What is HKLMU.exe
in [Windows XP]
|
Prev: diagnosing regsvr32 return code 0x8002801c (aka TYPE_E_REGISTRYACCESS)
Next: Remote Desktop Auto Maximize Window
From: ICU on 16 Oct 2009 10:07 Yes I shoud have said Anti-virus, the problem has me slightly flustereded hence the error. The program I have running is AVG Free antivirus , and it is kept up to date automatically. I have experienced the Norton and McAfee merry-go-round a number of years ago and have not wanted to go back there ever again.(G) Thanks for the reply. ICU "Ken Blake, MVP" <kblake(a)this.is.an.invalid.domain> wrote in news:ftjfd5l9pebf6le8ci1rigo2rbq2dass30(a)4ax.com: > > On 15 Oct 2009 21:49:04 GMT, ICU <ICU(a)Nowhere.com> wrote: > >> >> Thanks for the reply. >> >> Well I do have a virus program running > > > Then you are in serious trouble. It's far better to have an > *anti*-virus program running. > > Or if you meant you had an anti-virus program running, please tell us > which one it is. They are far from being equally good, and the two > most well-known, Norton and McAfee, are the worst of them. > > It sounds very much like you are infected. > > > >> and kept up to date and I do keep >> WinXP uptodate and yes the procedures sound long and complex, >> unfortunately a local or independant computer repair shop visit is not >> just not in the cards for a number of reasons. >> Thanks for the reply. >> >> ICU >> >> >> "PA Bear [MS MVP]" <PABearMVP(a)gmail.com> wrote in >> news:eKMQNbcTKHA.5052(a)TK2MSFTNGP05.phx.gbl: >> >> > You are seeing the effects of a hijackware infection! >> > >> > NB: If you had no anti-virus application installed or the subscription >> > had expired *when the machine first got infected* and/or your >> > subscription has since expired and/or the machine's not been kept >> > fully-patched at Windows Update, don't waste your time with any of the >> > below: Format & reinstall Windows. A Repair Install will NOT help! >> > >> > 1. See if you can download/run the MSRT manually: >> > http://www.microsoft.com/security/malwareremove/default.mspx >> > >> > NB: Run the FULL scan, not the QUICK scan! You may need to download >> > the MSRT on a non-infected machine, then transfer MRT.EXE to the >> > infected machine and rename it to SCAN.EXE before running it. >> > >> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan >> > (only!) in Safe Mode with Networking, if need be: >> > http://onecare.live.com/site/en-us/center/howsafe.htm >> > >> > 2b. Vista or Win7=> Run this scan instead: >> > http://onecare.live.com/site/en-us/center/whatsnew.htm >> > >> > 3. Run a /thorough/ check for hijackware, including posting requested >> > logs in an appropriate forum, not here. >> > >> > Checking for/Help with Hijackware: >> > � http://aumha.net/viewtopic.php?f=30&t=4075 >> > >> > � http://mvps.org/winhelp2002/unwanted.htm >> > � http://inetexplorer.mvps.org/tshoot.html >> > � http://www.mvps.org/sramesh2k/Malware_Defence.htm >> > � http://www.elephantboycomputers.com/page2.html#Removing_Malware >> > >> > **Chances are you will need to seek expert assistance in >> > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, >> > http://www.spywarewarrior.com/viewforum.php?f=5, >> > http://www.dslreports.com/forum/cleanup, >> > http://www.bluetack.co.uk/forums/index.php, >> > http://aumha.net/viewforum.php?f=30 or other appropriate forums.** >> > >> > If these procedures look too complex - and there is no shame in >> > admitting this isn't your cup of tea - take the machine to a local, >> > reputable and independent (i.e., not BigBoxStoreUSA) computer repair >> > shop. >
From: Pegasus [MVP] on 16 Oct 2009 12:58 I share your feelings about NAV and McAfee. I have used CA's ETrust for several years on a few dozen machines, with excellent results. Licences come in lots of three and are aggressively priced. "ICU" <ICU(a)Nowhere.com> wrote in message news:Xns9CA666D7E60C4ICU(a)74.209.131.10... > Yes I shoud have said Anti-virus, the problem has me slightly flustereded > hence the error. > The program I have running is AVG Free antivirus , and it is kept up to > date automatically. > I have experienced the Norton and McAfee merry-go-round a number of years > ago and have not wanted to go back there ever again.