Author Topic: I got the anoying virus back that deletes avast.  (Read 7328 times)

0 Members and 1 Guest are viewing this topic.

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: I got the anoying virus back that deletes avast.
« Reply #15 on: February 28, 2007, 04:49:41 PM »
Then i need to clean the registry since it also was in there to mess things more  so i did a scan with registry booster and it found like 215 registry entries. didn't bother to see if the virus string where there to so i deleted them all ...
If you made a back up try restoring it.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline Spiritsongs

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1757
  • Ad-aware orientated Support forum(s)
Using Safe Mode again
« Reply #16 on: February 28, 2007, 07:36:54 PM »
 :)  Hi Snakie :

     If Mauserme's latest advise does NOT work, I recommend you ask
     the experienced, volunteer Microsoft Most Valuable Professional(s)
     on the forums at http://aumha.net for help .
For the Best in what counts in Life :
www.tacf.org

Offline snakie

  • Newbie
  • *
  • Posts: 9
Re: I got the anoying virus back that deletes avast.
« Reply #17 on: March 09, 2007, 08:17:54 AM »
Just a follow up again.  The virus name or worm name is worm\bagel    leaves to exe files in windows system32 hldrrr.exe and wintems.exe and alot of dll's and registry. and the files are hidden in the %root% so its impossible to locate them manually "atleast for me the (noob) it was impossible)


Well i was making backups of my hd untill i found another forum with same problem.
So here is the solution.
http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

Hide this in the desktop for later use.
First of all u have to remove worm\bagel VERY VERY anoying worm indeed and destroys alot of data  >:( Anoying
However i first tried the avenger with no luck.

Get avenger
http://swandog46.geekstogo.com/avenger.zip

mark input screen manually and copy paste this not the lines------------
-----------------------------
Folders to Delete:
%userprofile%\Application Data\hidn

registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | drv_st_key

drivers to unload:
m_hook
-----------------------------
and press the button with trafic light and let the program reboot for u and enjoy a almost clean pc :)
I thought
But however it was still present.

So i got the Blacklight and it found all the files there was like 19 files "dll, and exe" hldrrr.exe and oneother cant remember i checked the filenames on google to see if it was some important system files since it wasnt i renamed them with black light.
then i got registry booster to remove all unnecassary starters.

after reboot i noticed on menu start / run / msconfig    start    the hldrrr and wintems was still set to start up however it wouldnt start since i renamed those files so just uncheck them.

Well anyhow and the PC IS CLEEAAAAAAAAAAAAAAN yipeYA YEAH

Now you can execute the safebootkeyrepair.exe and use you windows completly normal  ;D IM SO HAPPY. (HATES formatting and re-install windows)

Thks for all support to everyone. And all the other forums.  ;D  ;D  ;D  ;D


Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: I got the anoying virus back that deletes avast.
« Reply #18 on: March 09, 2007, 01:36:15 PM »
Thanks for the follow up, snakie, and for the link to safebootkeyrepair.exe.  I'm sure this will prove useful in the future.

Its hard to say if the worm or the registry cleaner caused the safeboot problem, though I haven't seen it with this worm in the past.  Either way I think a review of the items any registry cleaner proposes to delete, prior to deletion, is a good practice to avoid all sorts of problems.  And always make a backup.   8)
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)