stuck on welcome sreen after removing reg strings because of trojan #2
- From: "p.mc" <p@xxxxxx>
- Date: Sun, 1 Jun 2008 21:41:01 +0100
Soz if it's a 2nd post, but I can post in other groups, but I don't see it
here yet!!
Hi all...(trojan Spy-Agent.bw !mem)
Ad-watch was blocking an entry to the registry (ntos.exe) So I updated
"multi av scanner" online, then ran in safe mode.
"Mcafee" reported the above trojan. Below is a link I found for removal
http://www.symantec.com/security_response/writeup.jsp?docid=2007-081617-4608-99&tabid=3
I complied with step 4
Navigate to and delete the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Network\"UID" = [COMPUTERNAME]_[UNIQUE_ID] ***I deleted
this***
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\"pathx" = [MALWARE_ORIGINAL_FILENAME] ***And
this "userinit"*** (I hope it meant that)
***Then it stated: (Restore the following registry entries to their original
values, if required:)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\"Userinit" = "%SYSTEM%\userinit.exe,
%System%\ntos.exe"
Which I didn't do, as I wasn't sure how to, and it did state IF required!
So on rebooting, the pc stays on the welcome screen, and in safe mode it
allows clicking administrator but goes back to welcome after a few seconds.
(Oops!!...Also I didn't back up the registry) So there you have it. Is there
a way to fix this, or do I have to bite the proverbial bullet and
RE-FORMAT!!
Nestlings on Runescape and daughter using a friends memory stick. If only I
knew which ones I could delight in the punishment to be doled out.
TIA
--
Regards
p.mc
.
- Prev by Date: Re: Lost Sound
- Next by Date: Re: Setup question on dual XEON
- Previous by thread: test
- Next by thread: Re: shutting dowm the PC
- Index(es):
Relevant Pages
|