(G) > > Thanks for the reply. > > ICU > > > > "Ken Blake, MVP" <kblake(a)this.is.an.invalid.domain> wrote in > news:ftjfd5l9pebf6le8ci1rigo2rbq2dass30(a)4ax.com: > >> >> On 15 Oct 2009 21:49:04 GMT, ICU <ICU(a)Nowhere.com> wrote: >> >>> >>> Thanks for the reply. >>> >>> Well I do have a virus program running >> >> >> Then you are in serious trouble. It's far better to have an >> *anti*-virus program running. >> >> Or if you meant you had an anti-virus program running, please tell us >> which one it is. They are far from being equally good, and the two >> most well-known, Norton and McAfee, are the worst of them. >> >> It sounds very much like you are infected. >> >> >> >>> and kept up to date and I do keep >>> WinXP uptodate and yes the procedures sound long and complex, >>> unfortunately a local or independant computer repair shop visit is not >>> just not in the cards for a number of reasons. >>> Thanks for the reply. >>> >>> ICU >>> >>> >>> "PA Bear [MS MVP]" <PABearMVP(a)gmail.com> wrote in >>> news:eKMQNbcTKHA.5052(a)TK2MSFTNGP05.phx.gbl: >>> >>> > You are seeing the effects of a hijackware infection! >>> > >>> > NB: If you had no anti-virus application installed or the > subscription >>> > had expired *when the machine first got infected* and/or your >>> > subscription has since expired and/or the machine's not been kept >>> > fully-patched at Windows Update, don't waste your time with any of > the >>> > below: Format & reinstall Windows. A Repair Install will NOT help! >>> > >>> > 1. See if you can download/run the MSRT manually: >>> > http://www.microsoft.com/security/malwareremove/default.mspx >>> > >>> > NB: Run the FULL scan, not the QUICK scan! You may need to download >>> > the MSRT on a non-infected machine, then transfer MRT.EXE to the >>> > infected machine and rename it to SCAN.EXE before running it. >>> > >>> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan >>> > (only!) in Safe Mode with Networking, if need be: >>> > http://onecare.live.com/site/en-us/center/howsafe.htm >>> > >>> > 2b. Vista or Win7=> Run this scan instead: >>> > http://onecare.live.com/site/en-us/center/whatsnew.htm >>> > >>> > 3. Run a /thorough/ check for hijackware, including posting > requested >>> > logs in an appropriate forum, not here. >>> > >>> > Checking for/Help with Hijackware: >>> > . http://aumha.net/viewtopic.php?f=30&t=4075 >>> > >>> > . http://mvps.org/winhelp2002/unwanted.htm >>> > . http://inetexplorer.mvps.org/tshoot.html >>> > . http://www.mvps.org/sramesh2k/Malware_Defence.htm >>> > . http://www.elephantboycomputers.com/page2.html#Removing_Malware >>> > >>> > **Chances are you will need to seek expert assistance in >>> > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, >>> > http://www.spywarewarrior.com/viewforum.php?f=5, >>> > http://www.dslreports.com/forum/cleanup, >>> > http://www.bluetack.co.uk/forums/index.php, >>> > http://aumha.net/viewforum.php?f=30 or other appropriate forums.** >>> > >>> > If these procedures look too complex - and there is no shame in >>> > admitting this isn't your cup of tea - take the machine to a local, >>> > reputable and independent (i.e., not BigBoxStoreUSA) computer repair >>> > shop. >> >
From: ICU on 16 Oct 2009 13:47 Jose <jose_ease(a)yahoo.com> wrote in news:c92c7409-24bf-49c8-9e03-a5e066b8f604(a)m38g2000yqd.googlegroups.com: > On Oct 15, 5:49�pm, ICU <I...(a)Nowhere.com> wrote: >> Thanks for the reply. >> >> Well I do have a virus program running and kept up to date and I do >> keep WinXP uptodate and yes the procedures sound long and complex, >> unfortunately a local or independant computer repair shop visit is >> not just not in the cards for a number of reasons. >> Thanks for the reply. >> >> ICU >> >> "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote >> innews:eKMQNbcTKHA.5052(a)TK > 2MSFTNGP05.phx.gbl: >> >> >> >> > You are seeing the effects of a hijackware infection! >> >> > NB: If you had no anti-virus application installed or the >> > subscription had expired *when the machine first got infected* >> > and/or your subscription has since expired and/or the machine's not >> > been kept fully-patched at Windows Update, don't waste your time >> > with any of the below: Format & reinstall Windows. �A Repair >> > Install will NOT help! >> >> > 1. See if you can download/run the MSRT manually: >> >http://www.microsoft.com/security/malwareremove/default.mspx >> >> > NB: Run the FULL scan, not the QUICK scan! �You may need to >> > download the MSRT on a non-infected machine, then transfer MRT.EXE >> > to the infected machine and rename it to SCAN.EXE before running >> > it. >> >> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan >> > (only!) in Safe Mode with Networking, if need be: >> >http://onecare.live.com/site/en-us/center/howsafe.htm >> >> > 2b. Vista or Win7=> Run this scan instead: >> >http://onecare.live.com/site/en-us/center/whatsnew.htm >> >> > 3. Run a /thorough/ check for hijackware, including posting >> > requested logs in an appropriate forum, not here. >> >> > Checking for/Help with Hijackware: >> > �http://aumha.net/viewtopic.php?f=30&t=4075 >> >> > �http://mvps.org/winhelp2002/unwanted.htm >> > �http://inetexplorer.mvps.org/tshoot.html >> > �http://www.mvps.org/sramesh2k/Malware_Defence.htm >> > �http://www.elephantboycomputers.com/page2.html#Removing_Malware >> >> > **Chances are you will need to seek expert assistance in >> >http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, >> >http://www.spywarewarrior.com/viewforum.php?f=5, >> >http://www.dslreports.com/forum/cleanup, >> >http://www.bluetack.co.uk/forums/index.php, >> >http://aumha.net/viewforum.php?f=30or other appropriate forums.** >> >> > If these procedures look too complex - and there is no shame in >> > admitting this isn't your cup of tea - take the machine to a local, >> > reputable and independent (i.e., not BigBoxStoreUSA) computer >> > repair shop. > > Reduce the chances of malicious software by running some scans. > > Download, install, update and do a full scan with these free malware > detection programs: > > Malwarebytes (MBAM): http://malwarebytes.org/ > SUPERAntiSpyware: (SAS): http://www.superantispyware.com/ > > These can be uninstalled later if desired. Thanks for the reply and the suggestions. I've downloaded both and run them, Malware found the files I already thought were the culprits, removed them , but I found them back again, so I tried a scan again, found them again and removed, hopefully the are gone for good now but I somehow doubt it. ICU
From: Jose on 16 Oct 2009 14:03 On Oct 16, 1:47 pm, ICU <I...(a)Nowhere.com> wrote: > Jose <jose_e...(a)yahoo.com> wrote innews:c92c7409-24bf-49c8-9e03-a5e066b8f604(a)m38g2000yqd.googlegroups.com: > > > > > > > On Oct 15, 5:49 pm, ICU <I...(a)Nowhere.com> wrote: > >> Thanks for the reply. > > >> Well I do have a virus program running and kept up to date and I do > >> keep WinXP uptodate and yes the procedures sound long and complex, > >> unfortunately a local or independant computer repair shop visit is > >> not just not in the cards for a number of reasons. > >> Thanks for the reply. > > >> ICU > > >> "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote > >> innews:eKMQNbcTKHA.5052(a)TK > > 2MSFTNGP05.phx.gbl: > > >> > You are seeing the effects of a hijackware infection! > > >> > NB: If you had no anti-virus application installed or the > >> > subscription had expired *when the machine first got infected* > >> > and/or your subscription has since expired and/or the machine's not > >> > been kept fully-patched at Windows Update, don't waste your time > >> > with any of the below: Format & reinstall Windows. A Repair > >> > Install will NOT help! > > >> > 1. See if you can download/run the MSRT manually: > >> >http://www.microsoft.com/security/malwareremove/default.mspx > > >> > NB: Run the FULL scan, not the QUICK scan! You may need to > >> > download the MSRT on a non-infected machine, then transfer MRT.EXE > >> > to the infected machine and rename it to SCAN.EXE before running > >> > it. > > >> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan > >> > (only!) in Safe Mode with Networking, if need be: > >> >http://onecare.live.com/site/en-us/center/howsafe.htm > > >> > 2b. Vista or Win7=> Run this scan instead: > >> >http://onecare.live.com/site/en-us/center/whatsnew.htm > > >> > 3. Run a /thorough/ check for hijackware, including posting > >> > requested logs in an appropriate forum, not here. > > >> > Checking for/Help with Hijackware: > >> > http://aumha.net/viewtopic.php?f=30&t=4075 > > >> > http://mvps.org/winhelp2002/unwanted.htm > >> > http://inetexplorer.mvps.org/tshoot.html > >> > http://www.mvps.org/sramesh2k/Malware_Defence.htm > >> > http://www.elephantboycomputers.com/page2.html#Removing_Malware > > >> > **Chances are you will need to seek expert assistance in > >> >http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, > >> >http://www.spywarewarrior.com/viewforum.php?f=5, > >> >http://www.dslreports.com/forum/cleanup, > >> >http://www.bluetack.co.uk/forums/index.php, > >> >http://aumha.net/viewforum.php?f=30orother appropriate forums.** > > >> > If these procedures look too complex - and there is no shame in > >> > admitting this isn't your cup of tea - take the machine to a local, > >> > reputable and independent (i.e., not BigBoxStoreUSA) computer > >> > repair shop. > > > Reduce the chances of malicious software by running some scans. > > > Download, install, update and do a full scan with these free malware > > detection programs: > > > Malwarebytes (MBAM): http://malwarebytes.org/ > > SUPERAntiSpyware: (SAS): http://www.superantispyware.com/ > > > These can be uninstalled later if desired. > > Thanks for the reply and the suggestions. > I've downloaded both and run them, Malware found the files I already > thought were the culprits, removed them , but I found them back again, so > I tried a scan again, found them again and removed, hopefully the are > gone for good now but I somehow doubt it. > > ICU Are we supposed to guess what the culprit files are and what do you do between the time they are removed and the time they come back? If you remove the culprit files and visit a WWW site (or do something) that reinfects your machine, you should not go there, or expect to be infected when you do. I have heard there are some WWW sites that will infect your system with just a visit.
