2 weird messages

[neo01]

when i start my windows vista i got 2 messages


1.c:\windows\inf\other.exe specified in the registry make sure the file exists on your computer or remove the reference to it in the registry



2.could not load or run c:\windows\system32\config\win.exe specified in the registry.make sure the file exists on your computer or remove the rference to it in the registry


what this 2 means please i am very worried

thanks for the helpers :D

 

[stormy13]

what this 2 means please i am very worried

As well you should be. Not to try and scare you too much but,

win.exe - Program Information

Other.exe - Program Information

You have a couple of lovely little worms/trojans that look like they may have been partially removed (or being blocked from starting), hence the error messages.

If you don't have it already grab Hijackthis,

TrendSecure | TrendMicro™ HijackThis™ Overview

Not sure that there are any Hijackthis pros here (or at least if there are I haven't seen them. If there speak up please :D ) so go to this link,

AnalyzeThis

and select one of the forums from the list on the left that as sections dedicated to dealing with HJT logs, and post your HJT log there including any steps or other programs you may have used to try and clean up the infection.

 

[neo01]

is this can harm my saved files? you say "they may have been partially removed (or being blocked from starting" you mean i am safe

i got 2 times blue screen and power failure of c: hard drive is this from worms or trojan?

please help for 5 days i dont understand my pc

 

[Neverhavemoney]

neo01,
What type of Anti-Virus, Anti-Malware, and Anti-Spyware programs are you using?
This is very helpful to know in these cases.

 

[neo01]

nod 32 detect only 1 warm calld warm b i deleted it and everything is fine but when i am restart i get this 2 massages

 

[neo01]

if i format my computer everything back to normal?

 

[NormCameron]

if i format my computer everything back to normal?

Win.exe is a Trojan Dropper usually associated with a malware program such as Anti Virus 2009(among many others). You should be able to remove it with Microsoft Malicious Software Removal Tool. If you still have problems with the registry try running a system restore to before you had the problem. Then run your AV scan and MSRT again.

Let us know how you go. Reformat should be the last resort as you'll have to reinstall everything.

Norm

 

[dinesh]

if i format my computer everything back to normal?

if you format, everything has to be alright but then it will not be a good option. according to me, its a trojan and try scanning the system from the following items:
1) Norton internet security 2009- Trial.
www.norton.com/nis09
2) Super Antispyware
www.superantispyware.com
3) Smitfraudfix
http://www.bleepingcomputer.com/resources/link243.html
Make sure you run a full system scan.

 

[neo01]

thank for the help but the main thing i need to know if there a connection between blue screen and hard drive power failure to this Trojan?

 

[dinesh]

thank for the help but the main thing i need to know if there a connection between blue screen and hard drive power failure to this Trojan?

Trojans could cause blue screens but cannot cause HDD power failure.

 

[NormCameron]

thank for the help but the main thing i need to know if there a connection between blue screen and hard drive power failure to this Trojan?

Trojans could cause blue screens but cannot cause HDD power failure.

I agree Dinesh. However, if he's getting blue screens etc. it looks like he's got more than the Dropper. May well be a format is a good option. I haven't had too much success completely removing everything from a full blown infection

Norm

 

[neo01]

what is the best and i mean the best software for trojan spyware hijack ????????

 

[NormCameron]

what is the best and i mean the best software for trojan spyware hijack ????????

You could try this

Scan your computer some viruses caused this - because scanning on allive system is not credible I suggest to use this liveCD with antivir Index of /devbuilds/RescueDisk/
Let know us about results - even if you'll restore system you can still have some trouble

 

[Barman58]

Hi neo01,

The "best" is very subjective you may want to try downloading, installing, and running the following preferably from safe mode.

Spybot S&D
The home of Spybot-S&D!
Malware Bytes
Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com

When they have finished download and run this ...

CCleaner - Download

use this to generally clean up your system and then use the registry cleaner option to tidy the registry (use the backup registry option before you clean the registry)

After this is completed run this to check your system files.

System Files - SFC Command - Vista Forums

this will hopefully clean up the trojans and their damage

 

[SIW2]

Hi neo01,

There are several well respected antivirus/malware products, including the ones already posted. No one product can always be 100% effective.

I use avast free home edition as my resident protection, and rate a squared free very highly as an on - demand scanner.

Download FREE antivirus software - avast! Home Edition

a-squared Free - Free of charge Anti-Virus, Anti-Trojan, Anti-Spyware, Anti-Dialer and Anti-Worm Software - Freeware!

Hope it helps

SIW2

 

[dinesh]

Hi NormCameron, i agree to what you say.
but format is the last resort as he will have to start everything from the stratch. But then, sometimes we do not have any other option but to format the computer.
Ok, and which blue screen is this? For ex: 0X000000ED or 0X0000007B.

 

[neo01]

i have a update for you i install Malwarebytes' Anti-Malware run a check here is the result

Malwarebytes' Anti-Malware 1.31
Database version: 1546
Windows 6.0.6001 Service Pack 1
25/12/2008 21:50:39
mbam-log-2008-12-25 (21-50-39).txt
Scan type: Full Scan (C:\|)
Objects scanned: 216133
Time elapsed: 52 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Common Files\chd.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\msqpdxmnmxkedr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.


but still get the 2 massages every time when windows is on what do you say?

 

[NormCameron]

when i start my windows vista i got 2 messages


1.c:\windows\inf\other.exe specified in the registry make sure the file exists on your computer or remove the reference to it in the registry



2.could not load or run c:\windows\system32\config\win.exe specified in the registry.make sure the file exists on your computer or remove the rference to it in the registry


what this 2 means please i am very worried

thanks for the helpers :D

if i format my computer everything back to normal?

Win.exe is a Trojan Dropper usually associated with a malware program such as Anti Virus 2009(among many others). You should be able to remove it with Microsoft Malicious Software Removal Tool. If you still have problems with the registry try running a system restore to before you had the problem. Then run your AV scan and MSRT again.

Let us know how you go. Reformat should be the last resort as you'll have to reinstall everything.

Norm

Hi neo01,

The "best" is very subjective you may want to try downloading, installing, and running the following preferably from safe mode.

Spybot S&D
The home of Spybot-S&D!
Malware Bytes
Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com

When they have finished download and run this ...

CCleaner - Download

use this to generally clean up your system and then use the registry cleaner option to tidy the registry (use the backup registry option before you clean the registry)

After this is completed run this to check your system files.

System Files - SFC Command - Vista Forums

this will hopefully clean up the trojans and their damage

Which of the above advice did you take? Did you also do a full system restore to BEFORE you had the problem (then run your various Spyware removers again)?

Norm

 

[johngalt]

Well, the log that he posted is from Malwarebytes' AntiMalware so I'd guess that is the path he took....

neo01 - if you have good backups of all your files, then I'd recommend a clean reinstall of Vista to start back over. Just realize by clean I mean formatting the HD and then letting Vista install, not installing it over itself. You'll need to install all apps, programs, etc again, and apply any and all tweaks / customizations that you previously applied.

 

[Tepid]

if you have good backups of all your files
If not, back them up now....

Then....
Try running Spybot S&D, then Smitfraudfix, then Combofix, then Spybot again
Then run NOD32 online scanner and Live OneCare Safety Scanner.

This has, (in the past) completely cleaned up a Antivirus XP 2008 and 2009 infected system (among other infections).

If that does not work, Nuke and Reload.