PDA

View Full Version : I have made a big mistake with combofix please advise



dj.turkmaster
2008-09-22, 00:26
Well i didn't open this topic to the malware removal form as i don't have malware :) I am an hijackthis analyzer in our forum but i have done a very big mistake with combofix a gave a script like this:

Driver::
ATE_PROCMON
vaxscsi
SYMIDSCO
apwlo7pc

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48612bb0-8f78-11da-9a9c-00c09f9dc713}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"=-
"CFSServ.exe"=-
"c4c4b52e"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsro]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6AFB6F98-289C-442E-B577-5E5125C742E2}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=-

File::
C:\WINDOWS\system32\tuvWonMg.dllNotice to the part which i have written in bold. That's the big mistake. And now the user says all the accounts are now password protected and he can't open windows. Is there a way to correct this mistake?

tashi
2008-09-22, 02:00
Hello dj.turkmaster,

Sorry but your topic had to be moved from the Tavern.


Malware removal procedures at other sites, fixes etc are also not up for discussion.
http://forums.spybot.info/showthread.php?t=187

Best regards.

dj.turkmaster
2008-09-22, 02:04
Ohh sorry @Tashi I didin't know that rule:oops:
Well thanks anyway;)