Re: Rootkits /Malware



Bare with me here David,because I'm not sure if I can explain this
very well for you to understand me.

As it stands all those HKEY_LOCAL_MACHINE=Apropos don't show up
in a normal pc state anymore.
So I went into safe mode,and I typed in Apropos into the RegSeeker,
and said file came up,but without the word Apropos behind it as it did before.
Ok ,so when I click on it to show me where it is in the registry,
it shows a bunch of
"NextParentID.15....REG_DWORD 0x00000001 (1)
preceded by a little white patch with blue symbols on it.
So now what am I supposed to do,delete all 21 of them ?
It is the same inControlSet001 and CurrentControlSet.

Also when I do click on xxxxxxaaa01&0&8D, some stuff comes up
that includes Drivers etc. I made 2 screen picture of it,didn't want to
write it all down,but not sure how to get those pics to you.
Waiting for instructions,thanks again...
>worried<

"David H. Lipman" wrote:

> From: "worried" <worried@xxxxxxxxxxxxxxxx>
>
> | Hi again David,
> | here is an update on what's happening,
> | we have established that my security programs came back all clean,
> | including RootkitRevealer and SmitfraudC..
> | I did run the RegSeeker's "find in registry" part,
> | and looked for Apropos-Kelvir-Lovegate,and they all showed up again,
> | even after I used disk cleaner and rebooted .
> | I can't even make an educated guess about what is going on,
> | and how to fix it,and they do show up with the names as I wrote them.
> | I hate to delete anything in the registry for not knowing enough
> | about it.
> | I don't seem to have any problems with my pc at this time,but
> | it is irritating to know that there is something there,that shouldn't be.
> | Any thought's ? Thanks again..>worried<
> |
>
> Run Regedit, go to...
>
> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI
>
> Look for...
> VEN_xxxx&SUBSYS_xxxxxxxx&REV_xx
>
> Then look for..
> x&xxaaaxx&x&xD
>
> and ..
> Apropos
>
> The repaet for...
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI
>
> and
>
> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
.



Relevant Pages

  • Re: event ID29 time provider not available
    ... Hello David, ... Microsoft Partner Online Support ... |> This issue may occur if the Network Load Balancing service is referenced ... Locate and then click the following registry subkey: ...
    (microsoft.public.windows.server.general)
  • Re: Marian; empress of the world
    ... > problem has not been resolved because both by removing the threats ... > using Spybot and manually changing the values in the registry, ... Hi, David. ... is useful to update the definitions and then run a scan in Safe Mode, ...
    (microsoft.public.windowsxp.general)
  • Re: Run As Pop Up
    ... David Candy's tip below helped me ... I edited my registry, rebooted and everything back to normal. ... and delete the default value (which will be runas). ... select the key command then double click in the other pane ...
    (microsoft.public.windowsxp.customize)
  • Re: Unable to access All Programs Tab in Start Menu
    ... Those two alerts from Microsoft AntiSpyware certainly would top ... You might want to post this question to one of the MSAS ... David wrote: ... >>> there anyway I can check my settings in the registry to see ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Windows 2000 password help
    ... For information about working in the registry, ... Verify that password caching is enabled. ... view the DisablePwdCaching DWORD value in the following registry key: ... "David" wrote in message ...
    (microsoft.public.security)