Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PCEU virus 1

Status
Not open for further replies.
audiopro

audiopro

Programmer
Apr 1, 2004
3,165
GB
I have an XP box infected with the PCEU trojan virus.
A normal boot results in a screen threatening all kinds of stuff if I don't pay - blaa blaa and a locked up machine.
Safe mode boots the same as does safe mode with network support.
Safe mode with command prompt lets me in and I can run regedit from the command prompt.
Google advice points to registry entry WINLOGON and tells me to delete value and insert explorer.exe.
explorer.exe is already the value - what to do now be the cry.
Machine will not boot from Flash Drive - I think that is the age of the machine.


Keith
 
Sort by date Sort by votes
Mark Russinovich of Sysinternals fame writes about a similar problem in his blog on TechNet. You might find some help there.



James P. Cottingham
I'm number 1,229!
I'm number 1,229!
 
Upvote 0 Downvote
Thanks for the links although those articles pretty much repeat what I have read.
After much reading, I managed to get Hitmanpro to run via a flash drive. I had to run it several times before it detected a dodgy .dll and a .exe called wgsdgsdgsd.exe.
The other mystery was the number of processes removed by Hitmanpro increased each time I ran it and I wonder if something was being downloaded via the internet. Disconnecting the cable from the router, each time, until the Hitmanpro screen was visible stopped the increase in processes.

The PCEU lock up has now been removed and the computer boots into windows ok but a warning appears saying the wgsdgsdgsd.exe module could not run.

I did a registry search, a filename search and a file contents search for variations of the file name but found nothing.

Running Malwarebytes antimalware revealed 3 malicious files.

C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk
C:\Documents and Settings\-user name-\Start Menu\Programs\Startup\runctf.lnk

I am hoping that this will have cured the problem and I will report back if further problems occur.



Keith
 
Upvote 0 Downvote
I would still run the following to make sure things are clean. Many cleaners only find a certain percentage of malware. A second and third "opinion" will often find more. That error is probably where malware WAS trying to start up and now can't be found.

TDSS Killer, Rogue Killer, MalwareByte's Anti-Malware and a new one, Emsisoft Emergency Kit 3.0
 
Upvote 0 Downvote
Thanks - I could not find the link which tried to launch the .exe, which is quite worrying but all seems fine now.
I have run a couple other malware detectors and they show up nothing.

I really don't ecer want to repeat the excercise.

The people who write these things really ought to be using the skills they were blessed with for the good of mankind.

Keith
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
174
Oorde
Oorde
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
76
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
121
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
122
goombawaho
goombawaho
CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
160
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top