Hijack.WindowsUpdates Will Not Delete

View previous topic View next topic Go down

Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Fri Jan 01, 2010 9:49 pm

I've had war with my computer for the past 3-4 days. First I'd like to say that I do share my computer with my brother and he deleted all virus software I had on my computer while I was away. Now I'm the one fighting with the viruses! I'm just wondering if anyone can help. Luckily I got my Comodo and Ad-Aware back on my computer. It found numerous viruses but I've had trouble with one that Malwarebytes keeps detecting. This is the log it gives me:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/1/2010 9:02:45 PM
mbam-log-2010-01-01 (21-01-15).txt

Scan type: Quick Scan
Objects scanned: 141431
Time elapsed: 14 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'm somewhat computer savvy but have no idea how to tackle this. It's saying my windows updates is disabled but when I go to change it it says it's already on automatic??? I get tons of web pages that pop up on both IE and Mozilla. Everytime I turn my computer back on I pray it starts up. I've been stressing over this virus and just need some guidance. Any suggestions?

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Sat Jan 02, 2010 2:02 am

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
  • Please disable realtime protection. The only realtime protection that gets in the way and need to be disabled: Windows Defender, Microsoft Security Essentials, Spybot TeaTimer, WinPatrol, and Ad-Aware AdWatch. If you have anyone of those, please disable them.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer.


==

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Sat Jan 02, 2010 8:53 am

When I get to this step: Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel

and hit ok, it starts to load and then gives me this error message:

[You must be registered and logged in to see this link.]

Annoyed or Unimpress What now?

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Sat Jan 02, 2010 8:57 am

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Sat Jan 02, 2010 9:12 am

This is all is has shown:

Cheetah Anti-Rogue v1.0.14
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Sat 01/02/2010 9:11:53.12


-- Known infection --



If objects found, full virus scan or anti-malware scan necessary


EOF

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Sat Jan 02, 2010 9:31 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Sat Jan 02, 2010 12:43 pm

Malwarebytes' Anti-Malware 1.43
Database version: 3477
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/2/2010 12:41:12 PM
mbam-log-2010-01-02 (12-41-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 246458
Time elapsed: 2 hour(s), 43 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Sat Jan 02, 2010 3:51 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Sat Jan 02, 2010 4:16 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:11 on 02/01/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll --a--c 181248 bytes [23:37 29/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 180224 bytes [16:12 26/08/2004] [19:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [16:12 26/08/2004] [19:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll --a--c 407040 bytes [23:37 29/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [16:12 26/08/2004] [19:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [16:12 26/08/2004] [19:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --a--c 56320 bytes [23:36 29/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 55808 bytes [16:11 26/08/2004] [19:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll --a--- 55808 bytes [16:11 26/08/2004] [19:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78

Searching for "winlogon.exe"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe --a--c 507904 bytes [23:37 29/08/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\dllcache\winlogon.exe --a--c 502272 bytes [16:12 26/08/2004] [19:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\system32\winlogon.exe --a--- 502272 bytes [16:12 26/08/2004] [19:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE

Searching for "comres.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll --a--c 792064 bytes [23:36 29/08/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [16:11 26/08/2004] [19:00 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\system32\dllcache\comres.dll --a--c 792064 bytes [16:11 26/08/2004] [19:00 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310

Searching for "crypt32.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\crypt32.dll --a--c 599040 bytes [23:36 29/08/2008] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 597504 bytes [16:11 26/08/2004] [19:00 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\system32\dllcache\crypt32.dll --a--c 597504 bytes [16:11 26/08/2004] [19:00 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rundll32.exe --a--c 33280 bytes [23:37 29/08/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\dllcache\rundll32.exe --a--c 33280 bytes [16:12 26/08/2004] [19:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [16:12 26/08/2004] [19:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF

