system 32 files???

[oldtimey]

Just used Iorbit 360 i think i quarantined some system 32 files i shouldnt have

Now i cant start anything up wants to know what program to start up with

was going to unquarantine files but cant open

[leofelix]

Hi olditimey and welcome,

 

Would you please tell what O.S you use (Service Pack included)?

What other security software you installed (and if they detected some threats) and above all:

are you able to boot and log in to you computer or you're are using another personal computer?

 

I forgot to say: couldn't you save a IS 360 log file?

[oldtimey]

windows xp sp3 but i use firefox I found the log file but is just a read file

have all iorbit offers plus avg anti virus(worthless?) got a windows antivrus pro used task manager to shut it down then 360 to clean it up

now i can not open any program box opens up asking what program to open with am using another comp thanks 4 help!!

[leofelix]

Hi,

IOBit 360 detected correctly files infected by Rogue Antivirus Pro you catched, unfortunately some infections were in System32 folder, I suppose.

I hope you have your ogirinal XP CD or at least a Rescue CD given by your computer manufacturer, 'cause it could be necessary.

 

Now please download Avira Rescue System (free) to your desktop

 

http://dlpro.antivir.com/package/rescue_system/common/en/rescue_system-common-en.exe (57 MB)

 

How to use it

 

When prompted burn a CD/DVD with Avira Rescue System, do not forget to set your CD/DVD unit to be you primary device boot in BIOS settings.

 

Reboot and run a full scan with Avira Rescue System.

When finished cleaning, reboot from your primary HDD.

 

If system is still unresponsive you should perform a repair installation (you must have your XP CD)

 

 

How to perform a repair istallation?

Read here please

 

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

 

Hope it helps

[oldtimey]

will try

 

will try what u suggested thanks heres some more info

IObit Security 360

 

OS:Windows XP

Version:0.4.0.20

Define Version:1123

Time Elapsed:8/27/2009 8:36:37 PM

Objects Scanned:54465

Threats Found:32

 

|Name|Type|Description|ID|

Trojan.Agent - Quarantined, File, C:\WINDOWS\system32\6to4v32.dll, 4-5323

Malware.Trace - Quarantined, File, C:\WINDOWS\system32\bennuar.old, 4-5954

Trojan.Agent - Quarantined, File, C:\WINDOWS\system32\certstore.dat, 4-6367

Trojan.Agent - Quarantined, File, C:\WINDOWS\system32\dddesot.dll, 4-6843

Trojan.FakeAlert - Quarantined, File, C:\WINDOWS\system32\desot.exe, 4-6894

Trojan.Agent - Quarantined, File, C:\WINDOWS\system32\EvdoServer.dll, 4-7944

Backdoor.Bot - Quarantined, File, C:\WINDOWS\system32\FInstall.sys, 4-8154

Misleading.Trace - Quarantined, File, C:\WINDOWS\system32\onhelp.htm, 4-12054

Backdoor.Bot - Quarantined, File, C:\WINDOWS\system32\sofatnet.exe, 4-13475

Malware.Trace - Quarantined, File, C:\WINDOWS\system32\sonhelp.htm, 4-13496

Malware.Trace - Quarantined, File, C:\WINDOWS\system32\sysnet.dat, 4-13915

Backdoor.Bot - Quarantined, File, C:\WINDOWS\system32\wiawow32.sys, 4-15159

Backdoor.Bot - Quarantined, File, C:\WINDOWS\system32\wiwow64.exe, 4-15529

Malware.Trace - Quarantined, File, C:\WINDOWS\ppp3.dat, 4-19599

Malware.Trace - Quarantined, File, C:\WINDOWS\ppp4.dat, 4-19600

Trojan.FakeAlert - Quarantined, File, C:\WINDOWS\svchast.exe, 4-19933

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=BuildW, 4-25727

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=FirstInstallFlag, 4-25728

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=guid, 4-25729

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=i, 4-25730

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=mEv, 4-25731

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=mso, 4-25733

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=udso, 4-25734

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=uid, 4-25735

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=Ulrn, 4-25736

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=Update, 4-25737

Malware.Trace - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM Value=UpdateNew, 4-25738

Misleading.WindowsAntiVirusPro - Removed, Registry Key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro, 4-31030

Backdoor.Bot - Removed, Registry Key, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sofatnet, 4-32334

Rootkit.Agent - Quarantined, File, C:\WINDOWS\system32\netskt.sys, 4-33882

Backdoor.Bot - Quarantined, File, C:\WINDOWS\system32\dvdpaly.exe, 8-85

Backdoor.Bot - Quarantined, File, C:\WINDOWS\temp\IXP000.TMP\ea0821.exe, 8-85

[leofelix]

Hi

They are not false positives

You catched Rogue/scareware, rootkits and Trojan Horses unfortunately.

It's likely that malware disabled some important components of Windows XP, like task manager, registry editor, desktop hijacked, internet connection parameters modified and so on.:cry:

 

a couple of examples:

 

here and here

 

 

----------------

 

But be aware: I discovered that AVG antivirus recently has deleted a lot of legitimate files by legitimate applications including Windows Update file wuauclt.exe by Microsoft and even the AVG executables avgcmgr8.exe!

 

 

More: AVG false positive on legitimate applications causes trouble

-----------------

 

So when finished with AVira Rescue System (Is very easy to use it),

you'd better to unistall as soon as possible AVG antivirus and replace it with another one, like Avira AntiVir Free or Avast home edition (they are both free).

 

Please make me know what happens after cleaning system with Avira Rescue Disk, I'll probably suggest you to use another specialized tool to remove those kinds of malware

[ha14]

If things do not go well after you tried Leofelix suggestions then just download a clean sp3 for windows xp. Uninstal the old one. Reboot to safe mode and make a scan with superantispyware/ iobit 360. Then clean infection and reboot normal mode. Make a registry cleaning and old junk files. Then instal the clean SP3.