Disabled registry due to new, undetected trojans

[Guest Mike S.]

I recently had my computer infected with four trojans due to them

being new and undetected by the majority of anti-virus programs. So I

submitted them to AVG who confirmed they were trojans and updated

their virus definitions. This removed the four trojans from my

computer. However, I still have problems that need to be fixed. One of

which is a disabled registry.

 

Here's what needs fixing (from my HijackThis log):

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files

\System\svchost.exe"

 

O2 - BHO: (no name) - {5277E001-1190-3001-0699-ca3230262a11} - C:

\Program Files\Common Files\System\wship_help.acm (file missing)

 

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1

 

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1

 

 

Some people have suggested using combofix, SDFfix, or just using

HijackThis. Is there any reason why I can't just use HijackThis to fix

them? SDFix seems more complicated and unnecessary. Or does what I use

to fix those problems depend on my computer and whether it's up-to-

date and backed up, etc.?

 

I just want to use the safest, most reliable method to fix this

problem.

 

The only reason I'm even asking this here is because the people in the

malware forums I've posted in won't answer these questions - I guess

they're too busy. They just want to fix the problem and move on. I'm

interested in using this as a learning experience.

[Guest Andrew E.]

RE: Disabled registry due to new, undetected trojans

 

Boot to xp cd,recovery,in recovery,follow the guide outlined by microsoft

in kb307545

 

"Mike S." wrote:

> I recently had my computer infected with four trojans due to them

> being new and undetected by the majority of anti-virus programs. So I

> submitted them to AVG who confirmed they were trojans and updated

> their virus definitions. This removed the four trojans from my

> computer. However, I still have problems that need to be fixed. One of

> which is a disabled registry.

>

> Here's what needs fixing (from my HijackThis log):

> F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files

> \System\svchost.exe"

>

> O2 - BHO: (no name) - {5277E001-1190-3001-0699-ca3230262a11} - C:

> \Program Files\Common Files\System\wship_help.acm (file missing)

>

> O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,

> DisableRegedit=1

>

> O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,

> DisableRegedit=1

>

>

> Some people have suggested using combofix, SDFfix, or just using

> HijackThis. Is there any reason why I can't just use HijackThis to fix

> them? SDFix seems more complicated and unnecessary. Or does what I use

> to fix those problems depend on my computer and whether it's up-to-

> date and backed up, etc.?

>

> I just want to use the safest, most reliable method to fix this

> problem.

>

> The only reason I'm even asking this here is because the people in the

> malware forums I've posted in won't answer these questions - I guess

> they're too busy. They just want to fix the problem and move on. I'm

> interested in using this as a learning experience.

>

[Guest Patrick Keenan]

Re: Disabled registry due to new, undetected trojans

 

"Mike S." <littleboyblu87@yahoo.com> wrote in message

news:091d4b82-6a38-4f19-bfca-6e882ddb4193@w39g2000prb.googlegroups.com...

>I recently had my computer infected with four trojans due to them

> being new and undetected by the majority of anti-virus programs. So I

> submitted them to AVG who confirmed they were trojans and updated

> their virus definitions. This removed the four trojans from my

> computer. However, I still have problems that need to be fixed. One of

> which is a disabled registry.

>

> Here's what needs fixing (from my HijackThis log):

> F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files

> \System\svchost.exe"

>

> O2 - BHO: (no name) - {5277E001-1190-3001-0699-ca3230262a11} - C:

> \Program Files\Common Files\System\wship_help.acm (file missing)

>

> O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,

> DisableRegedit=1

>

> O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,

> DisableRegedit=1

>

>

> Some people have suggested using combofix, SDFfix, or just using

> HijackThis. Is there any reason why I can't just use HijackThis to fix

> them? SDFix seems more complicated and unnecessary. Or does what I use

> to fix those problems depend on my computer and whether it's up-to-

> date and backed up, etc.?

>

> I just want to use the safest, most reliable method to fix this

> problem.

>

> The only reason I'm even asking this here is because the people in the

> malware forums I've posted in won't answer these questions - I guess

> they're too busy. They just want to fix the problem and move on. I'm

> interested in using this as a learning experience.

 

To be clear, what seems to be happening is *not* that the registry is

disabled; if that were the case your system could not start.

 

Rather, registry *editing* seems to be disabled, a completely different

thing, and I would suggest that you first take an image of the system, so

you can quickly restore in case the procedure doesn't work, and then use HJT

to fix the damaged registry entry. You could also change that

DisableRegedit value to 0 instead of 1, and run it as a .reg file.

 

If you don't have imaging software, get the Acronis TrueImage trial version,

which is free and runs full-featured for IIRC 2 weeks, far more than the

time you need. Load it on another system, use that system as a host, make

the image, move your drive back and restart.

 

HTH

-pk

[Guest neutrino]

Re: Disabled registry due to new, undetected trojans

 

On Jul 24, 4:44 pm, "Mike S." <littleboybl...@yahoo.com> wrote:

> I recently had my computer infected with four trojans due to them

> being new and undetected by the majority of anti-virus programs. So I

> submitted them to AVG who confirmed they were trojans and updated

> their virus definitions. This removed the four trojans from my

> computer. However, I still have problems that need to be fixed. One of

> which is a disabled registry.

>

curious to know how these trojans were detected ? if they were

previously unknown...

what was the prog that detected them? or was it changes to your system

that alerted you?

even then - how did you detect them, and identify?

 

also - I second that suggestion - even if for use in future, get

Acronis or Ghost, and backup your system when clean, stuff like this

can be dealt to by reinstating "C" from the clean backup in minutes!

partition your drive if you dont have a second disk installed/or

external disk. and you can backup to either of those.