Searching for "sfc.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll --a--c 5120 bytes [23:37 29/08/2008] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\dllcache\sfc.dll --a--c 5120 bytes [16:12 26/08/2004] [19:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\system32\sfc.dll --a--- 5120 bytes [16:12 26/08/2004] [19:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E

Searching for "svchost.exe"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe --a--c 14336 bytes [23:37 29/08/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\dllcache\svchost.exe --a--c 14336 bytes [16:12 26/08/2004] [19:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\svchost.exe --a--- 14336 bytes [16:12 26/08/2004] [19:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\WINDOWS\system32\dllcache\beep.sys --a--c 4224 bytes [16:11 26/08/2004] [19:00 04/08/2004] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys --a--- 4224 bytes [16:11 26/08/2004] [19:00 04/08/2004] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe --a--c 13824 bytes [23:37 29/08/2008] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\system32\dllcache\wscntfy.exe --a--c 13824 bytes [16:12 26/08/2004] [19:00 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\system32\wscntfy.exe --a--c 13824 bytes [16:12 26/08/2004] [19:00 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297

Searching for "atapi.sys"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys --a--c 96512 bytes [23:35 29/08/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 95360 bytes [05:59 04/08/2004] [22:15 31/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys --a--- 95360 bytes [05:59 04/08/2004] [22:15 31/12/2009] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Sat Jan 02, 2010 4:20 pm

Please go [You must be registered and logged in to see this link.]. Copy and paste the following file path in to the box.

c:\windows\system32\user32.DLL

Do the same for these two files:

C:\windows\system32\userinit.exe
C:\windows\explorer.exe


Then click submit.

Please post the results (URL) to your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Sat Jan 02, 2010 4:46 pm

I hope I did this right!

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Sat Jan 02, 2010 10:45 pm

Good. Now once more, please for a couple of other system files.

Please go [You must be registered and logged in to see this link.]. Copy and paste the following file path in to the box.

c:\windows\system32\eventlog.dll

Do the same for this one:

C:\windows\system32\drivers\atapi.sys

Then click submit.

Please post the results (URL) to your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Sun Jan 03, 2010 9:41 am

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Sun Jan 03, 2010 1:51 pm

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Please close all other applications running on your system.
  • Please double click GetSystemInfo.exe to open it.
  • Click the Settings button.
  • Set it to Maximum
  • IMPORTANT! Then please click Customize - choose Driver / Ports tab and
  • Uncheck Scan Ports.
  • Click Create Report to run it.
  • It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Mon Jan 04, 2010 6:31 pm

Sorry for the delay... back to work today.

I downloaded this to my desktop and didn't touch anything. I then got an error when I double clicked the icon.


[You must be registered and logged in to see this link.]

Let me think

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Mon Jan 04, 2010 8:18 pm

Must have been corrupted.

Open NOTEPAD.exe and copy/paste the text in the codebox below:
(don't forget to copy and paste REGEDIT4)
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
"Start"=dword:00000004
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry

==

Then try Kaspersky GSI again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Mon Jan 04, 2010 9:42 pm

ok, tried that and double clicked the icon again. Now it gives me this error:

[You must be registered and logged in to see this link.]

I feel like I'm doing something wrong. I know I'm causing a headache lol. I may not get to respond until later tomorrow. But thank you so much for your help so far. Smile Much appreciated!

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Tue Jan 05, 2010 6:06 am

Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by amber8949 on Mon Jan 18, 2010 8:31 pm

Ugh, major computer problems. I scanned with that last thing... it kept freezing up and would lock up my computer. Now I still have the infamous virus but now it won't let me do a system recovery and of course I can't find my discs to do a system restore. I'm at wits end. Most of my scans won't find anything now but I know there are still problems. I don't know where to go from here......

amber8949
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-01-01
Gender Gender : Female
OS OS : Windows XP
Points Points : 25458
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack.WindowsUpdates Will Not Delete

Post by Dr Jay on Mon Jan 18, 2010 9:00 pm

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum