XP Pro: Following MS updates, now unable to open Regedit or Command

  • Thread starter Thread starter atandhmb
  • Start date Start date
PA Bear said:
atandhmb wrote:


Something tells me you only followed the instructions in Post #2 of that
thread
(http://www.bleepingcomputer.com/forums/lofiversion/index.php/t221879).
Am I correct?
Click to expand...
No.

I followed (blindly) from the start (pinkruby Apr 23 2009, 07:29), thru next
posting (farbar Apr 24 2009, 04:52), thru (pinkruby Apr 24 2009, 07:45),
thru (farbar Apr 25 2009, 03:55), thru (pinkruby Apr 25 2009, 04:26) at
which point I stopped as my problems were resolved.

However, a problem remains and I do not have a clue if/how it is related.

During the various tests I did to resolve the problem, I unchecked ZoneAlarm
(zlclient) in the System Configuration Utility and I cannot re-activate it.

This means that I am always in Selective Startup.

What happens is this:

( I am doing this as I write this)

Click Startup tab

Tick zlclient

Click Apply and either click Close or General tab which shows Normal Startup
and then click Close

Restart - it never works. When I reboot I am always in Selective Startup
with a green square against Load Startup Items and under Startup tab,
zlclient is unchecked.
I reckon I've tried about 20 times.

Following your remarks I decided to go back to bleepingcomputer.com and try
the next phase which was to run malwarebytes anti-malware cleaner. 25 items
were found; all referring to (from memory) rogue.malwarebyte.............
These were cleaned up OK.

Nevertheless I still have the problem of not being able to do anything with
MSCONFIG.

My current thought is...........should I go back to bleepingcomputer.com and
try the third thing (Java)

Note: I have had 2 (maybe 3) different scans which show my machine OK.

Do you think it is some infection that is causing the problem with MSCONFIG?

Regards
 
No.

I followed (blindly) from the start (pinkruby Apr 23 2009, 07:29), thru next
posting (farbar Apr 24 2009, 04:52), thru (pinkruby Apr 24 2009, 07:45),
thru (farbar Apr 25 2009, 03:55), thru (pinkruby Apr 25 2009, 04:26) at
which point I stopped as my problems were resolved.

However, a problem remains and I do not have a clue if/how it is related.

During the various tests I did to resolve the problem, I unchecked ZoneAlarm
(zlclient) in the System Configuration Utility and I cannot re-activate it.

This means that I am always in Selective Startup.

What happens is this:

( I am doing this as I write this)

Click Startup tab

Tick zlclient

Click Apply and either click Close or General tab which shows Normal Startup
and then click Close

Restart - it never works. When I reboot I am always in Selective Startup
with a green square against Load Startup Items and under Startup tab,
zlclient is unchecked.
I reckon I've tried about 20 times.

Following your remarks I decided to go back to bleepingcomputer.com and try
the next phase which was to run malwarebytes anti-malware cleaner. 25 items
were found; all referring to (from memory) rogue.malwarebyte.............
These were cleaned up OK.

Nevertheless I still have the problem of not being able to do anything with
MSCONFIG.

My current thought is...........should I go back to bleepingcomputer.com and
try the third thing (Java)

Note: I have had 2 (maybe 3) different scans which show my machine OK.

Do you think it is some infection that is causing the problem with MSCONFIG?

Regards
Click to expand...

You got your original problem fixed, right? That is only what my
bleeping reference was about. It already helped fix another guy with
the same issue of regedit and cmd. I think you should be done with
that part of bleeping for now.

I thought I mentioned Malwarebytes (I should have). Your original
problem is that some scanning softwares will find the trojan problem
and "fix" it, but sometimes leave crap in the registry - maybe the
scanners don't know about that. That is what seems to make CMD and
regedit not work (usually both). Fixing the registry by hand after a
scan gets it working so far.

Now you have a new problem? In MSCONFIG, you want to tick your zone
alarm and do, but it won't stay ticked when you reboot? That is a new
problem. I don't use ZA - is there a service or something that might
need to be set to automatic? Is it painful to uninstall reinstall ZA?

Clear you Event Logs and reboot or try to look at events from just the
last reboot. Any ZA clues there?

Are you using the ZA firewall feature and the Windows firewall on the
same computer at the same time?

Is MSCONFIG showing up every time you reboot? There is a check box
about to at least turn that off which you should be able to find.
 
No.

I followed (blindly) from the start (pinkruby Apr 23 2009, 07:29), thru next
posting (farbar Apr 24 2009, 04:52), thru (pinkruby Apr 24 2009, 07:45),
thru (farbar Apr 25 2009, 03:55), thru (pinkruby Apr 25 2009, 04:26) at
which point I stopped as my problems were resolved.

However, a problem remains and I do not have a clue if/how it is related.

During the various tests I did to resolve the problem, I unchecked ZoneAlarm
(zlclient) in the System Configuration Utility and I cannot re-activate it.

This means that I am always in Selective Startup.

What happens is this:

( I am doing this as I write this)

Click Startup tab

Tick zlclient

Click Apply and either click Close or General tab which shows Normal Startup
and then click Close

Restart - it never works. When I reboot I am always in Selective Startup
with a green square against Load Startup Items and under Startup tab,
zlclient is unchecked.
I reckon I've tried about 20 times.

Following your remarks I decided to go back to bleepingcomputer.com and try
the next phase which was to run malwarebytes anti-malware cleaner. 25 items
were found; all referring to (from memory) rogue.malwarebyte.............
These were cleaned up OK.

Nevertheless I still have the problem of not being able to do anything with
MSCONFIG.

My current thought is...........should I go back to bleepingcomputer.com and
try the third thing (Java)

Note: I have had 2 (maybe 3) different scans which show my machine OK.

Do you think it is some infection that is causing the problem with MSCONFIG?

Regards
Click to expand...

Oh yeah - if your original problem for this thread is resolved, why
not start a new one with an appropriate title with your new problem
and details? That way, it might get the attention of additional
eyeballs.
 
atandhmb said:
No.

I followed (blindly) from the start (pinkruby Apr 23 2009, 07:29), thru
next
posting (farbar Apr 24 2009, 04:52), thru (pinkruby Apr 24 2009, 07:45),
thru (farbar Apr 25 2009, 03:55), thru (pinkruby Apr 25 2009, 04:26) at
which point I stopped as my problems were resolved.

However, a problem remains and I do not have a clue if/how it is related.

During the various tests I did to resolve the problem, I unchecked
ZoneAlarm
(zlclient) in the System Configuration Utility and I cannot re-activate
it.

This means that I am always in Selective Startup.

What happens is this:

( I am doing this as I write this)

Click Startup tab

Tick zlclient

Click Apply and either click Close or General tab which shows Normal
Startup
and then click Close

Restart - it never works. When I reboot I am always in Selective Startup
with a green square against Load Startup Items and under Startup tab,
zlclient is unchecked.
I reckon I've tried about 20 times.

Following your remarks I decided to go back to bleepingcomputer.com and
try
the next phase which was to run malwarebytes anti-malware cleaner. 25
items
were found; all referring to (from memory) rogue.malwarebyte.............
These were cleaned up OK.

Nevertheless I still have the problem of not being able to do anything
with
MSCONFIG.

My current thought is...........should I go back to bleepingcomputer.com
and
try the third thing (Java)

Note: I have had 2 (maybe 3) different scans which show my machine OK.

Do you think it is some infection that is causing the problem with
MSCONFIG?
Click to expand...

You should seldom, if ever, follow instructions/fixes posted for another
user in such a forum. Doing so may only make matters worse.

1. Open your browser to this page:
http://www.bleepingcomputer.com/forums/forum22.html. Read & adhere to
everything in the Forum Guidelines section. Follow the instructions here:
http://www.bleepingcomputer.com/forums/topic34773.html

2. When you describe your problem and what you've done so far to fix them,
please include the following two (2) links to your newsgroup threads so the
expert handling your case knows the full background:

http://groups.google.com/group/micr...3c458f8ea1/113cf8a4fc64e9dc?#113cf8a4fc64e9dc

http://groups.google.com/group/micr...fd67c61814/3d52847cdbdb17e1?#3d52847cdbdb17e1

3. Since you've already used MBAM, I'd recommend posting the log from the
MBAM scan in your first post, too (assuming you had the presence of mind to
save it).

NB: Even though you may have have resolved your original problems, I think
it'd be best to post in that hijackware-specific forum at
bleepingcomputer.com anyway to make SURE the machine is 100% clean (despite
what Jose's been telling you in this thread).

Note the most of the above is what both Malke and I had recommended to you
earlier this week.
 
PA Bear said:
You should seldom, if ever, follow instructions/fixes posted for another
user in such a forum. Doing so may only make matters worse.

1. Open your browser to this page:
http://www.bleepingcomputer.com/forums/forum22.html. Read & adhere to
everything in the Forum Guidelines section. Follow the instructions here:
http://www.bleepingcomputer.com/forums/topic34773.html

2. When you describe your problem and what you've done so far to fix them,
please include the following two (2) links to your newsgroup threads so
the expert handling your case knows the full background:

http://groups.google.com/group/micr...3c458f8ea1/113cf8a4fc64e9dc?#113cf8a4fc64e9dc

http://groups.google.com/group/micr...fd67c61814/3d52847cdbdb17e1?#3d52847cdbdb17e1

3. Since you've already used MBAM, I'd recommend posting the log from the
MBAM scan in your first post, too (assuming you had the presence of mind
to save it).

NB: Even though you may have have resolved your original problems, I think
it'd be best to post in that hijackware-specific forum at
bleepingcomputer.com anyway to make SURE the machine is 100% clean
(despite what Jose's been telling you in this thread).

Note the most of the above is what both Malke and I had recommended to you
earlier this week.
Click to expand...
I don't know why you state:
"You should seldom, if ever, follow instructions/fixes posted for another
user in such a forum. Doing so may only make matters worse."
This guy had EXACTLY the same problem as me, i.e. couldn't run cmd and
regedit.
I did keep the log as "File Save as" to desktop under a specifically named
folder (Malware Removed 25 items). Unfortunately this is an empty folder and
I don't know why, as it saved OK.
However, I seem to remember it was saved by Malware in a log somewhere - I
will try to retrieve it.
Failing this I can resurrect the condition.
Taking the other advice I will open up a new thread about the ZoneAlarm
problem.
Following some googling it is apparent that the problem is only that I
cannot activate zlclient in Startup and it occurs to me that I will be able
to resolve this someway.
Kind Regards and again thanks.
 
INLINE

atandhmb wrote:
I don't know why you state:
"You should seldom, if ever, follow instructions/fixes posted for another
user in such a forum. Doing so may only make matters worse."
This guy had EXACTLY the same problem as me, i.e. couldn't run cmd and
regedit.
Click to expand...

Yes, but *his* infection was most likely not the same as *yours*. (Most
responsible experts will post a disclaimer in their first reply to such a
thread similar to the following:

<QP>
These instructions are only for the forum member who started this thread. If
you use these instructions on another machine, you risk seriously damaging
the system and doing so will make clean-up much more difficult and
complicated. If you think you have a similar problem, please begin your own,
new thread.
I did keep the log as "File Save as" to desktop under a specifically named
folder (Malware Removed 25 items). Unfortunately this is an empty folder
and
I don't know why, as it saved OK.
Click to expand...

Could be the result of still-present hijackware.
However, I seem to remember it was saved by Malware in a log somewhere - I
will try to retrieve it.
Failing this I can resurrect the condition.
Click to expand...

A new log won't contain the same info.
Taking the other advice I will open up a new thread about the ZoneAlarm
problem.
Click to expand...
<SNIP>

I wouldn't do so until you're absolutely certain the machine's 100% clean.
In any event, you should post here about ZA issues:
http://forums.zonelabs.com/zonelabs
 
Back
Top