Registry tampered with Help!!

Discussion in 'malware problems & news' started by Christoff, Feb 18, 2005.

Thread Status:
Not open for further replies.
  1. Christoff

    Christoff Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    4
    Hi everyone
    Didnt get much help on the forums you kindly gave me for analysing Hijack.
    On further investigation it would appear that i have some kind of virus. When windows starts up it seems thete is a file loading just before the panda antivirus. It removes all links to my .exe files. cant start regedit, configsys etc. from information i have gathered over the internet it looks like the sircam32 virus it removed the "%1\"%" entries from my classes\root\.
    I saw a posting on here which i followed the instruction and downloaded the regfix file. i entered it into my registry after scanning with panda. it corrected the missing entries. restarted machine still no .exe files I have checked everything that is running with security task manager i cant see anything that should not be running. I have also run adaware and spybot. can anyone advise me..
    Thanks
    Chris
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Will Panda run in Safe Mode?

    Cheers :D
     
  3. Christoff

    Christoff Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    4
    Hi blackspear
    I cant run safe mode either still get the same problem. I ran the Panda through BartSE. I have also run online scanner. It seems just before The antivirus loads on boot up i get this window it wont let me log on unless i press ok.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you get into Windows at all? If you can you could try placing your Windows CD in the drive, click start> run type in CMD, when the black window opens type in "sfc /scannow" (without the quotation marks) SFC (System File Checker, a part of Windows File Protection) will replace any changed/damaged system files with a clean copy. SFC may not solve every problem, but it's a good start that anyone can do.

    Failing this you could try a Windows Repair by booting off your Windows CD.

    Cheers :D
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If you have access to another Clean computer with an up-to-date Anti-virus, you could slave your hard drive off that system and run a scan. This will remove any viruses, then it's a matter of installing Windows over the top of itself...

    Cheers :D
     
  6. Christoff

    Christoff Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    4
    Hi thanks for the advice. Run online scanner and found 6 viruses. Why pandas all singing all dancing protection didnt see it or indeed stop it on entry i dont know. anyway is there anyway of installing over the top keeping existing settings etco_O
     
  7. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Sometimes the malware nails the AV before the AV can nail the malware; that might be what happened here. ;)
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    See post number 4 above ;) :D

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.