Author Topic: Windows Repair (All in One) is great!  (Read 8176 times)

0 Members and 1 Guest are viewing this topic.

Offline Sarah_Anderson

  • Newbie
  • *
  • Join Date: Sep 2012
  • Posts: 1
  • Karma: 1
    • View Profile
Windows Repair (All in One) is great!
« on: September 05, 2012, 02:20:31 pm »
Hello.  :smiley:

I joined this forum to share my experience of how your excellent Windows Repair (All in One) tool helped me to defeat a particularly nasty malware infection on my husband's Windows XP computer.

He was using the computer normally when suddenly a Metropolitan Police screen locker message popped up saying that "illegal activity had been detected" and the computer had been locked. The screen also said that, if he paid £100 via a PaySafeCard, they would unlock the computer for him.

It was obviously not from the real Metropolitan Police, because I'm sure they don't do things like that. It was some kind of "ransomware" malware infection. So I decided to try to fix it.

There was no way I could get rid of the screen locker in normal mode. The Run command, Task Manager and RegEdit had all been disabled. So I then tried to boot into Safe Mode and found that Safe Mode had also been disabled.

I then booted the computer with an OTLPE boot disk, ran OTL and found a couple of randomly named (obviously malware) dlls were set to run at startup. I deleted these dlls and also their Registry Run entries, and after that the computer booted up normally again.

I then ran a MBAM scan, which found and deleted some more malware and fixed some disabled registry entries. And then I ran a NOD32 scan which found and deleted even  more malware. I then ran aswMBR and TDSSKiller to check for rootkit/bootkit activity, but fortunately no rootkit/bootkit activity was detected. (I had a Gnome Partition Editor (GParted) boot disk ready in case there was a new TDL4 bootkit present that was capable of disabling TDSSKiller or something, but fortunately I didn't have to use it.)

At this stage I thought I had fixed the computer completely, but on further investigation I found that Safe Mode was still disabled and the Windows Firewall and Security Center were also disabled.

I found a reg import to fix the SafeBoot key, which worked a treat. Then I ran Farbar Service Scanner and found that the SharedAccess and wscsvc Service keys were missing from the registry.

I found a reg import to fix the SharedAccess Service, but I could not find one to fix the wscsvc Service.

I then did a bit more Googling and found your Windows Repair (All in One) tool. I ran it with the following options checked:

Reset registry permissions
Reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Windows Updates

And, after a restart, both the Windows Firewall and the Security Center were working fine again. EXCELLENT!

I then ran Farbar Service Scanner again, which found that all the Services were running fine. And then I ran ComboFix, which deleted a few leftovers etc, but found nothing serious. Then, finally, I ran the online Secunia security scanner, which found that Java was out of date, the Adobe Flash Player (ActiveX) for Internet Explorer was out of date, and the Adobe Flash Player Plugin for Firefox was out of date.

I strongly suspect that these out of date programs was how the malware manage to infect the computer in the first place. Anyway, they are all updated now, so hopefully everything should be fine from now on. (As long as my dopey husband manages to KEEP them up to date. LOL.)

So, basically, without your Windows Repair (All in One) tool, getting the Windows Firewall and Security Center working again could have been a bit of a problem. I could probably have got them working again by taking a reg export from another XP machine or extracting the keys from a backup hive. But using your Windows Repair (All in One) tool fixed everything straight away so I didn't have to go fiddling around getting exports from another XP machine or extracting keys from hives and whatnot.

The Windows Repair (All in One) tool is an excellent addition to any computer tech's toolbox, and I congratulate and thank the person who made it.

Keep up the EXCELLENT work.

Love from Sarah.