prison hui.exe malware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by chaska, Dec 26, 2006.

  1. chaska

    chaska Private E-2

    I was infected with something called prison hui.exe and experienced the following (anything fixed by following the tutorial is indicated beside it):

    loss of right click: fixed
    task mgr disabled (disabled by admin error): fixed
    ridiculous amount of pop-ups: fixed
    home page unable to be changed from adarson.com: fixed
    no run command or cmd prompt ability: fixed
    registery editor disabled by admin: still getting error

    Of the tutorial steps, I was able to run everything but getrunkey.exe and counter spy. Counter Spy kept looking for a .vbs file to run and then I had another error (which fails me at the moment) and getrun can't run as the regedit has been disbled byt he admin (not true).

    I have attached all logs to this and the following post.
     

    Attached Files:

    chaska, Dec 26, 2006
    #1
  2. chaska

    chaska Private E-2

    Re: prison hui.exe malware removal - HJT Log

    HJT Log for previous post
     

    Attached Files:

    chaska, Dec 26, 2006
    #2
  3. chaska

    chaska Private E-2

    Sorry to add one more thing...

    right click is fixed in most apps, but not all.

    Thanks for all your help.
     
    chaska, Dec 26, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you sure you did not disable registry edits using one of the applications you have installed (like Prevx, AVG Antispyware, or CLAM)?

    Is Prevx a paid or free trial version?
    Is AVG Antispyware a paid or free trial versions?

    Why didn't you run ShowNew? Most of it should work? Just small section of it will not work with Regedit disabled. Try doing all of the below!


    Make sure viewing of hidden files is enabled (per the tutorial).

    Now Copy the bold text below to notepad. Save it as RegFix.inf to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it, right click the newly created RegFix.inf and click install.
    Hopefully, that will solve your problem.
    Be sure to explicitly tell me what happens while doing the above!

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [rmalt] C:\Program Files\Sysxp\Keygen.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\WINDOWS\system32\drivers\etc\hosts.20061226-025157.backup
    C:\Program Files\Sysxp <--- the whole folder
    C:\Program Files\SpywareBot <--- the whole folder

    Now run Ccleaner.

    Now attach the below new logs and tell me how the above steps went.
    1. GetRunKey
    2. ShowNew
    3. HJT


    Make sure you tell me how things are working now!
    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable s
     
    chaslang, Jan 1, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds