Home > General > INETCFG.Apprentice.1


By using this site, you agree to the Terms of Use and Privacy Policy. Tibetan malware MacGyver? StartDreck (build 2.1.7 public stable) - 2004-08-18 @ 14:20:16 (GMT -04:00) Platform: Windows 98 SE (Win 4.10.2222 A) Internet Explorer: 6.0.2600.0000 Logged in as at CA35W »Registry »Run Keys »Current User It also can configure the installation of programs that use Windows Installer (such as in order to make an anti-virus scanner ignore the malware), and it can compile custom device drivers

The "trojan," which I suspect is a mini OS unto itself, written perhaps in NetBSD, is a sort of master conductor that is capable of playing legitimate Windows executables, drivers, libraries Please re-enable javascript to access full functionality. Edited by Vistuck, 10 April 2010 - 04:47 AM. Go to Start > Run and type the following lines and press Enter after each line: regsvr32 softpub.dll regsvr32 wintrust.dll regsvr32 initpki.dll regsvr32 dssenh.dll regsvr32 rsaenh.dll regsvr32 gpkcsp.dll regsvr32 sccbase.dll regsvr32

Try the Linux box down the street."CLAIM 2: The malware is active in a Windows pre-install/recovery environment (it doesn't need Windows to be running in order to cause trouble.)Again, I'll use This is not even the same HARD DRIVE I had connected when I booted from the Norton recovery DVD. Even better, there's a text file inside labeled "key.txt," and inside it is my product key that came with the Norton Anti Virus program! I've read all your suggestions for downloads and my computer is still infected.

Kahlia. 0 #4 Kahlia Posted 16 August 2004 - 08:28 AM Kahlia Member Topic Starter Member 12 posts Hi.. HKEY_CLASSES_ROOT\\(default) HKEY_CLASSES_ROOT\RegistrarShortcut HKEY_CLASSES_ROOT\.rrs HKEY_CLASSES_ROOT\RegistrarBookmarks HKEY_CLASSES_ROOT\.rrb HKEY_CLASSES_ROOT\Reg HKEY_CLASSES_ROOT\regedit HKEY_CLASSES_ROOT\SpybotSD.UTSFile HKEY_CLASSES_ROOT\.uts HKEY_CLASSES_ROOT\SpybotSD.UTIFile HKEY_CLASSES_ROOT\.uti HKEY_CLASSES_ROOT\SpybotSD.TInfoFile HKEY_CLASSES_ROOT\.tnfo HKEY_CLASSES_ROOT\SpybotSD.SBSFile HKEY_CLASSES_ROOT\.sbs HKEY_CLASSES_ROOT\SpybotSD.SBIFile HKEY_CLASSES_ROOT\.sbi HKEY_CLASSES_ROOT\SpybotSD.SBEFile HKEY_CLASSES_ROOT\.sbe HKEY_CLASSES_ROOT\SpybotSD.DisabledFile HKEY_CLASSES_ROOT\.disabled HKEY_CLASSES_ROOT\Symantec.SymNeti.SymNetiSubscriberProxy.1 HKEY_CLASSES_ROOT\SymNeti.LogEvent.1 HKEY_CLASSES_ROOT\SymNeti.AlertEvent HKEY_CLASSES_ROOT\SymNeti.LogEvent HKEY_CLASSES_ROOT\Symantec.SymNeti.SymNetiSubscriberProxy HKEY_CLASSES_ROOT\SymNeti.AlertEvent.1 HKEY_CLASSES_ROOT\SymNeti.LocationChangeEvent.1 HKEY_CLASSES_ROOT\SymNeti.LocationEvent.1 HKEY_CLASSES_ROOT\SymNeti.LocationEvent HKEY_CLASSES_ROOT\Symantec.SymNeti.SymNetiProviderProxy Download ActiveX Compatibility Manager v1.00 from Here, unzip it to it's own folder and click on acm.exe to run the program. If you need help, please give a clear, short description of your problem.

nothing with the ending _dll. I think I can demonstrate that some of the files in MY X-drive have no business being there.Everything I'm gonna show you is listed under this Drive, X:.Here are lots of Hit Ctrl+A to select all items, then Ctrl+C to save the list. Why are those folders there?

Jintan View Public Profile Find all posts by Jintan #19 June 5th, 2006, 03:26 AM bme211 New Member Join Date: May 2006 Posts: 21 Is the step you So what does it mean? If CTH has helped you, please consider liking and sharing us on Facebook Search Forums Show Threads Show Posts Advanced Search Go to Page... And yet all of the above appear to be active (either running now or in recently logged activity) on my system.

The primary symptoms are fairly common: IE redirects, hijacking of the Windows Installer program, hijacking of Windows PowerShell, inexplicable security settings changes, bogus and unchangeable network configurations, unidentifiable network traffic, lots Using the site is easy and fun. Install, run, copy and paste this line to reglite's address bar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLsthen hit the "go" tab. The file will be unloaded now.

Let it run and after a few minutes, a prompt will appear. Click here to download and install Registrar Lite. something amiss. I recommend against making any changes now using this tool without first discussing those here.

Back to top #7 Vistuck Vistuck Topic Starter Members 21 posts OFFLINE Local time:06:42 PM Posted 11 April 2010 - 05:12 AM I don't think it's impossible or even improbable Play the quiz Series 12 quiz Never miss a boardroom showdown Sign up to receive the latest Apprentice news, plus regular updates from across the BBC. My primary interest here was in alerting others to that possibility, because I can't be the only person in the world with this very frustrating malware infestation. When done post the contents of Log.txt in this thread. 0 #3 Kahlia Posted 13 August 2004 - 12:08 PM Kahlia Member Topic Starter Member 12 posts HI, Ok, I have

Several functions may not work. Reboot. It also makes reference to the bidi spooler APIs, which are known to be exploitable by some malware and are referenced over and over again in my machine's boot logs.

I don't know what to do next...

So no chance of infection from bad boot media here. I do not have a printer or mobile device connected to my PC at any time. If you have some time to spare and you're interested in taking a look, please keep in mind that my PC is a home computer, not on a LAN, connected directly Maybe that's also why it protects the print spooler thingamabob and won't let you shut it down. (ONE FINAL EDIT TO KICK SELF IN BACKSIDE:) No, idiot!

And I haven't even installed Norton AV yet, or come within 100 feet of this hard drive with the Norton disc! Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. And for what purpose?Downloads? What do I do?