virus damage

[RR]

after running the AVGRTK_remover.vbs from the AVG antivirus website I am now
able to access my registry and regained the Folder Options in Windows
Explorer/Tools but still have the lokubaja.dll and paweharo.dll files that
will not stay disabled in msconfig after rebooting. I also still have the
registry cleaner popups. I have run AVG but says I have no infections.

My question is why is AVG saying that these files are locked? Are they
locked due to the virus or Windows default settings? I have 3 ntuser.dat
files in the same folder. Seems 2 are new txt files and one thats from 2006
and over 1GB.

"C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\Documents and Settings\Administrator\NTUSER.DAT";"Locked file. Not
tested.";"Locked file. Not tested."
"C:\Documents and Settings\All Users\Application
Data\Lavasoft\Ad-Aware\MiniMessage\2";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not
tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not
tested.";"Locked file. Not tested."
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file.
Not tested."
"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked
file. Not tested."
"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file.
Not tested."

 

[Guest]

RR

The files in 'system32\config' folder are registry files except the SAM &
can be scanned in safe mode but don't worry as these are original registry
hives

The NTUSER.dat is also locked in use as you are logged on

The reason you have those entries returning is because you possibly have
more than one service that is watching another process. You have to suspent
both of them

Besides, I guess you have things plugged into the WinLogon key

Most people will say install Malware Bytes but I disagree. Depending on the
strain unless you suspend those services, delete the winlogon entry by
suspending WinLogon first... none of these scanners will get rid of it

 

[PA Bear [MS MVP]]

My question is why is AVG saying that these files are locked?

AVG Free Support Forum
http://freeforum.avg.com/

...still have the lokubaja.dll and paweharo.dll files that
will not stay disabled in msconfig after rebooting

You are seeing the affects of a resident hijackware infection that AVG
cannot detect or remove.

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!

2. WinXP ONLY!! => Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Randem]

Just running a AV will not remedy your system of all infections for there
are far too many and different sorts worms/trojans/malware/spyware etc... No
one piece of software will remove everything. Please read
http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938