Atlanta Computer Repair by Experts – Available 24/7 @ 404-702-2865
Use the following info to read minidumps:
kd -z C:\WINDOWS\Minidump\{file}.dmp
kd>.logopen c:\debuglog.txt
kd>.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd>.reload;!analyze -v;r;kv;lmnt;.logclose;q
look for c:\debuglog.txt
windbg is the windows debugger user interface.
Both found in the debugger packages found here:
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
Why drive and wait on a “Genius”, when you can sit back and relax while we come to you, fix your problem, and leave YOU feeling like the smart guy? Call us for apple computer repairs by experts today!
404 – 702 -2865
Get the best-in-class solution to protect your mac against viruses, spyware and other malware threats. buy avast! antivirus Mac Edition here! Click Here
This was caused by both the TDSS & the UAC variants of seneka. These are services that run in the background, and have a list of .exe files that are prohibited from running. I like to boot from cd, mount the partition, and then wipe out the UAC and TDSS files manually. I use search functionality to find all files of tdss* and uac* and remove or rename them. Then I use Registry Editor PE to mount the hives and user dat files, then I search for the tdss* and uac* to remove their associated keys, etc.
The easiest way to fix is usually to boot from a bootable disk such as BartPE, etc. Once booted you can check the following folders for new files & folders (sort by date):
Windows
Windows\System
Windows\System32
Windows\System32\drivers
Windows\System32\dllcache
Windows\Downloaded Program Files\
Program Files\
Documents & Settings\{user}\Local Settings\temp
Documents & Settings\{user}\Local Settings\temporary internet files\
Documents & Settings\{user}\Local Settings\Application Data
Documents & Settings\{user}\Application Data
If you see anything with UAC(then gibberish) like UACjkjkjsssv.dll, rename it to UACjkjksssv.dll.BAK for example.
Do the same for anything named TDSS(gibberish). I usually remove Java/Sun directories as I find them and reinstall java later.
Its best to write down the names of things as you rename them. You can use regedit to search for their associations in the registry and export what you find in the registry then delete it. You export first in case you remove something you later find you didnt want to remove.
I found this on another site, but I haven’t tested it. I will test with the next machine we get.
Also try this:
Start > type:
command.com
and at the command.com prompt, type:
ftype exefile=”%1″ %*
That should restore the default association for exefiles again temporarily. Then see if those programs will run.
If they still won’t run, then you need to rename them.
Redownload Combofix and rename it before you save it to your desktop. Renaming after it has been downloaded won’t work.
Then STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Re-enable all the programs that were disabled during the running of ComboFix..
From the run box type the following:
“%userprofile%\desktop\ComboFix.exe” /KillAll
Please save the log and attach it in your next reply.
————–
As for SDFix it should be renamed also,
Or, if you have another pc, use that to download SDFix and extract it on that pc before transfering the SDFix.exe into the infected pc.
Get the best Anti-virus program that we use by Clicking Here
