No regedit

Question

gviswa18 0 Newbie Poster

16 Years Ago

Sir i am too having the same problem.. ill follow your ur instructions and post the report..... thanks.....

windows-virus

2 Contributors
4 Replies
101 Views
12 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by crunchie

All 4 Replies

crunchie 990 Most Valuable Poster

16 Years Ago

I have moved your posts to your own thread. Please do not piggy back other members posts in the hijackthis forum :).

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

gviswa18 0 Newbie Poster · Answer 1 · 2007-12-05T19:32:38+00:00

sir pls update that link to sdfix....... it is broken

gviswa18 0 Newbie Poster · Answer 2 · 2007-12-05T20:00:48+00:00

sir this is the report.txt file......
pls read this...........

SDFix: Version 1.116

Run by Administrator on Wed 12/05/2007 at 07:14 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

D:\WINDOWS\system\svchost.exe - Deleted
D:\WINDOWS\system32\setting.ini - Deleted

Removing Temp Files...

ADS Check:

D:\WINDOWS
No streams found.

D:\WINDOWS\system32
No streams found.

D:\WINDOWS\system32\svchost.exe
No streams found.

D:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 19:21:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="D:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"D:\\Program Files\\BitLord\\BitLord.exe"="D:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\Orbitdownloader\\orbitdm.exe"="D:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"D:\\Program Files\\Orbitdownloader\\orbitnet.exe"="D:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Disabled:Age of Empires II"
"D:\\Program Files\\Rediff Bol\\RediffMessenger.exe"="D:\\Program Files\\Rediff Bol\\RediffMessenger.exe:*:Enabled:Rediff Bol 8.0 "
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="D:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - D:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 9 Nov 2007 2,668 A..H. --- "D:\Program Files\SuperGOO\MetaImage.dll"
Sun 27 Apr 2008 106,496 A.SHR --- "D:\WINDOWS\system\_sv_CMD_\_U_.exe"
Wed 28 Nov 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\0d4a7c846fe5e74c3056c3e240c1ffeb\BITB.tmp"
Sat 22 Sep 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\dcfb65ff18fcfdf3d0086d241818e7bc\BIT3B.tmp"
Sat 22 Sep 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 23 Sep 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BITB.tmp"

Finished!

finallly, pls suggest me any good spyware and antivirus?

gviswa18 0 Newbie Poster · Answer 3 · 2007-12-05T20:24:49+00:00

Sir thank you very much for ur advice........

Ill post other symptoms i faced before doin ur fix ......

1. when i opened my usb drive.... it did not open saying that user has no permission.....

2. i used folders pane and opened the drive..... i found that there was another folder created within the existing folder using the same name..... but it was not a folder.......it was a exe file with folder icon.....

After the fix
1. I am able to open the drive now. but i am still getting a warning from my spyware doctor anti spyware that a malicious action action has been blocked......

The msg reads
Malicious action blocked

Spyware Doctor has blocked an appln INFO.exe that is trying to access a file.....

Path: D:\windows\system\svchost.exe....

pls help me solve this

No regedit

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers