duplicated people's advice.


123456,
This link below doesn't work for you? it's a direct download.
Floppy-E Removal Tool.exe.
http://www.atribune.org/ccount/click.php?id=5


Once you let hijackthis fix this entry below, you should be able to access regedit.
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


@ Tolomir,
Thank you so much for helping me, :)





Avatar of rindi
rindi
Flag of Switzerland image

no problem. It happens to me all the time too.
Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

i m home now,
I will do all of the operations tommorrow.

RpgGarnerGirl,
I cant download below file:
http://www.atribune.org/ccount/click.php?id=5
I googled and saw someone couldn t download this file.


Avatar of 123456
123456
Flag of Iran, Islamic Republic of image

ASKER

Many Thanks For your Helps.
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Sorry wasn't here.
I assume problem's solved?

Thanks.
Anti-Virus Apps
Anti-Virus Apps

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

23K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo