I am using WindowsXp Sp2 with all security update has been installed (July 16, 2005)
Using Avast 6
file version=0528-6
Compilation Date=July 16,2005
I cannot access regedit.exe nor task manager, message appear “Disabled by Administrator”
I cant logging in with Yahoo Messenger. My Firewall (Outpost 2.6.452.5123 (403)) report that file c:\windows\regsvr.exe preventing YM to acces internet. Now, i try to scan with TDS-3 Anti Trojan… It detected “Positive Identification” infected by PSW.Sagic.B (pwsteal.sagic.b).
I try to find those infected file, not found!
I am scanning using Ad-Aware, but they only find the suspicios registry. Not the source (regsvr.exe). TDS-3 found it, but cannot remove. Because resident in my
Windows Memory.
Well, here the report i include it.
Also i capture the file Regsvr.exe for The FIXER
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, July 20, 2005 8:21:20 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R54 14.07.2005
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Task Manager (Task manager access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-746137067-1708537768-1003\software\microsoft\windows\currentversion\policies\system
Value : DisableTaskMgr
Data :
Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Registry Editor (Regedit access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-746137067-1708537768-1003\software\microsoft\windows\currentversion\policies\system
Value : DisableRegistryTools
Data :
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Finally, after using Tool Hijackthis… I disable temporary the suspicious file (Regsvr.exe) from memory, and moving those file at safe folder. I kill and delete it.
But, until now everytime Windows Start, those file still load on my XP even i disable System Restore, also delete some startup Registry thru Hijackthis tool.
Well, the last help i wish…
How, to kill those threat from my Windows?
I know Avast can scan under DOS/Safe console to scan (if triggered). Now, i forgot how to perform Avast Check my PC from DOS Mode ( I mean which setting to be set?)
Of course, after new VPS has been release to handle this threat
Because, i am still like using this great Avast AV (my favorite)
Now, i can safely remove and delete it. Un-installing NOD32
And continues using my fave Warez P2P program again..
No, you can not use it safely. P2P applications ALWAYS implement a huge security risk.
Buying the legitimate software is the only safe (and sensible) thing to do.