Ofc problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by TTKRINGU, Dec 3, 2011.

  1. TTKRINGU

    TTKRINGU Private E-2

    Hi guys.I hope you can help me.
    My problems are disabled task manager,registry editing, problems with some games,i cant run PC in safe mode at all(maybe my pc have some other problems but i am not aware of them).

    Every time i run Malwarebytes (i have it a year or so) scan always shows this:



    Pum.Disabled.Security center

    Pum.Disabled.Security center

    Pum.Disabled.Security center

    Pum.Hijack.Regedit

    Pum.Hijack.Taskmanager

    Trojan.Downloader(this one is always in temp folder of Local settings and always has different random name)

    After that i always check all boxes click remove ,restart pc and remove files from bytes quarantine(my problems are still there at this point).I repeat that procedure few times in month and i always update Malware.Those things always come back.

    I followed all steps but i couldnt run MGTOOLS because error Registry Editing has been disabled by your administrator" show and scan never start.

    I still have problem.

    Thank you in advance and sorry English is not my native language.
     

    Attached Files:

    TTKRINGU, Dec 3, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    ClearJavaCache::
KILLALL::

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

    Now see if you can run MGTools and get us a log.
     
    TimW, Dec 3, 2011
    #2
  3. TTKRINGU

    TTKRINGU Private E-2

    Thank you for fast response and for your time.
    Btw i forgot to mention system restore is always off on my computer(i prefer that way) but after all this scans is on now.
    I did as you said.Combo fix did his thing.
    But Mg still gets same error(registry).
     

    Attached Files:

    TTKRINGU, Dec 3, 2011
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's try again:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    ClearJavaCache::
KILLALL::
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Dec 3, 2011
    #4
  5. TTKRINGU

    TTKRINGU Private E-2

    Things were working fine for a couple of minutes .I ran Mg properly and task menager was enabled.But its broken again now.
    I have logs .

    Btw nice avie but "Everything is not proceeding as you have foreseen.";)
     

    Attached Files:

    Last edited: Dec 4, 2011
    TTKRINGU, Dec 4, 2011
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Bad news. Registry editing and also Task Manager will be constantly getting disabled which is due to the Sality infection you have. This can be seen by the below seen your system.ini file.

    [MCIDRV_VER]
    DEVICEMB=37721817246

    For additional info, see W32/Sality.ai also see the below. There are many forms of Sality:

    Virus:Win32/Sality.R

    Virus:Win32/Sality.AT

    These types of infections frequently require a reinstall to properly removal all traces and to fix the damage it causes.

    You can try the below tools but I have never seen them work properly:

    http://free.avg.com/us-en/win32-sality

    http://support.kaspersky.com/viruses/solutions?qid=208279889
     
    TimW, Dec 4, 2011
    #6
  7. TTKRINGU

    TTKRINGU Private E-2

    Its not problem for me to reinstall system.But is it enough to just to delete c partition (where windows is) or i should delete both partitions.

    Thank you for your time man.
     
    TTKRINGU, Dec 4, 2011
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Safest thing to do is delete all partitions and then re-partition prior to re-installation.
     
    TimW, Dec 4, 2011
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds