Results 1 to 6 of 6

Thread: A very specific Threat.

  1. #1
    Junior Member
    Join Date
    Jun 2012
    Posts
    2

    Default A very specific Threat.

    I am running windows XP professional SP3 on a computer i have to work with over a remote connection. It had a virus that disabled the task manager and the regedit when we got rid of it, and the way in which it is disabled is unlike anything i can find online.

    It simply acts as if the file has been deleted, but the icon is still there (Yes, even in system 32.) It says "Windows cannot find 'regedit' . Make sure you typed the name correctly, and then try again. To search for a file, click the start button." I have tried the cmd registry editing methods and the gpediting methods and none of them have worked. It seems that this is an entirely new problem. It is also preventing the installation of norton symantec endpoint protection (which is company standard.)

    I've brought in the two programs from another computer and that too did not work. The only thing that has worked is changing the file name and running it that way, but this is unacceptable. This is a company computer and has to retain the same system config as hundreds of others.

    We've found "protector-jqnn"(Which i cannot even find reference to on google, but am sure that it is left over from the malware because it was a protector clone.) and "Virusrl2009" in the startup programs (After an exhausting viral cleanup) and tskmgr and regedit are the only things still not working.

    I am part time IT here, and would really like to save the day. I'm unfamiliar with everything involved. So if anyone has the patience to help me, I'd be grateful. Please keep in mind that replacing our AV or using alternate files on a long term basis is out of the question as all company computers need to run what we have.
    Thank you very much.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Railrocket138,

    Personal computers
    The malware removal forum is set up to help those in need of assistance with their personal computers. This service is free and provided by volunteer analysts.

    When the infection is on a Server/Company/Business/Institution/Medical Facility-Health Insurance (HIPAA Privacy Rule) machine or any computer used in the workplace.


    The intention of this forum is not to replace a company's IT department or a private business specialist, helpers cannot anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.

    Other considerations:

    • Company information may show in the logs.
    • More than one machine could be at stake.
    • If sensitive material has been compromised by an infection, the company could be held liable.

    To prevent possible loss or corruption of company information, please inform your IT Professional or Supervisor when a workplace computer has been infected. If neither are available please consider calling in a local technician who can see the machine/network in person.

    It's not that we don't want to help, but there are too many issues that could arise with company machines and servers that malware forum volunteers are not experienced in dealing with.

    Thank you for your understanding.

    ------------------------------------------------------

    Spybot S&D Corporate-Small Business Editions

    As Spybot-S&D is free for personal use only, please contact our office support if you would like to use our software in a Corporate or Small Business environment so that we may provide direct assistance for your needs.

    Thank you.
    http://forums.spybot.info/showpost.p...12&postcount=5
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Quote Originally Posted by Railrocket138 View Post
    I am part time IT here, and would really like to save the day. I'm unfamiliar with everything involved.
    Advise calling in an IT expert, rather than trying a do it yourself.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Jun 2012
    Posts
    2

    Default

    I figured out a solution, but i'm missing OTMoveIt3. (found someone else here with the same virus)
    I know exactly what to look for within it and how to get rid of it, but the actual program is apparently lost to the internet. All the links are dead.

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Railrocket138,
    Quote Originally Posted by Railrocket138 View Post
    I figured out a solution, but i'm missing OTMoveIt3. (found someone else here with the same virus)
    Note that all instructions given are customized for that member's personal computer only, the tools used may cause damage if run on a machine with different specs/infections. Please do not take fixes given to another user and apply to your own machine.
    http://forums.spybot.info/showthread.php?t=288
    Quote Originally Posted by Railrocket138 View Post
    All the links are dead.
    To avoid making computer doorstops tools should be used under the supervision of those trained in their specific use, links often expire as tools are updated by the developers.

    Quote Originally Posted by tashi View Post
    Advise calling in an IT expert, rather than trying a do it yourself.
    Best regards,
    Last edited by tashi; 2012-06-08 at 02:21. Reason: Added post
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hope that your company has been informed of the infection on its network Railrocket138.
    • If sensitive material has been compromised by an infection, the company could be held liable.

    To prevent possible loss or corruption of company information, please inform your IT Professional or Supervisor when a workplace computer has been infected. If neither are available please consider calling in a local technician who can see the machine/network in person.
    Last edited by tashi; 2012-06-08 at 02:29. Reason: Archive
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •