Bad Case of WinBlue Soft

View previous topic View next topic Go down

Bad Case of WinBlue Soft

Post by Potator on Sat May 30, 2009 6:10 pm

Hello

I read through lots of posts from different victims infected with WinBlue Soft. What I got smells like what PatTheBaker's got (post: "WinBlue Soft Help Please") It's the worst case of WinBLue Soft out there, and it's impossible to fire up any useful application that could help getting somewhere, either from a USB, by renaming it, or by praying like crazy.

I stoped following his post when it got to the deleting of the files in system32. Everything else before that was pretty innocent, but frankly I don't feel confident enough in my skills to make the difference between the bad files and the keepers.

If you can help, should we start over from the top with my own problem or do you think I should go and delete files right away? If deleting is the way to go, I will ask for your input.

Thanks!

Potator
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-05-30
OS : XP 2003

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Belahzur on Sat May 30, 2009 6:31 pm

Hello.
Lets try this method.

  • Now open a new notepad file.
  • Input this into the notepad file:

    [Version]
    Signature=$CHICAGO$

    [DefaultInstall]
    AddReg=Del.Settings

    [Del.Settings]
    HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000
    HKLM,software\microsoft\windows\currentVersion\Run,WinBlueSoft,0x00000000
    HKU,DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000

  • Save this as fixreg.inf, save it to your desktop.
  • Right click fixreg.inf and select install.

Delete these files/folders in bold:

C:\Windows\system32\setup2.exe <== file
C:\Program Files\Winblue Software <== folder
C:\Documents and settings\USERNAME\Application Data\winav.exe <== file


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Potator on Sat May 30, 2009 7:45 pm

Thanks for that quick reply

- Created the notepad on a 2nd computer (the one i'm on right now go on the net) and copied on infected PC's desktop through USB.
- Clicked install
- Don't think it ran (Got alert message "Process runonce.exe terminated Harmful memory infection detected")

As for the deleting:

C:\Windows\system32\setup2.exe == Wouldn't let me
C:\Program Files\Winblue Software == Succesful
C:\Documents and settings\USERNAME\Application Data\winav.exe == I did not see that file in there (there were no floating files, only folders)

Potator
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-05-30
OS : XP 2003

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Belahzur on Sat May 30, 2009 8:01 pm

Letsy try batch script to delete it.

Now open a new notepad file.
Input this into the notepad file:

@echo off
@echo off
del "C:\Windows\system32\setup2.exe" /q /s >nul
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Check if setup2.exe is still there please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Potator on Sat May 30, 2009 8:15 pm

- Fired up the .bat and the black window flashed all right. But the process also got terminated the same way the .inf had (or so it said on the bottom right of screen)

- Setup2.exe is stil there, and still won't give

FYI prior to this, all my tests with launching .exe .com .bat .pif .scr .txt and .inf files have failed.

Potator
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-05-30
OS : XP 2003

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Belahzur on Sat May 30, 2009 9:16 pm

Hello.
Are you able to run regedit.exe or regedt32.exe?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by sw33tang3l on Sat May 30, 2009 9:34 pm

check my topic "click here to remove winbluesoft [!]" im sure it can help. Smile

sw33tang3l
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-05-29
OS : Windows XP

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Origin on Sat May 30, 2009 9:35 pm

I removed your topic, this doesn't fully remove Winibluesoft.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Potator on Mon Jun 01, 2009 4:05 pm

[You must be registered and logged in to see this link.] wrote:Hello.
Are you able to run regedit.exe or regedt32.exe?

I tried both and did not get any message about process being terminated, but nothing else happened either.

Potator
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-05-30
OS : XP 2003

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Belahzur on Mon Jun 01, 2009 5:08 pm

Hmm.
Can you try running MGTools?

Info and link on this page:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Bad Case of WinBlue Soft

Post by Potator on Mon Jun 01, 2009 5:32 pm

Saved the installer on my USB... Won't run on on my PC Sad tearing

Tried both from the USB and after copying the .exe to desktop. Also tried renaming (manually)

Potator
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-05-30
OS : XP 2003

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum