PDA

View Full Version : Need Urgent Help!!!


hul2000
10-30-2007, 07:12 PM
My computer got infected by "MntDrCore" virus (a.k.a. "isass.exe"). This was a new version of the virus, so my AVG didn't detect it.
Ayway I removed it by using the following instructions which I found on the net.

"......To remove MntDrCore.exe from your system, follow these steps.
1. Open windows explore and open your pen drive. Don’t click on it to open.
2. Open command prompt and goto pen drive, and type following command.
3. Attrib –H –S
4. Then view your pen and delete right click and delete all newly appeared
files. (there can be files like autorun.inf,autorun.ini and MntDrCore.exe).
5. Open task manager pressing ALT+CTRL+DEL
6. Go to process tab, and sort process by name.
7. There should be two process running namely, (isass.exe an lsass.exe).
8. lsass is a system process, but isass is a process started by a virus.
9. kill isass.exe (it’s really is an ass)
10. Then open windows registry editor (start>run>regedit)
11. Find any value having part ‘isass.exe’.
12. If you find that value, rename the ‘isass.exe’ part to ‘isass1.exe’. So if
you mistakenly change anything you can back track.
13. Then go to MyComputer and open a new searh.
14. After entering the file to search as ‘isass.exe’, click on ‘more advance
options’.
15. Then select the ‘search hidden files and folders option’
16. If you got any copies of isass.exe, delete them all.
17. Now restart you machine............"

I got them all removed including the registry keys.

But I now got a problem. I cannot disable the "Hide Protected System Files" from Folder Options. once I disabled it and click OK it enables itself.

I searched for solutions in the net and found this,

".......Go to the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL

DELETE the value CheckedValue in the right window. (Its type should be REG_SZ and data should be 2.)

Now create a new DWORD value called CheckedValue (same as above, except that the type is REG_DWORD). Modify the value data to 1 (0x00000001).

This should let you change the "Hidden Files and Folders" option..........."

But it didn't work. There is no "REG_RZ" value is the name of "CheckedValue".

Is there anything to do to fix the problem (apart from formatting)?

hul2000
10-30-2007, 07:46 PM
Please Help.

DJAT
10-30-2007, 07:47 PM
Sry maco Format karana eka witarai 1kama piliyama

sajith071
10-30-2007, 07:50 PM
yes machan format karapan...

sri_lion
10-30-2007, 07:53 PM
juz do some googling about the virus info.. who knows maybe u'll find someone's forum posts about a solution..

IF NOT.. FORMAT!!

Kasun007
10-30-2007, 08:00 PM
Don't format your hard drive.No need for this virus.

terrance
10-30-2007, 08:01 PM
Sry maco Format karana eka witarai 1kama piliyama

:yes: :yes: :yes:

Kasun007
10-30-2007, 08:08 PM
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden is not the place for "Hide Protected System Files" .It's for normal hidden files.

You have to go for

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\SupperHidden

and set following values,

CheckedValue = 0
DefaultValue = 0
UncheckedValue = 1

Tell me if it's not working.
.

hul2000
10-30-2007, 08:18 PM
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden is not the place for "Hide Protected System Files" .It's for normal hidden files.

You have to go for

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\SupperHidden

and set following values,

CheckedValue = 0
DefaultValue = 0
UncheckedValue = 1

Tell me if it's not working.
.

It Works.

Thank You

hul2000
10-30-2007, 08:26 PM
Thanks Kasun007,

You saved my HDD from a format. :)

Kasun007
10-30-2007, 08:31 PM
It Works.

Thank You

You are welcome.

Don't try to format your HD for every virus.I don't know why most people say format the HD when virus comes.Try something to do like kill the prcess, rename/edit virus files, delete virus file, etc...

Just play with the virus...You will find lot of things...

hul2000
10-30-2007, 08:36 PM
You are welcome.

Don't try to format your HD for every virus.I don't know why most people say format the HD when virus comes.Try something to do like kill the prcess, rename/edit virus files, delete virus file, etc...

Just play with the virus...You will find lot of things...

Thanks for the advice.

dhanushka7171
10-30-2007, 08:37 PM
machan System restore karala balapan....

tdevinda
10-30-2007, 10:32 PM
I kept a viral code for myself until NOD32 got too smart and deleted the code which was in a text file.
It was a dll.vbs.
I could have done some GOOD stuff with the code. I'll just have to infect myself again to get the code
:( :( :( :( :(

geethq
10-31-2007, 12:28 AM
parana virus kattak

AVG dagena enna ewnta deyyongema pihitay

:rofl:

charmer
10-31-2007, 04:56 AM
I dont understand why ppl saying format the hard drive all the time :no: :baffled: :rolleyes:. you can easily install a fresh copy of windows without formating the hard drive and previous viruses will not come back with the new registry/software settings :no:. this way you can save all your valuble data and files.

may be this wanna be experts dont know wot the hell they are talking about. just chatting shiiit. :D :D

Few valuble steps to save your PC from virus troubles (and fake experts formating it)
--------------------------------------------------------------------------------------------

1. download a proper virus gurad like NOD32, Kaspersky and do a full scan on safe mode

2. ask help from elakiri.com :D. here we have plenty talents to get your PC up and runing in no time. :love:

3. if you can not boot to windows and often getting stuck when it starts, boot it from the command prompt and run the system restore (this will restore your system to an earlier date. so you can easily get rid of viruses) read my thread to do a system restore from command prompt.
http://www.elakiri.com/forum/showthread.php?t=42104

nice support from kasun007. very very good :yes: keep up your good works kasun

blackhole
10-31-2007, 03:50 PM
You are welcome.

Don't try to format your HD for every virus.I don't know why most people say format the HD when virus comes.Try something to do like kill the prcess, rename/edit virus files, delete virus file, etc...

Just play with the virus...You will find lot of things...


:P :P :P :P :P :P

Yes it's true,

But windows restoration is not a perfect solution. Use a good virus guard like Bitdefender AV Plus V.10 it can block this kind of viruses.

:yes: :yes: :yes: