System Security Functions Disabled

Networking/Security Forums -> Viruses // Worms

Author: wejacobs PostPosted: Mon Apr 27, 2009 9:11 pm    Post subject: System Security Functions Disabled
    ----
I am running Windows XP Pro, SP3, and I recently got a very nasty virus or malware infection from an innocent-looking web page. It disabled my firewall and apparently loaded me up with a huge number of viruses/malware items.

After many, many scans by various programs including Spybot S&D, Windows Defender, Malware Bytes Anti-Malware, Symantec Corporate Antivirus, RegCure, etc. my antivirus scans are coming up clean.

However, Window Firewall is still disabled, indicating that Group Policy is controlling it. All system administration tools (GPEDIT.MSC, REGEDIT.EXE, PING, etc.) issue an error indicating that this is not a valid WIN32 application. This also occurs in Safe Mode. I have a number application programs such as Adobe Acrobat (Std. Edition) that have apparently been damaged, and cannot be reinstalled, I believe because of the security issues.

I would really like to avoid reformatting the hard drive and reinstalling Windows.

Any help in getting my system fully operational again would be greatly appreciated.

Author: Fire AntLocation: London PostPosted: Tue Apr 28, 2009 8:27 am    Post subject:
    ----
If tools like PING and REGEDIT have been infected the the only way to be sure is to format and reinstall. There are lots of DDLs and EXEs that run in the background that could also have been infected.

If you don't format/reinstall then you could be fighting this infection off for even longer.

Matt_s

Author: WhiteHatLocation: Italy PostPosted: Tue Apr 28, 2009 10:50 am    Post subject: Re: System Security Functions Disabled
    ----
wejacobs wrote:
After many, many scans by various programs including Spybot S&D, Windows Defender, Malware Bytes Anti-Malware, Symantec Corporate Antivirus, RegCure, etc. my antivirus scans are coming up clean.


When I approach a malware, I never scan from a live system.
Try the Avira rescue system or some equivalent live CD.
Once you detect the malware name, find and execute a specific removal tool from the live system (look at the Kaspersky list) and/or search in the virus database of the major anti-malware software productors to find the removal procedure.
Keep in mind that if your system has been infected by a rootkit, there is not so much to do than save your data (again, use a live CD and a separate, clean, external support o additional HD), format the system HD and reinstall both system and applications.

wejacobs wrote:
All system administration tools (GPEDIT.MSC, REGEDIT.EXE, PING, etc.) issue an error indicating that this is not a valid WIN32 application. This also occurs in Safe Mode.


Check if the files are still there. In that case, probably it's just a PATH system variable compromisation. Even this info is contained in the virus databases - the places you've to look in once you've identified the malware.

Hope this will help. Let us know.



Networking/Security Forums -> Viruses // Worms


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group