|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
07-02-2009, 09:28 AM
|
#1 |
|
Member (7 bit)
Join Date: Feb 2004
Location: newcastle - upon - tyne
Posts: 89
|
troan horse PSW.Banker5.OGA
hi,
i'm having a serious problem with this little sod! its altered my xp desktop which i have only just installed. it started with the logon. after trying to logon there was no explorer display. starting task manager quickly, i can get around this by running it through task manager,new task,but, i have to do this every time i boot up. i have ran safe mode on admin account and ran avg free twice. once with restore on then with it off. i have created a new logon to see if that changed it but same on that too. if i dont get to start task manager quick enuf, i get a prob with userinit, then other dll issues. DEP is shutting these down. i presume my user profile is corrupt but also think it may have affected the boot process as it keeps returning. it is preventing me from getting onto emsi site too(altho i dont know if that has anything to do with anything), so that i cant update a2 free trojan removal tool which i downloaded. not sure what to try next as i have researched a bit and can only see editing the registry as being an answer. i'm unsure how to do this exactly as most answers i have had are vague and not simple (like me). also, sys restore was wiped so cannot do that. xp disk i have is not genuine so i dont know if anyone is willing to help but would appreciate some advice. i have hijack this log if it would help answer any questions that i havent covered also have everest ultimate edition which has loads of info that i dont understand system xp pro sp3 pentium 4 550J, 3400 MHz (17 x 200) medion MSI MS-7091 can anyone help me so that i dont have to reformat and re-install etc Jay |
|
|
|
07-02-2009, 09:43 AM
|
#2 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Quote:
Go down to your local Maplins and get a USB adapter, they are about twenty five quid. Hot plug your harddrive to a machine with a very up-to-date antivirus installation, malwarebytes install and superantispyware install, then run scans on your harddrive. You could also try running the Sophos antirootkit scanner on it. See this thread for information on using a USB adapter: http://forum.pcmech.com/showthread.php?t=204049
__________________
Niwa no niwa ni wa, niwa no niwatori wa niwaka ni wani o tabeta. |
|
|
|
|
|
07-02-2009, 02:40 PM
|
#3 |
|
计算机超级技术
Premium Member
Join Date: Sep 2005
Location: Illinois
Posts: 3,651
|
I used to date a girl from Tyne and Wear 30 years ago. Nice country side there, what are you doing getting a Trojan Horse on your computer?
 If you can surf the net, download this http://www.malwarebytes.org/mbam.php and run it in safe mode.
__________________
ASUS M5A99X EVO AMD Vishera FX-8350 Intel 520 Series 240GB SSD Asus Matrix HD7970 |
|
|
|
|
07-02-2009, 04:28 PM
|
#4 | |
|
I don't computer.
Join Date: Mar 2003
Location: Ellisville, MO
Posts: 1,561
|
Quote:
__________________
Gaming Rig - ASUS A8N-SLi Deluxe :: AMD 64 X2 4600+ :: 3GB Corsair XMS PC-3200 ASUS GeForce GTX 560 (Fermi) 1GB :: SB Xi-Fi Fatal1ty Pro 500GB WD Black :: Sony DVD-ROM :: Plextor 716SA DVD/RW OS - WinXP Pro :: Powered by - Enermax 535W PSU ASUS G60JX Laptop - Intel Core i5 M430 :: 4GB DDR3 NVIDIA GeForce GTS 360M 1GB :: 500GB SATA HD (7200) OS - Win7 Home Premium 64-bit |
|
|
|
|
|
07-03-2009, 03:06 AM
|
#5 |
|
Member (7 bit)
Join Date: Feb 2004
Location: newcastle - upon - tyne
Posts: 89
|
How do you boot into safe mode with networking? Dunno how to do that.
Think I may have downloaded it in a program. Seems quite new too. Deeply embedded coz keeps appearing in system32 folder. Dunno where its starting tho. Is there no way I can just replace the boot files so that it doesn't get the go ahead to start? Last edited by wooosh; 07-03-2009 at 03:12 AM. Reason: extra text |
|
|
|
|
07-03-2009, 03:16 AM
|
#6 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,162
|
Start pressing F8, you have to catch it between the POST screen and the XP splash screen to get the boot menu.
|
|
|
|
07-04-2009, 08:17 AM
|
#7 |
|
Member (7 bit)
Join Date: Feb 2004
Location: newcastle - upon - tyne
Posts: 89
|
right, downloaded malwarebytes and ran it. got rid of 61 problems. also ran sofo antirootkit which caught a few others too, but I now have some issues which i need sorting.
no taskbar or icons and explorer only brings up windows etc. i could do with having this back so that i dont have to manually start everything. also, having little problem with userinit not being able to start still. help..... please... Jay Last edited by wooosh; 07-04-2009 at 08:18 AM. Reason: extra text |
|
|
|
|
07-04-2009, 10:50 AM
|
#8 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,162
|
If you had a rootkit, pull the drive and use a USB adapter to recover your data files onto another computer, then zero fill the hard drive and start from scratch.
|
|
|
|
|
07-04-2009, 01:32 PM
|
#9 |
|
Member (7 bit)
Join Date: Feb 2004
Location: newcastle - upon - tyne
Posts: 89
|
Is there no way to replace the wiped system files?
I.e. explorer, etc I can still work with it through task manager but only in safe mode. Task manager is locked out thro logins. Would obv need to know which files to replace but dunno how to find out. Is re-install only way round? |
|
|
|
|
07-04-2009, 02:35 PM
|
#10 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
You can do a repair-install to replace your damaged system files, but if you cannot be 110% certain that the nasties are gone you are wasting your time.
If you have any kind of suspision that you did indeed have a root-kit then the only way to go is save your personal files and zero fill the harddrive, this is the only way of being sure the root-kit is gone. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
