kalasnjikov
2009-03-31, 19:15
First things first, I ran ComboFix without supervision. I won't get into why or how that all went down, but it did and here I am.
There is, I believe, a remnant of the Virtumonde virus, lurking in my registry and skuttling up the whole works. Had the usual symptoms. After HJT and Search & Destroy couldn’t tackle it, I ran ComboFix on the system. Blew the system for a bit, then it stabilized, and setttled in without the virus pop-ups and regeneration of BHOs, etc. Looks like it fixed it. HJT clean, Search & Destroy good...
Problem is, this possible remnant is interfering with normal operations; still retaining a phantom grasp on my computer’s balls. Please help me remedy this uncomfortable situation.
Symptoms:
1) I cannot install any new programs at this time, no matter what directory I download to. When I try and run any newly downloaded .exe, I get an error message:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access this item."
2) I am also experiencing trouble with streaming data from a few website’s proprietary video players, with the same error message.
3) All of my malware fighting options are down except an old copy of HJT. They cannot be updated (as far as I can tell) but I can run HJT 1.99. ComboFix itself is down as well; same error message, though I do still retain the original logfile for the cleaning.
As far as I can ascertain, somewhere in my registry there is a malicious key or reconfigured data set that is keeping any user (including all Admin accounts) from installing any programs added since I’ve run ComboFix. I’ve tried to work on Permissions for the entire system: no help. I believe there is a block on a Temp or Cache file somewhere that is used to set up temporary data storage for installer programs and perhaps the IE video players as well.
So, if this problem sounds familiar to anyone, or if you think you see a way through the maze, please advise. If there is a manner in which I can restore a certain section or sections of the registry manually, that would help, too. (I’m trying to avoid a drive format or reload of Windows XP.)
Thanks!
There is, I believe, a remnant of the Virtumonde virus, lurking in my registry and skuttling up the whole works. Had the usual symptoms. After HJT and Search & Destroy couldn’t tackle it, I ran ComboFix on the system. Blew the system for a bit, then it stabilized, and setttled in without the virus pop-ups and regeneration of BHOs, etc. Looks like it fixed it. HJT clean, Search & Destroy good...
Problem is, this possible remnant is interfering with normal operations; still retaining a phantom grasp on my computer’s balls. Please help me remedy this uncomfortable situation.
Symptoms:
1) I cannot install any new programs at this time, no matter what directory I download to. When I try and run any newly downloaded .exe, I get an error message:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access this item."
2) I am also experiencing trouble with streaming data from a few website’s proprietary video players, with the same error message.
3) All of my malware fighting options are down except an old copy of HJT. They cannot be updated (as far as I can tell) but I can run HJT 1.99. ComboFix itself is down as well; same error message, though I do still retain the original logfile for the cleaning.
As far as I can ascertain, somewhere in my registry there is a malicious key or reconfigured data set that is keeping any user (including all Admin accounts) from installing any programs added since I’ve run ComboFix. I’ve tried to work on Permissions for the entire system: no help. I believe there is a block on a Temp or Cache file somewhere that is used to set up temporary data storage for installer programs and perhaps the IE video players as well.
So, if this problem sounds familiar to anyone, or if you think you see a way through the maze, please advise. If there is a manner in which I can restore a certain section or sections of the registry manually, that would help, too. (I’m trying to avoid a drive format or reload of Windows XP.)
Thanks!