Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've got tons of Trojans

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I've got tons of Trojans

Unread postby deltalima » January 28th, 2011, 4:24 pm

Hi RaoulDuke,

Boot into Safe Mode:

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56667

Now close all other open windows and then click on Fix Checked. Close HijackThis.

reboot into safe mode and let me know if you can access the Internet.

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: I've got tons of Trojans

Unread postby RaoulDuke » January 28th, 2011, 5:16 pm

yep now the net works
now dowloading the tool..
RaoulDuke
Active Member
 
Posts: 11
Joined: January 22nd, 2011, 3:05 pm

Re: I've got tons of Trojans

Unread postby RaoulDuke » January 28th, 2011, 5:18 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Cached Validation Code: N/A
Windows Product Key: *****-*****-Q64D4-Q4DBW-DQDRP
Windows Product Key Hash: 7ZpgBr2w1DSTADup/UBfn2lJatE=
Windows Product ID: 55274-641-2453842-23375
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {36140D14-4DA2-44CA-A9DC-865DBE8CAA1F}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.5.723.1
Signed By: N/A, hr = 0x80096010
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 5
File Exists: Yes
Version: 1.5.540.0
WgaTray.exe Signed By: N/A, hr = 0x80004005
WgaLogon.dll Signed By: N/A, hr = 0x80004005

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Programmi\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.2180], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{36140D14-4DA2-44CA-A9DC-865DBE8CAA1F}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DQDRP</PKey><PID>55274-641-2453842-23375</PID><PIDType>1</PIDType><SID>S-1-5-21-484763869-1123561945-725345543</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.60</Version><SMBIOSVersion major="2" minor="4"/><Date>20090708000000.000000+000</Date></BIOS><HWID>595D32F70184EE78</HWID><UserLCID>0410</UserLCID><SystemLCID>0410</SystemLCID><TimeZone>ora solare Europa occidentale(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 136FB:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
RaoulDuke
Active Member
 
Posts: 11
Joined: January 22nd, 2011, 3:05 pm

Re: I've got tons of Trojans

Unread postby deltalima » January 28th, 2011, 5:27 pm

Hi RaoulDuke,

The copy of Windows XP that you have does not have a valid license key.

Please see our policy here
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I've got tons of Trojans

Unread postby NonSuch » January 28th, 2011, 6:20 pm

It appears that there are issues with your Windows operating system as it has failed the validation process. This means that the copy of Windows installed on your computer cannot be properly validated as being genuine; therefore, it cannot be updated nor can it be made secure. Accordingly, it would be counterproductive to attempt cleaning of this machine as it would be immediately reinfected.

Moreover, it is the policy of the Malware Removal Forum that we do not assist those who are using illegal/invalid software.

http://malwareremoval.com/forum/viewtopic.php?t=550

If you have reason to believe that your copy of Windows should have passed the validation process, you may contact Microsoft for assistance:

http://social.microsoft.com/Forums/en-U ... ry/genuine

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 146 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware