Jump to content

ripley

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral

About ripley

  • Birthday 03/02/1969
  1. Hi Screen, I noticed the entertainment folder was empty once I was able to get the machine up and running again. I also went to Dell website and found the driver to reinstall, etc. there were many things I tried. One of the many things was to use the OEM reinstallation/drivers and utilities disk that Dell sent when the computer was sick/stuck in the log on loop way back in January. Additonally, I ran the diagnostics check, went through the device manager and troubleshooting tasks, updated to Windows Media Player 11, Quicktime, downloaded some notes re: sound devices and some via audio cat files. Just today I tried to play a video and received a pop up that MIME files for quick time were not configured and clicked to have it fixed...only in an effort to get sound. No sound. I can try to uninstall the driver, although the problem seemed related to the sound device. Prior to this I had used ms fix it to have our sick , now recovering system acknowledge the d: or cd/dvd rom drive. That worked fine and now D: drive is recognized but still no sound. Any ideas? Thanks again.
  2. I figured a bunch of stuff out and received help with the trojan, etc elsewhere. The only issue left is no sound feature or device not working. Thank you for the reply. If you know of fixes for the sound issue in XP please don't hesitate to pm or reply to me. The drivers are fine, something of a reaction to updates or recovering from the infection/s etc. Mircrosoft does not have a fix it that supports xp...only vista. Sound advice anyone?
  3. I guess this should be closed at this point. Happy b-day to me, I have learned that a hacker and trojan has all of my family info and the month I spent trying is for not anyway. Hopefully some one else can get help, via the info learned, I learned about msn g emails and I haven't had the system online for over a month. I learned alot from visiting, so if it isn't closd go ahead, even cleaning won't help , so I hear via trojan and back door issues. I'd rather have some one helped anyway, considering my case isn't as clear via the hacker.
  4. Hi, I was curious as I haven't run gmer w/this desktop up and running (semi-running)...Is the Attached (database?) named fastfat with a value of fltmgr.sys Filter normal or is it appearing during the scan due to safemode? I hadn't seen it before, yet gmer never showed results when I was still locked out of this OS/Windows XP.
  5. I finally got through and corrected looping problem and have scanned with newer version of Malwarebytes. I haven't gotten on line yet, with the desktop... as the software hasn't been seen or updated for 27 days and I wanted to make sure these infections aren't lingering in registry keys, etc. Now I have a name to attach to this infection after a long month of scanning without results or fixes. Finally, a log with real infections caught and some quarantined. Sometimes giving up is not an option. I'll see if browser functions tomorrow after updating all tghat has been stagnating for a month when I couldn't get past the logon loop issue. Thank you all for your insight and posts to links, etc. Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 2/23/2010 8:28:35 PM mbam-log-2010-02-23 (20-28-35).txt Scan type: Full Scan (C:\|) Objects scanned: 247812 Time elapsed: 1 hour(s), 28 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 1 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. I hope this info on the type of malice that did this can help others and prevent this..in the constant battle against these things
  6. Thank you for replying, I got it to run on the one that still has issues, no log result after over an hour with gmer running..thank you though, thought I'd try it just in case the other results couldn't be found due to the malice of emulation softsare issues. Gotta try... even as it's coming up on a month of this log on log off nonsense.
  7. Hi, I was wondering if the defogger can be moved from the desktop once it is downloaded so I can place it on a usb disk or cd to install it/enable it on the non-working computer. I have run gmer and malwarebytes by transferring the exe/applications over to the problematic PC in order to run scans, however I have not been able to successfully get the defogger over there to disable the cd emulators.
  8. I'm not sure where to post this for you experts. I have reinstalled windows home edition OEM from Dell as they didn't send the OS for the Windows media edition. I am currently running OTLPE disk and can see everything but the userinit key/exe for the operating system that is still locked in the window welcome loop. I guess I need a little advise or someone to walk me through a few steps to fix the loop issue, make sure I am clean and get the original xp system logon loop resolved so I can figure out how to get my data back. It seems that whatever update or virus this was has enslaved the original OS. Any help is appreciated I don't know what topic this should be posted to as there are multiple issues. I have a dds log and will post it to where ever you all advise me to place it, the malware bytes log didn't show anything but the superantispyware I downloaded with this borrowed working machine. Are scans ever run through PE environment /PE desktop?
