Need help repairing damage caused by a trojan

Discussion in 'malware problems & news' started by zopzop, Dec 21, 2006.

Thread Status:
Not open for further replies.
  1. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    My friend had a nasty trojan he picked up by surfing "adult" sites. Thankfully ewido detected and removed the trojan but he still has some problems. The virus/trojan disabled things like task manager (ctrl+alt+del doesn't bring it up), right clicks, etc.. How would he go about restoring those options?
     
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  3. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello zopzop,

    The Infiltration Recovery Tool which can be found at the bottom of the page via the following link may be what you are looking for. Hope this helps.

    http://www.excessive-software.eu.tt/


    Peace & Love,

    CogitoErgoSum
     
  4. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    awesome! thank you both :D
     
  5. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    me again. i tried both of those sites (i bookmarked them in fact) but they didn't help my friend's pc. everytime we tried to add the registry entries from the windows xp tweak site it would give us an error like "this action has been forbidden by the administrator." after almost pulling out my hair in frustration, i tried "dial-a-fix". and it worked! the right clicks, regedit, taskmanager, internet options, cmd, run, msconfig, windows chat bubbles were enabled again.

    but there's still one more problem. under control panel, the "users" option will not work! i click the icon and nothing happens (the original "users" icon is gone and in it's place is the generic windows icon). is there anyway to repair this? he can't create new users.

    can anyone help? this is the only thing that's remaining to be fixed.
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Have you tried using the repair console of XP?
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    zopzop,

    I believe Lucas is referring to replacement of nusrmgr.cpl and possibly mshta.exe (correct me if I'm mistaken Lucas). If your friend isn't running this, it may be as simple as restoring the HTA association. Short of the latter, replacing file's would depend on the installation. If xpsp2, the method (disk, no disk - sp2 included, or updated).

    Tell us, does it open when typing nusrmgr.cpl into a runbox? Are the above mentioned file's present in system32?


    GF
     
  8. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    @lucas1985

    i wouldn't know where to even begin using recovery console to repair the problem, i've never used it :D

    @GlobalForce

    i know for sure he's not using HTAStop. the only thing he does with his windows is update his norton antivirus signatures and update his windows xp media edition 2005 with MS patches.

    i won't be at his house again till Tuesday cause of the New Year's holiday. i'll check then and report back here. Again thanks for the help all. :D
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  10. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    zopzop,

    With any luck, it appears that the link lucas1985 provided to "User Accounts option in Control Panel gone" will do the trick.


    Peace & Love,

    CogitoErgoSum
     
  11. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Luck meaning .... sp2 was included on the install cd. Otherwise (in the instance sp2 was through update), expect a window's file protection error to be generated because of version differences. Either way, user's choice. We should be able to help you deal with any shortcoming's as they become apparent.

    GF
     
    Last edited: Jan 3, 2007
  12. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    @GlobalForce

    i really dont' think his cd included sp2 :( he has a legit version of windows xp media center edition fully patched and updated to sp2 and i have a legit version of windows xp home edition fully patched and updated to sp2. what would happen if i used a copy of my nusrmgr.cpl and (if needed) mshta.exe and copied it to his machine?

    is it a) legal and b) would it work?
     
  13. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    zopzop,

    It's Tuesday. Three detail's please .... fill us in on whether or not those file's presently exist in system32 and/or system32\dllcache including version number's, your proficiency within a command shell, and the drive letter your friend's system is installed on. We'll take it from there.


    GF
     
    Last edited: Jan 3, 2007
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
  15. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    thanks for all the suggestions guys. i just came back from my friends house. both nusrmgr.cpl and mshta.exe were present on his computer but nusrmgr.cpl was corrupt. we replaced the nusrmgr.cpl file from his windows media center edition of winxp using the method that lucas1985 linked to. the user accounts icon is back, when you click the icon the user accounts settings come up, etc.. bascially everything is working fine now.


    THANK YOU ALL for your help! wilders rocks.

    @lodore

    thanks for the info. i've been using superantispyware for 6+ months and i never even saw that feature :D
     
Loading...
Thread Status:
Not open for further replies.