Jump to content

Malware bytes Hiloti trojan - cant boot computer


Recommended Posts

Hi there,

I recently ran a scan with MB and found a few problems. I wasnt really paying attention to what they were but clicked something like Fix Checked and then was prompted to Restart. On reboot the computer does not pass the windows splash page with the loading bar (about 5 seconds hang here) and then flashes a blue screen (for less than a second) and reboots. This cycle continues over and over ahhhhh!!! I cant catch whats written on the blue screen but will try and post.

I have tried the following:

1. Boot in safe mode/networking - same result.

2. Boot with lastworking config - same result.

I downloaded Secured2k's boot disk and have been able to access a temporary platform, however my internet connection is a wireless USB drive and it doesnt recognise it. I was able to access the malware bytes log and it looks like a regestry value was deleted. My details are as follows, please please help:

LOG

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5604

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

28/01/2011 4:08:51 PM

mbam-log-2011-01-28 (16-08-51).txt

Scan type: Quick scan

Objects scanned: 162336

Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\saplmp.dll (Trojan.Hiloti) -> Delete on reboot.

c:\WINDOWS\ukujocif.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jvayonutulivih (Trojan.Hiloti) -> Value: Jvayonutulivih -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ggidiziresox (Trojan.Hiloti) -> Value: Ggidiziresox -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\saplmp.dll (Trojan.Hiloti) -> Delete on reboot.

c:\WINDOWS\ukujocif.dll (Trojan.Hiloti) -> Delete on reboot.

c:\documents and settings\Computer\local settings\Temp\0.6918481915312358.exe (Rogue.SecurityShield) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\application data\Adobe\plugs\kb190414609.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\application data\Adobe\plugs\kb190430125.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\application data\Adobe\plugs\kb190433718.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\local settings\Temp\0.4784454880955621.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\local settings\Temp\0.6897203760381174.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi there,

I recently ran a scan with MB and found a few problems. I wasnt really paying attention to what they were but clicked something like Fix Checked and then was prompted to Restart. On reboot the computer does not pass the windows splash page with the loading bar (about 5 seconds hang here) and then flashes a blue screen (for less than a second) and reboots. This cycle continues over and over ahhhhh!!! I cant catch whats written on the blue screen but will try and post.

I have tried the following:

1. Boot in safe mode/networking - same result.

2. Boot with lastworking config - same result.

I downloaded Secured2k's boot disk and have been able to access a temporary platform, however my internet connection is a wireless USB drive and it doesnt recognise it. I was able to access the malware bytes log and it looks like a regestry value was deleted. My details are as follows, please please help:

LOG

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5604

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

28/01/2011 4:08:51 PM

mbam-log-2011-01-28 (16-08-51).txt

Scan type: Quick scan

Objects scanned: 162336

Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\saplmp.dll (Trojan.Hiloti) -> Delete on reboot.

c:\WINDOWS\ukujocif.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jvayonutulivih (Trojan.Hiloti) -> Value: Jvayonutulivih -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ggidiziresox (Trojan.Hiloti) -> Value: Ggidiziresox -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\saplmp.dll (Trojan.Hiloti) -> Delete on reboot.

c:\WINDOWS\ukujocif.dll (Trojan.Hiloti) -> Delete on reboot.

c:\documents and settings\Computer\local settings\Temp\0.6918481915312358.exe (Rogue.SecurityShield) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\application data\Adobe\plugs\kb190414609.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\application data\Adobe\plugs\kb190430125.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\application data\Adobe\plugs\kb190433718.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\local settings\Temp\0.4784454880955621.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\Computer\local settings\Temp\0.6897203760381174.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

UPDATE

here is the error msg displayed:

A problem has been detected and windows has been shut down to prevent damage to your

computer.

If this is the first time that you have seen this stop error screen, restart your computer.

If this screen appears again follow these steps:

Check for viruses on your computer. Remove any newely installed hard drives or hard drive

controllers. Check your hard drive to make sure it is properly configured and terminated.

Run chkdsk /f to check for hard drive corruption, and then restart your computer.

Technical Informoation:

***STOP: 0x0000007B (0xBA4c7524, 0xC0000034, 0x00000000, 0x00000000)

////

I have also run a chkdsk /p /r command in the recovery console, first time it said it had found and repaired an issue. Second time it found no issues. Any help appreciated

Link to post
Share on other sites

post-32477-1261866970.gif

It sounds like you have / had a MBR (master boot record) infection.

I have to assume you're running XP, if not let me know.

If you can get into the recover console, at the prompt you can try these, ONLY if Windows doesn't boot.

At the Command prompt type in: Fixboot and tap enter key

Type in Exit and try to reboot normal.

If that doesn't work, go through the same steps but use: FIXMBR and tap enter key

Type in Exit and try to reboot normal.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.