Access to Command Line

Discussion in 'Malware Help (A Specialist Will Reply)' started by stu247, Apr 6, 2006.

  1. stu247

    stu247 Private E-2

    Hi

    I originally posted in the software forum asking why I couldn't access the command line. I was redirected to this forum and followed the instructions for removing malware. This appears to have solved my problem but I would appreciate if someone could check the attached files to confirm I have no further issues.

    Many thanks
     

    Attached Files:

    stu247, Apr 6, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Did you download and install the below password stealing trojan yourself?
    Code:
     
Hacktool:Hacktool/MSNpass.B Not disinfected C:\Documents and Settings\Stu\My Documents\Problem Solvers\MessenPass\mspass.exe 
Hacktool:Hacktool/MSNpass.B Not disinfected C:\Documents and Settings\Stu\My Documents\Problem Solvers\mspass_setup.exe[mspass.exe]
    Read this: http://www.bleepingcomputer.com/startups/MSpass.exe-13318.html

    Look in Add/Remove programs and uninstall StripSaver2 if found.

    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now reboot into Safe Mode and use Windows Explorer to delete the below:
    C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.130
    C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.047
    C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.073
    C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.043
    C:\WINDOWS\SYSTEM32\cache32_rtneg3
    C:\Program Files\StripSaver2 <--- the whole folder

    Now reboot and tell me how things are working.
     
    Last edited: Apr 7, 2006
    chaslang, Apr 7, 2006
    #2
  3. stu247

    stu247 Private E-2

    Thanks for the response

    The hacktool I downloaded from MajorGeeks covert ops section while bored and it didn't work!

    Stripsaver2 was not found via add and remove programs.

    Fixme.reg worked fine.

    When I rebooted to safe mode I was asked to end unreponsive programs:

    .Net Broadcast window - which has happened previously don't know if this is a problem?

    Cardreader lookup window - have not had this occur before

    Deleted all the files you specified without problems, and I am sure my system is booting quicker and is more responsive.

    Thanks for your help
     
    stu247, Apr 7, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not sure what those are for but they are not malware problems. Probably related to some software/hardware on your system. As long as it does not happen in normal boot mode you are probably okay.

    If you want to improve boot time some more and improve system performance, also have HJT fix the below unnecessary lines:
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    You can also fix the below as they can be run from the Start Menu but these are up to you if you really need the icon in your tray but they do waste resources and slow startup.
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

    The below is not needed. It speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly. Do you really load that many PDF files where this is worthwhile to always have running?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    The below osa.exe is Microsoft Office Startup. It launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
     
    Last edited: Apr 7, 2006
    chaslang, Apr 7, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds