Windows

All posts tagged Windows

Warning: The steps discussed below require you to work with the Windows registry. You must be very careful while editing the registry because there is no undo option in Registry Editor and any mistakes in registry edits may render your PC unbootable. This is the reason why, it is recommended that you back up the registry before you make any edits to it

Steps to clean up information related to pending installations

1. Open Start menu, select Run, in the Open box type regedit, and then click the OK button.

2. In the Registry Editor window, navigate to the following registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress

3. Remove all information from the InProgress key.

4. Repeat the process for the following registry key:

HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations

5. Restart your computer and run the installation of the program that caused the problem again.

Symptoms:

I found strange behavior on client’s laptop. At every Windows XP startup two 16-bit windows appears with “mustafx” and “mustafx2” in titles.

In %WinDir% and/or %WinDir%\system32 every time I’ve been found mustafx.exe, mustafx2.exe and murka.dat files.

I was not able to delete C:\Documants and Settings\%username%\Local Settings\Temp\dqvthtmw.dat file (maybe another virus/spyware).

In the “Hidden devices” in Device Manager I found: “odtveiuu” -> %windir%\system32\drivers\hororfau.dat.

Also I was not able to delete it from registry in HKLM\System\CurrentControlSet\Services, as well as you can’t set or change any permission for that registry key. I couldn’t stop it or uninstall or change any settings for it even in Safe Mode.

You are not able to install many antiviruses like nod32 2.7, spyware remover Ad-Aware 2007 (it can’t install service), also Windows XP SP2 installation was freezing when it tried to check Windows product key.

Cure: 

The file hororfau.dat and dqvthtmw.dat were deleted by booting from Kaspersky Rescue CD, but after rebooting mustafx.exe and mustafx2.exe still apears again.

——– 

Here is the procedure on Trojan.Virantix.B removal: http://www.precisesecurity.com/threats/trojanvirantixb/