From: Elmo on 16 Oct 2009 15:07
ICU wrote: > Jose <jose_ease(a)yahoo.com> wrote in > news:c92c7409-24bf-49c8-9e03-a5e066b8f604(a)m38g2000yqd.googlegroups.com: > >> On Oct 15, 5:49 pm, ICU <I...(a)Nowhere.com> wrote: >>> Thanks for the reply. >>> >>> Well I do have a virus program running and kept up to date and I do >>> keep WinXP uptodate and yes the procedures sound long and complex, >>> unfortunately a local or independant computer repair shop visit is >>> not just not in the cards for a number of reasons. >>> Thanks for the reply. >>> >>> ICU >>> >>> "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote >>> innews:eKMQNbcTKHA.5052(a)TK >> 2MSFTNGP05.phx.gbl: >>> >>> >>>> You are seeing the effects of a hijackware infection! >>>> NB: If you had no anti-virus application installed or the >>>> subscription had expired *when the machine first got infected* >>>> and/or your subscription has since expired and/or the machine's not >>>> been kept fully-patched at Windows Update, don't waste your time >>>> with any of the below: Format & reinstall Windows. A Repair >>>> Install will NOT help! >>>> 1. See if you can download/run the MSRT manually: >>>> http://www.microsoft.com/security/malwareremove/default.mspx >>>> NB: Run the FULL scan, not the QUICK scan! You may need to >>>> download the MSRT on a non-infected machine, then transfer MRT.EXE >>>> to the infected machine and rename it to SCAN.EXE before running >>>> it. >>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan >>>> (only!) in Safe Mode with Networking, if need be: >>>> http://onecare.live.com/site/en-us/center/howsafe.htm >>>> 2b. Vista or Win7=> Run this scan instead: >>>> http://onecare.live.com/site/en-us/center/whatsnew.htm >>>> 3. Run a /thorough/ check for hijackware, including posting >>>> requested logs in an appropriate forum, not here. >>>> Checking for/Help with Hijackware: >>>> http://aumha.net/viewtopic.php?f=30&t=4075 >>>> http://mvps.org/winhelp2002/unwanted.htm >>>> http://inetexplorer.mvps.org/tshoot.html >>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm >>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware >>>> **Chances are you will need to seek expert assistance in >>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, >>>> http://www.spywarewarrior.com/viewforum.php?f=5, >>>> http://www.dslreports.com/forum/cleanup, >>>> http://www.bluetack.co.uk/forums/index.php, >>>> http://aumha.net/viewforum.php?f=30or other appropriate forums.** >>>> If these procedures look too complex - and there is no shame in >>>> admitting this isn't your cup of tea - take the machine to a local, >>>> reputable and independent (i.e., not BigBoxStoreUSA) computer >>>> repair shop. >> Reduce the chances of malicious software by running some scans. >> >> Download, install, update and do a full scan with these free malware >> detection programs: >> >> Malwarebytes (MBAM): http://malwarebytes.org/ >> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/ >> >> These can be uninstalled later if desired. > > Thanks for the reply and the suggestions. > I've downloaded both and run them, Malware found the files I already > thought were the culprits, removed them , but I found them back again, so > I tried a scan again, found them again and removed, hopefully the are > gone for good now but I somehow doubt it. > > ICU If a Rootkit, or a program running in the background rewrites the registry entries, and reinserts the files, you might want to do the following: Burn BitDefender, or another program listed at the link below, to a CD (using a working machine) and test the infected machine with it. BitDefender also has a Rootkit checker on the Linux Desktop; run it if you think that's the problem: http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/ Download the executable rather than the .iso image, if one is available.. it prompts you to insert a CD and burns the file, no problem. -Or- place the hd in an unaffected machine and run a scan from the working machine. Then run these again: Malwarebytes© Corporation http://www.malwarebytes.org/mbam/program/mbam-setup.exe SuperAntispyware http://www.superantispyware.com/superantispywarefreevspro.html -- Joe =o) |