  9. Thank you Mark, I hope you finish in the top of your class and maybe when I get my family's computer back (prays) or at least get a desktop w/o welcome screen I'll find an expert to help with the darn virus that locked us out in the first place. I need to be able to access windows/c: to do any malware removal...so hopefully your advice here in pc was, in fact pc! Haha
  10. The password issue is an ongoing problem alot of users are having due to infection. I've seen many posts about the problem. There was never an admin or user name and if there were we tried them and the reboot loops back to the welcome screen. Related to the other help you suggested: How can I acquire the Ultimate boot disc or UBCCDetc disk? I am willing to try that on the infected desktop. Thanks for your replies!
  11. Okay, I have the discs and a laptop that burns them so I will wait for an expert to take me on in creating this/these boot discs as I have some time to deal with all that is necessary..and the expert I am granted to help me. Once I am walked through the boot disk aspect I will gladly go through all necessary steps to irradicate this virus and sweep it with the tips pinned, etc.
  12. This is good news. My family gave what we could even as I have no job, during the Haiti relief concert. 25.00 And...thank you all for all that you do to help with these un-natural disasters. You are much appreciated and I thank you!
  13. Thank you all for your input and replies. Noknojon: the infected system had new webroot antivirus with spysweeper they locked up in quarantine. I have the downloaded malwarebytes 1.44 on this borrowed laptop and I have it on a burned cd-rom. The antivirus installed on this borrowed deal is trend micro, but this is a very old laptop and I am limited yet grateful to have anything. Yokenny: thank you for the input, some guy was telling me about the crack...crack is bad anyway you write it. Mark: that sounds like the deal. Last time I was infected with spyware 2009 I saved registry key files etc. removed it all by myself until it was gone at least I had a desk top and windows. This thing locked me out completely. Is bootdisk help by expert even an option for me? I really don't know if I can pay for help..unemployed here, so don't know how it works. Perhaps there is a change I can make in the bootable device section of the computer, but that hasn't worked with driver disks or anything. Firefox, I did read all of the pinned and the great quick help guides by miekimoes (thanks) just doesn't work from welcome screen and no safe boot or anyboot. I get a blue welcome to 'name of computer here' or admin prompt for password etc.
  14. Hi, I have the same problem with the password welcome screen. Just wanted to know a fix, we are going to have to take the hard drive out anyway as no one has been able to help with the welcome screen or ability to safemode or anything for that matter. Once I do get it out I suppose I will one day try to get all of our stuff off it but I'm not sure how.Anyway for what it is worth you aren't alone..if you figure it out send me a message please. dell sent us some disks so hopefully when we buy a new drive we will have an OP system. Will the 10phtcrack method work? I can't see the machine recognizing cd/dvr drive so trying to put a malware bytes download onto the disc to place it on the infected computer probably wont work as it doesn't allow us past the f2 f12 welcome screen and password nonsense.
  15. Just now tried to boot in safe mode and got it until it rushed back to windows xp 'to begin, click your user name. The screen jumped to safe mode for a milisecond when I hit user name prompt with snowflake on the welcome screen and hit f5/f8 simultaneously. this is xp media center and I still have the admin prompt as well as computer name. I guess safe mode isn't booting as we'd like. I do have working cds and a drive on this laptop..I just don't see how I'll be able to boot up or run anything from the cd/dvr drive with this password thing. Additionally I can get to f2 setup for dell if there is anything I can do from bios etc. greatly appreciate any what to try next replies. Thanks again, look forward to hearing something here or where ever else in this forum. -Sherri Okay!!!! I tried something yet afraid to go forward. I am at boot device Menu...I got the sata hard drive and onboard usb cd rom drive up as option and highlighted. Below this is sys setup prompt and hard drive diagnostics. currently I have usb cd rom highlighted and a spysweeper disc in the drive. What should I do now??? You people seem to be the best because another 'friend' told me he was an expert too. I just want to get your tools on cd and run them on the infected desktop all day and night if I must!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.