Unknown Virus

View previous topic View next topic Go down

Re: Unknown Virus

Post by GypsyCowgirl on 7th April 2009, 7:57 pm

I opened the Windows folder and I found a blue block logo with regedit, but it does not say .exe. Is this the same as regedit.exe that I should rename?

GypsyCowgirl
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on 7th April 2009, 7:59 pm

Yes, it's just your folder options are set to not show file extensions. It's the same thing, just rename it from regedit to reg3edit.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown Virus

Post by GypsyCowgirl on 7th April 2009, 8:10 pm

Two things, I don't know if this matters, but I noticed when I renamed regedit, reg3dit.exe, another regedit appeared right next to reg3dit.exe. Also as I am attempting to save drivers32.reg, it is attempting to save this as a document file. Should I save this in another way?

GypsyCowgirl
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on 7th April 2009, 8:14 pm

Hello.
That's the Windows File Protection that generated another copy of it, just Windows protecting itself.

It should want to automatically save it as a .reg file.
Either way, if saved as a .reg file, it can still be opened in Notepad.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown Virus

Post by GypsyCowgirl on 7th April 2009, 8:19 pm

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.l3acm"="C:\\WINDOWS\\System32\\l3codeca.acm"
"vidc.iv50"="ir50_32.dll"
"vidc.iv41"="ir41_32.ax"
"msacm.iac2"="iac25_32.ax"
"msacm.ctmp3"="C:\\WINDOWS\\System32\\ctmp3.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"vidc.tscc"="tsccvid.dll"
"aux"="C:\\WINDOWS\\system32\\..\\rpo.pji"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"

GypsyCowgirl
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on 7th April 2009, 8:27 pm

There's the little devil.


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Delete a file on reboot"
  • This opens a window to locate the file we wanted to be deleted.
  • Now using that window, look at the top for the drop down menu. Select the "C Drive"
  • Now go into the Windows folder, and select this file by double clicking: rpo.pji
  • Hijack This will warn you that system settings will change on reboot
  • Press YES and allow Hijack This to reboot your machine.
  • If Hijack This doesn't reboot your machine automatically, then reboot it yourself.


Now after reboot, check and make sure this file doesn't exist.
C:\WINDOWS\rpo.pji

Let me know if it has been deleted.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown Virus

Post by GypsyCowgirl on 7th April 2009, 9:10 pm

I deleted rpo.pji, and have searched for it after reboot, and I do not see it any longer.

GypsyCowgirl
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on 7th April 2009, 9:11 pm

Hello.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "aux"="wdmaud.drv"

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

Your problems should be gone now. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown Virus

Post by GypsyCowgirl on 7th April 2009, 9:44 pm

Great! My AVG seems to be working again, I'll run a Malwarebytes update in a little while. I am wondering what should I do with the Avenger and fix.reg on my desk top?

Thanks so much for your help!!!!

GypsyCowgirl
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on 7th April 2009, 9:46 pm

Delete them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown Virus

Post by GypsyCowgirl on 7th April 2009, 10:02 pm

What do you recommend for protection? I now use AVG, SuperAntiSpyware, and Malwarebytes Anti-Malware. I use Firefox browser. What exactly was in my computer, and was the cat file deleted part of it.

Thanks again

GypsyCowgirl
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on 7th April 2009, 10:10 pm

I couldn't find much on that cat file, but what I read said it wasn't needed.

This is the malware you were dealing with:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Unknown Virus

Post by GypsyCowgirl on 8th April 2009, 8:01 pm

Belahzur, I sent you a PM regarding donations. Will you please take a look at that and get back with me.

Thanks

GypsyCowgirl
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown Virus

Post by Belahzur on 8th April 2009, 8:03 pm

I don't know the email Doc uses for our donation via Paypal, so I'll send you my personal email that is my used on my Paypal account.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum