Registry Pop up issues

Okay I have been having a lot of virus issues lately. I reformatted because my brother and sister somehow made it so when i turned my computer on it got to the sign in and then turned itself off again. When I reformatted everything seemed fine until i realized I still had some viruses on my computer. I kept getting pop up warnings about Allaple, some type of root kit, and virut.c. I ran the Read & Run and now I cant get the time on my computer off of military time and i still get pop ups saying my registry is corrupted or damaged and i need to run registrycleanerxp.com and other sites.

Everytime I use the recovery disks I get those pop ups. I ran the programs and none of them can find anything. I ran Zone Alarm and it found 3 but they couldnt be removed. Plus my computer keeps telling me there isnt enough virtual memory on it and I had to boot in Safe Mode to increase it just to have enough memory to boot regularly! So Please!!! Help!!!

 

Hi jhope88,
Welcome to Major Geeks!

1) Before you start, please run CCleaner.

2) Then go to Alternate Scans and run the BitDefender online scan. There is an extra link for this which tels you how to run it so it fixes everything it finds and so it will produce a log which we can use. You will need to use Internet Explorer as the browser for this scan and Active X needs to be enabled for it to work. Agree to the agreement and allow it to install the update.

3) After the above, I would like for you to scroll down a bit farther in Alternate Scans and find the instructions for running GMER. Please follow those instructions.

4) When you finish the above, attach the logs from both scans.

How is your computer running?

Thanks.
abri

 

I tried to run Gmer and each time my computer froze up and crashed. Also I got a sort of system error message and my computer gave me 45 seconds and it shut itself down. Im not sure if that is a result of the virus or if its something else. The Allaple is replicating itself and im not sure how to find the source and kill it. Is there another rootkit program i can run because Gmer never finishes before my computer crashes. And the log from bitdefender is included

thanks a bunch abri!

 

Hi jhope88,

Please do the following:

1) Go to Windows Explorer and find the following folder and delete all the files in it that Windows allows you to delete. It will not allow you to delete files from the current day:

C:\Documents and Settings\Administrator\Local Settings\Temp\

2) Then download and install Erunt. Use it to create a backup of your registry.


3) After you've done the above, I would like for you to go to the registry editor.
Go to Start / Run and type in regedit and click on ok.
In the window that opens up, please navigate to the following two keys and delete them:

1. In the left panel, click the + next to HKEY_CLASSES_ROOT
2. When that opens, scroll down until you come to CLSID (pretty far down past all the numbers)
3. Click on the + to expand it.
4. Still in the left panel, locate and right-click the key: {D2CDEB42-C034-80D1-8096-BFD48620F496}
   (again, please note that the letters follow the numbers so you'll have to scroll down quite a ways to find it)
5. Select delete and delete that key

Then find the next key:

• In the left panel, open the following pathway using the + sign:
  HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
• Still in the left panel, locate and right-click on
  MSWindows and select delete.
• After you've deleted both keys close Registry Editor.

4) When you've finished the above, I want you to run the following scan:

ESETs Online Scanner see this Using ESET's Online Scanner supports all Windows OS including Vista

5) After you finish, please attach the log from the Eset scan.

Thanks.
abri

 

I wasnt able to find either key. They werent there. Im still getting alot of random pop ups that i never got before and my system gives me a 1 minute warning and shuts down on its own. Here is the Eset scan. Allaple keeps replicating. I also still have Virut and some Rbot as well as one other that i cannot remember. My avast gave me warning.

 

Hi jhope88,

I've asked chaslang to look at your thread so he may give you a different set of instructions. For the meantime, please try the following:

Most of the major antivirus companies can get this virus, unfortunately Avast. doesn't seem to be among them. Eset was listed as being able to and did delete a lot, but didn't get rid if it. What I think is that we have to locate the keys I told you about and delete them. I was thinking they have a certain number, but they don't. They are random keys, so we will need a tool that can find them and delete them before it continues with the removal process. It doesn't help to remove the worm until the keys which cause it to start up again have been removed.

I would like for you to try Panda online scan next and see if we make more progress with that. If it doesn't work, I will ask you to uninstall Avast and download a free trial version of McAfee which I think will work, but let's try Panda first. Go to Running Panda Active Scan and follow the instructions. Note the error message in the instructions, that Avast may give you a warning that Panda is a virus called Win32-CTX. Please ignore this. To run this scan you will need to use Internet Explorer with Active X enabled.

When you finish, please run CCleaner.

Then attach the Panda active scan log, even if it is not able to fix the problem. I would like to look at it. It will be called activescan and might have a date with it. Then if it doesn't work continue on:


If the above does not work and you are having the same symptoms when you get done, please do the following.

Go to http://download.mcafee.com/eval/evaluate2.asp and find McAfee virus scan and check the 30-day free trial version. Download the installation program to somewhere where you can find it later.

Then physically disconnect your computer from the internet and disable Avast. Remove Avast using add/remove programs.

Find the installation program for the free trial version for McAfee and install it. Do not install Site Advisor if it is included with the program.

Reconnect your computer to the internet and allow McAfee to update.

Then again, disconnect your computer physically from the internet.

Have it scan all drives of your computer including any external drives, especially any flashdrive that might be infected.

When it finishes, run CCleaner again.

Then attach a report of the results.

Thanks.
abri

 

:confusedAlmost everything on my computer stopped working so I ended up reformatting using the disks i bought from microsoft for windows 2000 pro. I still have the Allaple.q virus as well as virut and virtumonde. Could It be in my bios? No matter how many times I reformat everything else erases but I still keep the viruses I had before reformatting. I scanned my disks and there isnt anything on them. Could these viruses be infecting my BIOS? I tried doing everything from the latest posts but wasnt able to. I kept getting error messages.:cry