safeboot minimal key error and rootkey trojan

ziggyff · 04-12-2008, 08:35 AM

Ok first time user here.
I've got some kind of rootkey virus/trojan that blocks all anti-virus program loading and scans (as well as loading various microsoft programs, intellimouse, msworks, etc.). It also prevents safemode entry attempts. This virus somehow got past my installed Outpost AV.

Multiple online virus scans tried: panda, trend housecall, bitdefender, and kapersky and 3 days later still stuck as these scans either froze or did not discover any malware other than adware ??

As some online articles suggested, I ran safebootkeyrepair and it got me into safe mode once but at that time all the virus software I tried performing either gave an "invalid win32 appl." error or stated "unable to install in safe mode" msg. Before leaving the one time I was in safe mode, I performed regedit32 and removed all mdelk, srosa, wintems hldrrr keys as suggested by online webhelp forums.(there were about 6 keys ).
Unfortunately most seem to have all reappeared at the next re-boot.

Subsequently as well, every new safe mode attempt just brings me back to a reboot and safebootkeyrepair.exe gives the following error message in the log.txt :

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
plus at end
Error: Key: system\currentcontrolset\control\safeboot\minimal does not exist!
this is one cagey trojan.

any help appreciated: the online virus scans that supposedly avoid the virus blocking either freeze up at around 3-5 minutes or discover nothing (curious becuz the bad programs keep appearing in a search). Complicating matters, by not being able to go into safe mode. this keeps me from running anti virus specific .exe 's from avg, pavark etc. which are suggested to be run in safe mode. I also tried microsoft's malicious software tool which also froze?? (sigh)

I've removed all AV software and only have Spybot sd installed currently which was not on your suggested removal list??

Meanwhile, I'm trying all the online scans again starting with panda (each take about 7-8 hours so I'll have plenty of free time awaiting your advice (smile))

addendum; I forgot to mention that this virus/trojan constantly tries to install something called "microsoft photo info" which i have to cancell a few dozen times anytime i try to use windows explorer or other software

**amateur** · 04-17-2008, 05:40 AM

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

04-12-2008, 08:35 AM	#1 (permalink)
ziggyff Registered User Join Date: Apr 2008 Posts: 1 OS: winxp sp2	safeboot minimal key error and rootkey trojan Ok first time user here. I've got some kind of rootkey virus/trojan that blocks all anti-virus program loading and scans (as well as loading various microsoft programs, intellimouse, msworks, etc.). It also prevents safemode entry attempts. This virus somehow got past my installed Outpost AV. Multiple online virus scans tried: panda, trend housecall, bitdefender, and kapersky and 3 days later still stuck as these scans either froze or did not discover any malware other than adware ?? As some online articles suggested, I ran safebootkeyrepair and it got me into safe mode once but at that time all the virus software I tried performing either gave an "invalid win32 appl." error or stated "unable to install in safe mode" msg. Before leaving the one time I was in safe mode, I performed regedit32 and removed all mdelk, srosa, wintems hldrrr keys as suggested by online webhelp forums.(there were about 6 keys ). Unfortunately most seem to have all reappeared at the next re-boot. Subsequently as well, every new safe mode attempt just brings me back to a reboot and safebootkeyrepair.exe gives the following error message in the log.txt : SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. plus at end Error: Key: system\currentcontrolset\control\safeboot\minimal does not exist! this is one cagey trojan. any help appreciated: the online virus scans that supposedly avoid the virus blocking either freeze up at around 3-5 minutes or discover nothing (curious becuz the bad programs keep appearing in a search). Complicating matters, by not being able to go into safe mode. this keeps me from running anti virus specific .exe 's from avg, pavark etc. which are suggested to be run in safe mode. I also tried microsoft's malicious software tool which also froze?? (sigh) I've removed all AV software and only have Spybot sd installed currently which was not on your suggested removal list?? Meanwhile, I'm trying all the online scans again starting with panda (each take about 7-8 hours so I'll have plenty of free time awaiting your advice (smile)) addendum; I forgot to mention that this virus/trojan constantly tries to install something called "microsoft photo info" which i have to cancell a few dozen times anytime i try to use windows explorer or other software Last edited by ziggyff : 04-12-2008 at 08:52 AM. Reason: addendum

04-17-2008, 05:40 AM	#2 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Rhode Island, USA Posts: 3,252 OS: XP Home SP3, XP MCE SP3, XP Pro SP3	Re: safeboot minimal key error and rootkey trojan Hello and welcome to TSF. Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted. __________________ My services are free. However, you can donate to TSF to help keep it running and prospering. ASAP