Показано с 1 по 7 из 7.

Unknown condition - cmd and regedit crash explorer

  1. #1
    Junior Member Репутация
    Регистрация
    11.03.2009
    Сообщений
    3
    Вес репутации
    33

    Unknown condition - cmd and regedit crash explorer

    Executing cmd or regedit from Run crashing explorer XPP SP3 Lockups and hangs frequent. Google searches were pointing to adds no matter what was searched for earlier in this month.

    See attached logs
    regards,
    -dave
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    Execute this script in avz:
    Код:
    begin
     QuarantineFile('C:\WINDOWS\Downloaded Program Files\ieatgpc.dll','');
     QuarantineFile('C:\WINDOWS\system32\BrMuSNMP.dll','');
    end.
    Please upload quarantine in accordance to App #3 of our rules, by link: http://virusinfo.info/upload_virus_eng.php?tid=41561
    Let us know, when you done.

  3. #3
    Junior Member Репутация
    Регистрация
    11.03.2009
    Сообщений
    3
    Вес репутации
    33
    Files have been uploaded. I believe they are commercial products but maybe not. - ieatgpc.dll = Webex - BrMuSNMP.dll = Brother printers please advise. regards, -dave

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3001
    Nothing malicious was found in your files

  5. #5
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    Do you remember after what it is start ? Perhaps this malefaction caused by some program that you did installed lately?
    Lets try another thing: please download in my signature special avz, disable antivirus, lunch you browser and make with special avz-> virusinfo_syscure.zip
    Attach it to next post on this topic.
    Use ccleaner portable to clean your system.http://www.ccleaner.com/download/bui...ading-portable

  6. #6
    Junior Member Репутация
    Регистрация
    11.03.2009
    Сообщений
    3
    Вес репутации
    33
    Well some other searching on the subject found an article on bleepingcomputer.com which led to another site that suggested checking the drivers32 section of the registry for suspect "aux"(n) entries.

    In my case using Ultimate Boot CD (couldn't run regedit even after renaming in safemode) I found
    Код:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "aux2"="C:\\WINDOWS\\system32\\..\\qpja.nik"
    Note the ".." in the data which means go up twice in the directory structure, that would inidcate the root of 'c:\' however the file was actually found in the "WINDOWS" directory in this instance so it was executed by being in the path variable. I understand by the second article that this may be placed in other directories and of course the name is randomized in some fashion - so a general search should find out where it actually is. The only attribute set was archive. The modify date was from 4/08 and the creation date was 8/04. Clever.

    Would you like me to upload to quarantine by zipping and adding virus password?

    regards,
    -dave


    ref:
    1. http://www.bleepingcomputer.com/forums/topic209960.html

    2. http://miekiemoes.blogspot.com/2008/...rchengine.html

  7. #7
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    971
    use an avz to copy this suspicious file, avz will put a password automatically.
    read app#2 of the rules
    uploading by http://virusinfo.info/upload_virus_eng.php?tid=41561 , as you did it before.
    nevertheless, i would like to see a log from special avz.

Похожие темы

  1. Ответов: 9
    Последнее сообщение: 29.09.2010, 13:25
  2. не грузится explorer, regedit, cmd
    От tulatin в разделе Помогите!
    Ответов: 3
    Последнее сообщение: 14.05.2009, 20:40
  3. Ответов: 13
    Последнее сообщение: 06.04.2009, 20:48
  4. Kaspersky toolkit remover crash at start
    От Niko в разделе AntiViruses, Anti-Adware / Spyware / Hijackers
    Ответов: 1
    Последнее сообщение: 12.06.2008, 19:36

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00119 seconds with 17 queries