Guest Mike S. Posted July 24, 2008 Posted July 24, 2008 I recently had my computer infected with four trojans due to them being new and undetected by the majority of anti-virus programs. So I submitted them to AVG who confirmed they were trojans and updated their virus definitions. This removed the four trojans from my computer. However, I still have problems that need to be fixed. One of which is a disabled registry. Here's what needs fixing (from my HijackThis log): F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files \System\svchost.exe" O2 - BHO: (no name) - {5277E001-1190-3001-0699-ca3230262a11} - C: \Program Files\Common Files\System\wship_help.acm (file missing) O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 Some people have suggested using combofix, SDFfix, or just using HijackThis. Is there any reason why I can't just use HijackThis to fix them? SDFix seems more complicated and unnecessary. Or does what I use to fix those problems depend on my computer and whether it's up-to- date and backed up, etc.? I just want to use the safest, most reliable method to fix this problem. The only reason I'm even asking this here is because the people in the malware forums I've posted in won't answer these questions - I guess they're too busy. They just want to fix the problem and move on. I'm interested in using this as a learning experience.
Guest Andrew E. Posted July 24, 2008 Posted July 24, 2008 RE: Disabled registry due to new, undetected trojans Boot to xp cd,recovery,in recovery,follow the guide outlined by microsoft in kb307545 "Mike S." wrote: > I recently had my computer infected with four trojans due to them > being new and undetected by the majority of anti-virus programs. So I > submitted them to AVG who confirmed they were trojans and updated > their virus definitions. This removed the four trojans from my > computer. However, I still have problems that need to be fixed. One of > which is a disabled registry. > > Here's what needs fixing (from my HijackThis log): > F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files > \System\svchost.exe" > > O2 - BHO: (no name) - {5277E001-1190-3001-0699-ca3230262a11} - C: > \Program Files\Common Files\System\wship_help.acm (file missing) > > O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, > DisableRegedit=1 > > O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, > DisableRegedit=1 > > > Some people have suggested using combofix, SDFfix, or just using > HijackThis. Is there any reason why I can't just use HijackThis to fix > them? SDFix seems more complicated and unnecessary. Or does what I use > to fix those problems depend on my computer and whether it's up-to- > date and backed up, etc.? > > I just want to use the safest, most reliable method to fix this > problem. > > The only reason I'm even asking this here is because the people in the > malware forums I've posted in won't answer these questions - I guess > they're too busy. They just want to fix the problem and move on. I'm > interested in using this as a learning experience. >
Guest Patrick Keenan Posted July 24, 2008 Posted July 24, 2008 Re: Disabled registry due to new, undetected trojans "Mike S." <littleboyblu87@yahoo.com> wrote in message news:091d4b82-6a38-4f19-bfca-6e882ddb4193@w39g2000prb.googlegroups.com... >I recently had my computer infected with four trojans due to them > being new and undetected by the majority of anti-virus programs. So I > submitted them to AVG who confirmed they were trojans and updated > their virus definitions. This removed the four trojans from my > computer. However, I still have problems that need to be fixed. One of > which is a disabled registry. > > Here's what needs fixing (from my HijackThis log): > F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files > \System\svchost.exe" > > O2 - BHO: (no name) - {5277E001-1190-3001-0699-ca3230262a11} - C: > \Program Files\Common Files\System\wship_help.acm (file missing) > > O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, > DisableRegedit=1 > > O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, > DisableRegedit=1 > > > Some people have suggested using combofix, SDFfix, or just using > HijackThis. Is there any reason why I can't just use HijackThis to fix > them? SDFix seems more complicated and unnecessary. Or does what I use > to fix those problems depend on my computer and whether it's up-to- > date and backed up, etc.? > > I just want to use the safest, most reliable method to fix this > problem. > > The only reason I'm even asking this here is because the people in the > malware forums I've posted in won't answer these questions - I guess > they're too busy. They just want to fix the problem and move on. I'm > interested in using this as a learning experience. To be clear, what seems to be happening is *not* that the registry is disabled; if that were the case your system could not start. Rather, registry *editing* seems to be disabled, a completely different thing, and I would suggest that you first take an image of the system, so you can quickly restore in case the procedure doesn't work, and then use HJT to fix the damaged registry entry. You could also change that DisableRegedit value to 0 instead of 1, and run it as a .reg file. If you don't have imaging software, get the Acronis TrueImage trial version, which is free and runs full-featured for IIRC 2 weeks, far more than the time you need. Load it on another system, use that system as a host, make the image, move your drive back and restart. HTH -pk
Guest neutrino Posted July 25, 2008 Posted July 25, 2008 Re: Disabled registry due to new, undetected trojans On Jul 24, 4:44 pm, "Mike S." <littleboybl...@yahoo.com> wrote: > I recently had my computer infected with four trojans due to them > being new and undetected by the majority of anti-virus programs. So I > submitted them to AVG who confirmed they were trojans and updated > their virus definitions. This removed the four trojans from my > computer. However, I still have problems that need to be fixed. One of > which is a disabled registry. > curious to know how these trojans were detected ? if they were previously unknown... what was the prog that detected them? or was it changes to your system that alerted you? even then - how did you detect them, and identify? also - I second that suggestion - even if for use in future, get Acronis or Ghost, and backup your system when clean, stuff like this can be dealt to by reinstating "C" from the clean backup in minutes! partition your drive if you dont have a second disk installed/or external disk. and you can backup to either of those.
Recommended Posts