Solve : Request Help for trojan removal - Combofix Log interpretation?

1.	Solve : Request Help for trojan removal - Combofix Log interpretation?
Answer» Cannot run Viruseffect remover: " says system administrator has set polices to prevent its installation"Try OTL please.Sorry about that. It is hard to KNOW if ONE program is dependent upon the first running successfully. I will assume they are independent in the future unless stated otherwise. Logs attached: [Saving space, attachment deleted by admin]Quote from: Jhavey on January 05, 2010, 07:30:53 PM It is hard to know if one program is dependent upon the first running successfully. They usually are but if one won't run then we're forced to try the next. Good news. I don't see anything wrong. Bad news. I don't see anything wrong.... Try Dial-a-fix. Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder. Open the folder and run Dial-a-fix.exe 2 windows will open. Close the one in the BACKGROUND labeled Restrictive Policies Check the box in section 1, Empty temp folders. Check the box in section 2, Fix Windows Installer. Check the box in section 3, Fix Windows Update. Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 BOXES under it should be pre-checked Check all boxes in section 5, labeled Registration Center. Click Go OK any error messages if received, but write them down and post them here. Restart the computer when done. . How is the computer now?During install it Stated "Installer unable to determine your version of Internet explorer, some DLL registrations will be skipped" I ran it anyways. received Multiple error messages #127: for the following files: iesetup.dll imgutil.dll inserg.dll pngfild.dll webcheck.dll inshtml.dll msrating.dll occache.dll After reboot to normal windows mode still no permissions to run programs or startup notifications bar. Nothing changed that can be detected. I ran Avast boot time scan this morning and it showed no infections. Ever since post reply #9 where I attempted to run ESET I have had the issue with the lack permissions and the missing start up notifications bar. In post replay #28 I asked you if we could address this and you did not respond but instead had me run another program. I ASK NOW .... Is it possible that we have cleaned the machine in this process and what is left is some configurations that got screwed up in the process? Can we now directly address why I am not getting permissions in the normal run mode and why the start up notification bar is missing? or do you still feel we need to run more checks for infections?I have searched on my own attempting to fix the configurations but I have had no luck. Any suggestions before I NUKEIT ?Do you have an XP CD? If so, place it in your CD ROM drive and follow the instructions below: Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow) Let this run UNDISTURBED until the window with the blue progress bar goes away SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.Thanks for sticking with me. Not sure I understood the proper procedure for running it. It never wanted to go to the CD drive for the file. I tried as you said and it did not run. Did open a window but then hangs, no progress bar indicator. Tried this multiple times. I read up on this SFC and found where it should be located. "D" is my CD drive. I then tried d:\i386\sfc \scannow and that did not work. Guess cause file there is marked as SFC.EX_ I then found that I have two copies of this file on my c drive. One in c:\i386\ and another in c:\windows\system32\ When I point a full path the c:\386 version a window opens too quick to read and closes again. I checked in the registry and the CurrentVersion\setup is pointed to C\... and not the D drive. Any other suggestions? It should be run with the C drive. Post a fresh HijackThis log please.So you directed me to insert the CD just in case the SFC.exe file was not present on the C drive then? I am attaching a new hijack log. [Saving space, attachment deleted by admin]I have not been overly impressed with the help I received here. Realizing that you offer help on your own time and for free I do want to Thank you for trying. I am Nukin it now!There is only so much we can do...

Answer»

Cannot run Viruseffect remover:
" says system administrator has set polices to prevent its installation"Try OTL please.Sorry about that. It is hard to KNOW if ONE program is dependent upon the first running successfully. I will assume they are independent in the future unless stated otherwise.
Logs attached:

[Saving space, attachment deleted by admin]Quote from: Jhavey on January 05, 2010, 07:30:53 PM

It is hard to know if one program is dependent upon the first running successfully.

They usually are but if one won't run then we're forced to try the next.

Good news. I don't see anything wrong.

Bad news. I don't see anything wrong....

Try Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the BACKGROUND labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 3, Fix Windows Update.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 BOXES under it should be pre-checked
Check all boxes in section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done.

.
How is the computer now?During install it Stated "Installer unable to determine your version of Internet explorer, some DLL registrations will be skipped" I ran it anyways.

received Multiple error messages #127: for the following files:
iesetup.dll
imgutil.dll
inserg.dll
pngfild.dll
webcheck.dll
inshtml.dll
msrating.dll
occache.dll

After reboot to normal windows mode still no permissions to run programs or startup notifications bar.
Nothing changed that can be detected.
I ran Avast boot time scan this morning and it showed no infections.

Ever since post reply #9 where I attempted to run ESET I have had the issue with the lack permissions and the missing start up notifications bar.

In post replay #28 I asked you if we could address this and you did not respond but instead had me run another program.

I ASK NOW ....

Is it possible that we have cleaned the machine in this process and what is left is some configurations that got screwed up in the process?
Can we now directly address why I am not getting permissions in the normal run mode and why the start up notification bar is missing?

or do you still feel we need to run more checks for infections?I have searched on my own attempting to fix the configurations but I have had no luck. Any suggestions before I NUKEIT ?Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run UNDISTURBED until the window with the blue progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.Thanks for sticking with me.

Not sure I understood the proper procedure for running it. It never wanted to go to the CD drive for the file.

I tried as you said and it did not run. Did open a window but then hangs, no progress bar indicator. Tried this multiple times.

I read up on this SFC and found where it should be located. "D" is my CD drive.
I then tried d:\i386\sfc \scannow and that did not work. Guess cause file there is marked as SFC.EX_

I then found that I have two copies of this file on my c drive. One in c:\i386\ and another in c:\windows\system32\

When I point a full path the c:\386 version a window opens too quick to read and closes again.

I checked in the registry and the CurrentVersion\setup is pointed to C\... and not the D drive.

Any other suggestions?
It should be run with the C drive.

Post a fresh HijackThis log please.So you directed me to insert the CD just in case the SFC.exe file was not present on the C drive then?
I am attaching a new hijack log.

[Saving space, attachment deleted by admin]I have not been overly impressed with the help I received here. Realizing that you offer help on your own time and for free I do want to Thank you for trying.
I am Nukin it now!There is only so much we can do...

Solve : Request Help for trojan removal - Combofix Log interpretation?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment