think ive got an infection...

Discussion in 'malware problems & news' started by argus tuft, Nov 2, 2006.

Thread Status:
Not open for further replies.
  1. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Hello , yesterday morn i noticed that when i tried to run help and support (winXP sp2) i got a message box saying that windows couldnt find helpctr.exe. I ran a search, and it was in ...pchealth\helpctr\binaries , where its supposed to be. After googling i found a page that said how to edit the registry so that windows could find it. This person said that msconfig was also 'missing' on his pc, so i checked mine - windows could'nt find it, but again, it was in the right place, but the reg file telling windows where to look had been deleted.
    I ran a full scan on trend micro 06, which came up clear, ewido froze halfway thru, as did superanti-spyware.
    I am CERTAIN that I did NOT delete those entries myself.
    If anyone has had this same problem, or knows of what might cause it id be most grateful to hear. Could/ Should i try another Av scanner, if Y what can be used as an on demand scanner only (no real time)
    (ive managed to repair the registry, but still worried about how this happened)
    Thanx in advance, argus
     
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    This tool will give you back some function an infection might take away. Freeware.
    http://www.excessive-software.eu.tt/
    Infiltration Recovery Tool

    Infiltration Recovery Tool gives you ability to recover some key system features when facing malware infiltration.
    Many trojans, worms and backdoors disable Task Manager,Registry Editor and some even Explorer's Right-click context menu.
    You can restore these features with Infiltration Recovery Tool in just few clicks.
    Though there is no guarantee that it will work in all situations...

    Infiltration Recovery Tool supports all Windows operating systems.

    And heres a good guide.
    http://forums.majorgeeks.com/showthread.php?t=35407
     
  3. marcromero

    marcromero Guest

    I would recommend you download and run the Dr.Web CureIt Utility.
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    or...

    just put in your windows XP cd and repair your windows installation.
     
  5. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    LOL alot good thats gonna do, the problem could very well come back ! Unless you start from scratch and reformat the drive and do a clean install.

    If your Av scans not catching IT, could be something hidden beyond the scope of AV scanners suggest you run a few root kit scanners like the ones in my signature, they may reveal some stuff you didnt know you might have.....
     
  6. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    hi all, and thanks.
    i ran drweb cureit as per macromero's advice, and it found 9 instances of trojan.blank page.1500 (i think it was) which were all hidden in system restore bar one, which was in spybot backup! I also posted the report that spyware terminator produces at the ST forums (alternative to HJT they say), where they said to remove a file called unvise32.exe which was in the windows folder. Having done all this i think my pc is clean. A bit worried that trend micro let all this slip by though, til now i'd basically trusted it...
    Re the rootkit revealing programs, i'm a bit of a novice at all this, so if some-one could suggest an 'easy' to use one i'd be really grateful. Thanks, argus
     
  7. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Hello again, i just ran rootkit revealer, the only thing that looks suspect is in system restore, its an .ini file, hidden from windows api. the timestamp was dated 31st october so i'm fairly sure thats my problem (or one of them). thing is, how do i tell what this is, as its in system restore and is called A0027086.ini Does knowing which system restore point its in help?
     
  8. marcromero

    marcromero Guest

    Good to hear Dr.Web CureIt Utility helped you out with your problem, I would also recommend you turn off system restore while scanning and cleaning infections.
     
    Last edited by a moderator: Nov 4, 2006
Loading...
Thread Status:
Not open for further replies.