virus damage

Here you can find everything you need to know about Dll-Files. You can also share your knowledge regarding the topic.

Moderators: DllAdmin, DLLADMIN ONLY

Post Reply
rr
Posts: 1
Joined: 17 Apr 2009, 23:00

virus damage

Post by rr »

after running the AVGRTK_remover.vbs from the AVG antivirus website I am now
able to access my registry and regained the Folder Options in Windows
Explorer/Tools but still have the lokubaja.dll and paweharo.dll files that
will not stay disabled in msconfig after rebooting. I also still have the
registry cleaner popups. I have run AVG but says I have no infections.

My question is why is AVG saying that these files are locked? Are they
locked due to the virus or Windows default settings? I have 3 ntuser.dat
files in the same folder. Seems 2 are new txt files and one thats from 2006
and over 1GB.

"C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\Documents and Settings\Administrator\NTUSER.DAT";"Locked file. Not
tested.";"Locked file. Not tested."
"C:\Documents and Settings\All Users\Application
Data\Lavasoft\Ad-Aware\MiniMessage\2";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not
tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not
tested.";"Locked file. Not tested."
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file.
Not tested."

randem
Posts: 17
Joined: 14 Mar 2009, 00:00

Re: virus damage

Post by randem »

Just running a AV will not remedy your system of all infections for there
are far too many and different sorts worms/trojans/malware/spyware etc... No
one piece of software will remove everything. Please read
http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9 ... 1236319938



"RR" <RR@discussions.microsoft.com> wrote in message
news:2E373DDE-7807-4A92-95D9-A59091C3A878@microsoft.com...
> after running the AVGRTK_remover.vbs from the AVG antivirus website I am
> now
> able to access my registry and regained the Folder Options in Windows
> Explorer/Tools but still have the lokubaja.dll and paweharo.dll files that
> will not stay disabled in msconfig after rebooting. I also still have the
> registry cleaner popups. I have run AVG but says I have no infections.
>
> My question is why is AVG saying that these files are locked? Are they
> locked due to the virus or Windows default settings? I have 3 ntuser.dat
> files in the same folder. Seems 2 are new txt files and one thats from
> 2006
> and over 1GB.
>
> "C:\Documents and Settings\Administrator\Local Settings\Application
> Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked
> file.
> Not tested."
> "C:\Documents and Settings\Administrator\NTUSER.DAT";"Locked file. Not
> tested.";"Locked file. Not tested."
> "C:\Documents and Settings\All Users\Application
> Data\Lavasoft\Ad-Aware\MiniMessage\2";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\Documents and Settings\LocalService\Local Settings\Application
> Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked
> file.
> Not tested."
> "C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not
> tested.";"Locked file. Not tested."
> "C:\Documents and Settings\NetworkService\Local Settings\Application
> Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked
> file.
> Not tested."
> "C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not
> tested.";"Locked file. Not tested."
> "C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
> "C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file.
> Not tested."
> "C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked
> file.
> Not tested."
>
>

pa bear [ms mvp]
Posts: 117
Joined: 01 Mar 2009, 00:00

Re: virus damage

Post by pa bear [ms mvp] »

> My question is why is AVG saying that these files are locked?

AVG Free Support Forum
http://freeforum.avg.com/

> ...still have the lokubaja.dll and paweharo.dll files that
> will not stay disabled in msconfig after rebooting

You are seeing the affects of a resident hijackware infection that AVG
cannot detect or remove.

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwa ... fault.mspx

NB: Run the FULL scan, not the QUICK scan!

2. WinXP ONLY!! => Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/pag ... ng_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachines ... board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


RR wrote:
> after running the AVGRTK_remover.vbs from the AVG antivirus website I am
> now
> able to access my registry and regained the Folder Options in Windows
> Explorer/Tools but still have the lokubaja.dll and paweharo.dll files that
> will not stay disabled in msconfig after rebooting. I also still have the
> registry cleaner popups. I have run AVG but says I have no infections.
>
> My question is why is AVG saying that these files are locked? Are they
> locked due to the virus or Windows default settings? I have 3 ntuser.dat
> files in the same folder. Seems 2 are new txt files and one thats from
> 2006
> and over 1GB.
>
> "C:\Documents and Settings\Administrator\Local Settings\Application
> Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\Documents and Settings\Administrator\NTUSER.DAT";"Locked file. Not
> tested.";"Locked file. Not tested."
> "C:\Documents and Settings\All Users\Application
> Data\Lavasoft\Ad-Aware\MiniMessage\2";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\Documents and Settings\LocalService\Local Settings\Application
> Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not
> tested.";"Locked file. Not tested."
> "C:\Documents and Settings\NetworkService\Local Settings\Application
> Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not
> tested.";"Locked file. Not tested."
> "C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
> "C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file.
> Not tested."
> "C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked
> file. Not tested."
> "C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked
> file.
> Not tested."

Post Reply