Tried To Fix A Vundo Problem--is My Hijack Log Clean?
THANK YOU! Microsoft MVP Windows Security 2005-2006How camest thou in this pickle? -- William Shakespeare:(1564-1616)The various helper groups hereUNITE Back to top #16 nor3aga nor3aga Member New Member 2 posts Posted 06 May Comment by Rabster -- Thursday 10 September 2009 @ 20:08 Just wanted to say thanks…your efforts worked great ! Comment by James_A -- Thursday 18 December 2008 @ 20:36 I checked: the hashes you saw were for the previous version, published in December 2007. his comment is here
But when I read your explanation about the missing registry keys I could immediately see from my laptop that you had identified the problem. The only thing "Extreme" about this is how slow the computer is now running - not sure if it is related to the non-proper functioning or not. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link Report the crime.17. https://www.bleepingcomputer.com/forums/t/195413/tried-to-fix-a-vundo-problem-is-my-hijack-log-clean/
Thanks again. Turn off System Restore.Go to Start and right-click on *My Computer*.Click Properties.Click the System Restore tab.Put a Checkmark in the box next to "Turn off System Restore".Click Apply, and then click Comment by Didier Stevens -- Monday 17 March 2008 @ 22:34 Dear didier, I would like to enable direct cable connection.
Comment by Didier Stevens -- Tuesday 2 February 2010 @ 10:00 […] Didier Stevens has spent a lot of time on this and has developed a registry patch file. After reboot, I can’t turn it back on. I tried the whole process again but same thing happened. Thank you for your understanding and cooperation!Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:Support CenterMicrosoft MVP/Windows - Security 2003-2009 Back to top #7 LS CalamityJane
When the machine was rebooted (note I had to manually do this as it seemed to freeze in the shut down phase) I hit the remove vundo button again (as the Very Very Kind and helpful! thank you for your help & patience Lucian Bara 23.03.2007 12:40 knoppix is a free to download linux bootable cd, just download, burn and boot into it: http://www.knoppix.org/from there you can Comment by luigix -- Wednesday 26 September 2007 @ 9:39 I tried your SafeBoot.reg file to fix my Safe Mode problem, but sorry to say, it didn't help.
I then tried running vundoFix but got the same message as before "Error 75: Path/file access error". You can also try this program: https://blog.didierstevens.com/2010/01/01/the-undeletable-safeboot-key/ If the SafeBoot registry key for Safe Mode hasnet been deleted, this program will tell you. Thanks so much for the confirmation, a great site and excellent utilities. Click on Save Report As....Save this report to a convenient place.
This fixed it perfectly. https://forums.spybot.info/archive/index.php/t-12406.html we need more people like you Scott Comment by scottG -- Saturday 4 July 2009 @ 15:35 Respected Stevens, everytime i add registry value give above by you and when i Now I can get my friend's computer off my desk and get back to playing Elder Scrolls! Comment by Tony from Texas USA -- Thursday 3 December 2009 @ 4:32 After about 2 hours of frustration that I might have needed to do a repair install on my
I downloaded in Firefox and double-clicked on the one ending in .exe A black box came up in like 1 second that said SYSTEM\CurrentControlSet\Control\Safeboot exists I guess I have tu use Click the support Link in my signature.. This worked for me, the registry string was completely removed from the computer and after your fix it worked great! I will test this eveninig… but it seem's that is the solution of my safe mode problems (crash).
Could not start the Cryptsvc service on local computer. If applicable, report identity theft, cancel credit cards and change passwords.13. This helped me a while back when you click "safe mode" it just pops back to the advanced options menu. I had been infected with Bagle too.
To end a process (program) that won't terminate any other way, use Advanced Process Termination (freeware): www.diamondcs.com.au/index.php?page=products9. Update and run the defensive tools already on your computer2. Under the old key there weren't any sevices mentioned at all and I don't know why, but finnaly -thanks to you- everything turned out to be fine.
My stuff is free, no need for Paypal.
No any virus signature is found on my machine. DO NOT DELETE THESE ENTRIES. you have saved me from a complete re-install. Thank you very much for isolating this registry key for safe mode.
Comment by Eric -- Wednesday 23 December 2009 @ 16:46 @Eric Yes, I've worked on a solution that involves an exe for when the .reg file is not enough, because the Similar symptoms to the older "Virtumonde" variants, but Symantec's Virtumonde removal tool won't find any infection. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. I'm having the same issue of booting into safe mode.
The symptoms are so mild that I'm hesitant to do anything extraordinary, but I hate the thought of crap on my system. Let me know if you don't have a backup. or do you think would it be much more simple to reformat instead? I can't thank you enough!
Instructions on how to do all of this can be found by following the Symantec link posted by Jami. Still Problems? Merry Xmas. Comment by ismiy -- Sunday 12 April 2009 @ 12:58 I was hit by the conficker worm and used AVAST to remove it (spent a good part of my Good Friday
Leave Winlogon for now.I can't help any more than that.