Corrosion. Posted July 9, 2008 Share Posted July 9, 2008 ok I've been searching all over the net. I have that damned mywebsearch on my computer :/ Ive run hijackthis unlocker (to try and manually delete) I've manually edited registry I've run msconfig and I ran something I forget the name that scans my registry then I deleted the problem. Still coming back. can this be fixed without wiping the machine? Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 9, 2008 Share Posted July 9, 2008 Spybot? Quote Link to comment Share on other sites More sharing options...
Corrosion. Posted July 9, 2008 Author Share Posted July 9, 2008 Tried it :/ It endedup doing sys restore then another scan... Fixed it :) Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 9, 2008 Share Posted July 9, 2008 Tried it :/ It endedup doing sys restore then another scan... Fixed it :) Are you still using IE? Quote Link to comment Share on other sites More sharing options...
digip Posted July 9, 2008 Share Posted July 9, 2008 I just recently started playing around with BartPE and now UBCD4win (http://www.ubcd4win.com/). Check it out if you ever have to remove something and want to be sure it's gone for good, Its a live Windows XP cd, so the HDD never gets a chance to launch the rouge files in question and you can safely delete them for good, unlike some other live cd's that are read only for NTFS systems. You can even mount a registry hive from the crippled pc and make changes to it before reboot. Took me a while to configure it with the settings I wanted, but I have a VM to test it in before wasting any cd's. Lots of recovery tools and even the ability to read *nix file systems, not just fat and NTFS, so you can do quite a lot with it, like download the shadow password files or overwrite them with a known password hash. It also has the ability to dual boot windows XP and Knoppix(Or some other small linux variant of your choice) from the same disk, but if you want to just work from windows, it has some unix like tools to let you make changes directly from XP. I was surfing the web with it earlier today on a pc with no OS, so you can take an old pc that is broken and still get some use out of it, if only for safe surfing since cds and dvd's are read only, you can't get infected while using it. Quote Link to comment Share on other sites More sharing options...
Corrosion. Posted July 9, 2008 Author Share Posted July 9, 2008 Are you still using IE? Hell no I hate IE, I use firefox V3 EDIT Yeh I've used bartpe before kickass stuff :) Quote Link to comment Share on other sites More sharing options...
l337virus Posted July 9, 2008 Share Posted July 9, 2008 well i recommend running autoruns but if you don't see anything that is unusual try going to the into IE and then go to tool > Manage Addons and then add and remove addons and the look for some crazy file names as the programs and just search for the dll. or the file names described an (crazy add like like "shdhre.dll or wsdjdf.exe) and then just deleted if it dose not delete just rename it by taking the .dll extention off of it and restart the computer then next just run a registry cleaner to clean all the missing or broken registry values. Quote Link to comment Share on other sites More sharing options...
Corrosion. Posted July 9, 2008 Author Share Posted July 9, 2008 Its back :/ Scanning again EDIT I'm going back to regedit.... EDIT seems to be really gone this time :) Uninstalled entry, removed all registry entries, booted into safemode and scanned. Quote Link to comment Share on other sites More sharing options...
l337virus Posted July 10, 2008 Share Posted July 10, 2008 Its back :/ Scanning again EDIT I'm going back to regedit.... EDIT seems to be really gone this time :) Uninstalled entry, removed all registry entries, booted into safemode and scanned. if that dosent work then try using spy sweeper 5.0 beta since its on beta it will remove the stuff it finds http://www.webroot.com/beta/beta_download.php Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 10, 2008 Share Posted July 10, 2008 This only prooves the point: An infected system can bnever be trusted there after. Reinstall. Quote Link to comment Share on other sites More sharing options...
Corrosion. Posted July 10, 2008 Author Share Posted July 10, 2008 This only prooves the point: An infected system can bnever be trusted there after. Reinstall. yeh I kno :/ Just kinda sucks lol Thanks for all the help guys Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.