Hijackthis can't access registry

Discussion in 'Malware Help (A Specialist Will Reply)' started by uktab, Dec 15, 2009.

  1. uktab

    uktab Private E-2

    I've done everything in the malware removal guides, and have logs which I'll attach, but Bitdefender is still greyed out, task manager is still disabled and Regedit won't run.

    When I ran mbam and combofix, I got a message both times just before my pc rebooted... "netsh.exe failed to initialse etc etc". It went before I could read it all.

    Tried hijackthis, run as analyse.exe, but when I click to fix the registry disabled=1 object I get a message saying registry editing has been disabled etc. and the changes aren't made.

    This all started when I fixed a laptop that wouldn't boot. I got it running, and downloaded Ccleaner onto my usb stick to install and run on the laptop. I have Bitdefender Total 2009 which scans usb sticks when they are inserted into my own pc, but when I put the stick from the infected laptop back into my pc to scan and clean it, the Bitdefender icon turned grey, and after a couple of scans using sbam and sas, found I had funny ust.avi.exe virus \ killer.exe etc. which explained the disabled items.

    Apart from the problems mentioned at the top of this thread, Firefox won't run any add-ons (No script, Bitdefender online scanner etc) and if I try to access sites with online scanners the pages don't load.

    Please help !
     

    Attached Files:

    uktab, Dec 15, 2009
    #1
  2. uktab

    uktab Private E-2

    The other logs:


    Thanks again
     

    Attached Files:

    uktab, Dec 15, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you tell me what these are:
    C:\BSI32
    c:\program files\ezimercpro ---> I am assuming this one has something to do with a website that was created?

    When you tried to use analyse.exe to remove:
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    Did you make sure to disable all of your AV and AS protection software?

    Please do so now, then Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Dec 18, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds