Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Recovering from a trojan, can someone review my logs, please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Recovering from a trojan, can someone review my logs, please

Unread postby Shaba » November 24th, 2008, 3:26 am

Great :)

Please check next if this file exists:

C:\WINDOWS\system32\spoolsv.exe
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: Recovering from a trojan, can someone review my logs, please

Unread postby flying92 » November 24th, 2008, 9:05 am

That file is not in the system32 directory.
flying92
Active Member
 
Posts: 13
Joined: November 20th, 2008, 8:50 am

Re: Recovering from a trojan, can someone review my logs, please

Unread postby Shaba » November 24th, 2008, 10:40 am

Then see here and post back a fresh HijackThis log afterwards, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Recovering from a trojan, can someone review my logs, please

Unread postby flying92 » November 24th, 2008, 8:26 pm

Stuck!
I was going through the steps "to run SFC.EXE /SCANNOW without a Windows installation CD - only a restore CD from the manufacturer". I copied the directory "i386" from C:\WINDOWS\Driver Cache to C:\ and I redirected the regedit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\SetupSourcePath to C:\ so that it would read the i386 folder after rebooting. When I run SFC.EXE /SCANNOW, I am still getting the error message "please insert XP disk". Could the files in the i386 folder be incorrect or not up to date?
flying92
Active Member
 
Posts: 13
Joined: November 20th, 2008, 8:50 am

Re: Recovering from a trojan, can someone review my logs, please

Unread postby Shaba » November 25th, 2008, 3:56 am

That is possible as that CD doesn't most likely have SP3.

Are you able to borrow CD from someone?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Recovering from a trojan, can someone review my logs, please

Unread postby flying92 » November 25th, 2008, 8:33 am

One step forward, two back...

I turned the computer off last night because I couldn't do anything more until I heard from you. This morning when I restarted it, because of the change I made to the SetupSourcePath, it went right into trying to restore the system. The only options were to begin reformatting the system, or going to the dos prompt. Obviously I didn't want to format the drive so I went to dos. It is sitting at the a:\ prompt, I don't remember how to get Windows to start up from there and searches online aren't helping me find the command.

I will try to find a copy of XP from someone to restore the files needed.
flying92
Active Member
 
Posts: 13
Joined: November 20th, 2008, 8:50 am

Re: Recovering from a trojan, can someone review my logs, please

Unread postby Shaba » November 25th, 2008, 9:37 am

Typing c: (enter),
cd windows (enter) and
win (enter) might help here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Recovering from a trojan, can someone review my logs, please

Unread postby flying92 » November 25th, 2008, 9:12 pm

Well, the last step back was due to my stupidity... I was restarting with the system restore disk in the drive. :oops: I got it to restart and I placed a message on the BleepingComputer.com forum to see if they can tell me how to restore those files without an XP disk. I will post back here with a new hijack this log when I get advice how to continue.
flying92
Active Member
 
Posts: 13
Joined: November 20th, 2008, 8:50 am

Re: Recovering from a trojan, can someone review my logs, please

Unread postby Shaba » November 26th, 2008, 5:15 am

Thank you for information, I will keep this thread open :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Recovering from a trojan, can someone review my logs, please

Unread postby Shaba » December 1st, 2008, 4:53 am

flying92?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Recovering from a trojan, can someone review my logs, please

Unread postby flying92 » December 1st, 2008, 7:55 am

Hi...
I've been receiving help from the guys at BleepingComputer.com but I seem to have reached an impass where I need a Windows XP disk to restore system files and I don't have one. I am headed out of town on business as we speak and I will continue trying to fix this when I return later this week. It appears at though I may need to restore my system if I can't find a disk.

Thanks again for all of your help!
flying92
Active Member
 
Posts: 13
Joined: November 20th, 2008, 8:50 am

Re: Recovering from a trojan, can someone review my logs, please

Unread postby Shaba » December 1st, 2008, 8:03 am

Thank you for update :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Recovering from a trojan, can someone review my logs, please

Unread postby NonSuch » December 12th, 2008, 11:40 pm

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 336 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware