The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> System Administration
> Antivirus Protection
|
 Page 2 -
Advanced version of moneypak virus, need some high-level help please
Page 2 - Discuss Advanced version of moneypak virus, need some high-level help please in the Antivirus Protection forum on Dev Shed.
Advanced version of moneypak virus, need some high-level help please Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.
|
|
 |
|
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
February 8th, 2013, 02:14 AM
|
|
Registered User
|
|
Join Date: Jan 2013
Posts: 12
Time spent in forums: 1 h 21 m 38 sec
Reputation Power: 0
|
|
|
Uh, is anyone able to help me restore my computer to working condition? I'm getting the feeling my thread went dead... Hiker? Anyone?
|
February 8th, 2013, 02:11 PM
|
 |
Contributed User
|
|
|
|
|
Since your HJT log has a lot of these...
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
and svchost.exe is one of those critical things for normal operation, then I think the following things should be considered.
1. Copy from a trusted source the svchost.exe file from another XP machine to this one.
2. If you have limited explorer functionality, and if you haven't done so already, make a backup of anything you want to keep. At this stage, you should consider the backup contaminated, so don't be in a rush to use it without going over it with several scanners at some point.
> I'm using a custom built desktop with windows XP operating system.
3. Probably on another machine.
Locate and download all the latest drivers for any hardware you've got installed in the machine.
Locate and download all the software which you currently use.
Locate and note any licence / registration information for any purchased software.
If you've been busy installing / uninstalling / updating for a number of years, there could be all sorts of detritus lying around, not to mention the left-overs of whatever malware made it onto your machine.
The reasonably safe thing to do next is buy another hard disk (almost certainly larger than the one you have, probably faster as well), re-install everything you need and then plug your old hard disk in as a slave. This can then be scanned purely as a data drive without letting any malware get any chance of running and hooking itself into the OS.
A clean OS with just what you currently need installed should be a lot more responsive.
One word of caution though.
Since you're running XP, there will be well over 100 updates when MS update finally kicks in.
You might try applying them in batches.
|
February 8th, 2013, 03:33 PM
|
|
|
If you have a bootable XP CD, you can recover that missing file using the Recovery Console [along with the EXPAND command].
I'm sure you can find lots of tutorials, using google, to help you get into recovery console and on how to use the EXPAND command.
this link tells you how to get into recovery console >>LINK<<
Once in recovery console, and at the C:\ prompt, you will need to switch back to your cd/dvd drive letter [assuming X: here], then, cd to your i386 folder
then, issue this command to expand the svchost file into the correct place.
Code:
expand svchost.ex_ C:\Windows\system32\svchost.exe
Confirm by pressing Y for yes. Remove the CD.
Then, reboot into the OS with safemode ....goto Start>Run and issue the command "sfc /scannow" (without the quotes)..reinsert your XP cd and let it scan and replace whatever corrupted/missing files it finds.
Hopefully this will allow you to get an antivirus installed to let you scan/clean up your OS.
Otherwise, you will need to use salem's advice.
good luck.
Last edited by DonR : February 10th, 2013 at 11:08 AM.
|
February 10th, 2013, 02:29 AM
|
|
Registered User
|
|
Join Date: Jan 2013
Posts: 12
Time spent in forums: 1 h 21 m 38 sec
Reputation Power: 0
|
|
|
so i did like donR suggested and went and found the software for my svchosts. I installed it and things are all but back to normal. Having done so i've begun doing sticky's anti-virus walkthrough, the following are the logs that were generated:
malware-bytes:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.10.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Serain :: TJE-E221F6EFC6F [administrator]
2/10/2013 3:12:53 AM
mbam-log-2013-02-10 (03-12-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204205
Time elapsed: 3 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AntiMalware (Trojan.FakeMS) -> Data: "C:\Documents and Settings\All Users\Application Data\AntiMalware.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\All Users\Application Data\AntiMalware.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
(end)
will update after restart
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
