Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

After clean-up damage.

1 view
Skip to first unread message

T.H

unread,
Dec 9, 2009, 10:12:58 PM12/9/09
to
I recently helped remove a Windows Police Pro rogue from a computer.
Malwarebytes dealt with it and the owner paid for the product
(Malwarebytes).

However, the Scheduled tasks no longer function. This appears to be
dependent upon the Event Log service running. Attempting to start these
gives a "interface unknown" error 1717 and event log error 126. These
are symptoms found and instructions I have discovered offer no help.

The Hijack log is unremarkable and GMER shows no suspicious activity.

One Googled result shows file damage wherein critical files were named
from *.DLL to *.DLL_ (appended underscore) causing them to appear as
compressed, or so suggested by a similar problem.

Does a "Repair Installation" of Windows seem worth a try before a
complete wipe and re-install?

Thanks for any suggestions.

T.H

David H. Lipman

unread,
Dec 9, 2009, 10:40:13 PM12/9/09
to
From: "T.H" <tinfo...@nospamplease.com>

| Thanks for any suggestions.

| T.H


I presume then eventlog.dll was affected.

See if you can restore; %windir%\servicepackfiles\i386\eventlog.dll
to
%windir%\system32

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


siljaline

unread,
Dec 9, 2009, 10:42:50 PM12/9/09
to

Did you upload an HJT file for expert analysis to any Forum that handles HJT analysis ?
If not, you should before you wipe your HD.

Silj

--
"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

T.H

unread,
Dec 22, 2009, 5:46:36 AM12/22/09
to
David H. Lipman wrote:
> From: "T.H" <tinfo...@nospamplease.com>
>
> | I recently helped remove a Windows Police Pro rogue from a computer.
> | Malwarebytes dealt with it and the owner paid for the product
> | (Malwarebytes).
>
> | However, the Scheduled tasks no longer function. This appears to be
> | dependent upon the Event Log service running. Attempting to start these
> | gives a "interface unknown" error 1717 and event log error 126. These
> | are symptoms found and instructions I have discovered offer no help.
>
> | The Hijack log is unremarkable and GMER shows no suspicious activity.
>
> | One Googled result shows file damage wherein critical files were named
> | from *.DLL to *.DLL_ (appended underscore) causing them to appear as
> | compressed, or so suggested by a similar problem.
>
> | Does a "Repair Installation" of Windows seem worth a try before a
> | complete wipe and re-install?
>
> | Thanks for any suggestions.
>
> | T.H
>
>
> I presume then eventlog.dll was affected.
>
> See if you can restore; %windir%\servicepackfiles\i386\eventlog.dll
> to
> %windir%\system32
>
I just visited the user and eventlog.dll was not damaged - it was gone!
Gone from the %windir%\system32 location.

Restoring it worked a treat!

Thanks and Merry Christmas, David.

Tinfoil (wish I could afford a gold foil hat...)

David H. Lipman

unread,
Dec 22, 2009, 6:25:29 AM12/22/09
to
From: "T.H" <tinfo...@nospamplease.com>

>> I presume then eventlog.dll was affected.

>> See if you can restore; %windir%\servicepackfiles\i386\eventlog.dll
>> to
>> %windir%\system32

| I just visited the user and eventlog.dll was not damaged - it was gone!
| Gone from the %windir%\system32 location.

| Restoring it worked a treat!

| Thanks and Merry Christmas, David.

| Tinfoil (wish I could afford a gold foil hat...)

Thanx for the update and Happy Holidays.

0 new messages