Jump to content

What to check after malware removal


jlh35

Recommended Posts

Hello,

i experienced last week a malware attack that i solved using all the comments/methods/tips and trics from Kahdah (see the thread Cerbere,kahda, 2 weeks ago, in that forum).This time it was vbmacd78.sys that i discovered on the pc.

once removed, things are not so good: pc is very slow (several minutes to open "Mycomputer", Network properties are empty but however the network is ok, and i am able to surf to internet, google, and use forum :)

Configuration is the following: windows XP SP2, with recovery console installed :). Laptop EasyNote from P**B**. Two users on that machine.

When looking at Network properties, WMI errors. Ran WMI diag and find a lot of errors regarding DCOM security and "Default Trustee NT AUTHORITY\ANONYMOUS LOGON that has been removed" . In fact it seems there are several ACE that have been removed. I attached the log.

The probleme is that i don't know how to repair, and even if it is repair-able. So please any one could help telling me what to look at and what to try?

Some thing else that can help maybe: there were two users on that machine. One is still OK (pretty OK) the other did not log in (files are still there, but desktop no longer linked to that user, no explorer, no way to work on the pc from that login.)

.

WMIDIAG_V2.0_XP___.CLI.SP2.32_SNNECCI_2010.11.22_01.14.53_REPORT.TXT

Link to post
Share on other sites

Humm, i just realize this message was not in the right forum....Neverless, there is too much troubles with the result of the removal. Not only wmi has problem, but no windows update do work, and no way to update. Finally i am burning a CD with windows XP SP2 and will do a recover. Hope this will work.

Regards every body

jluc

Link to post
Share on other sites

  • 2 months later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.