This is what can happen to Windows 7 after the use of OTL or Combofix after or during the process of removal of the leftovers. attached
Quads
Quads
Attachments
netsvcs_win7_problem.jpg (17.94 KiB) Viewed 423 times
A forum for reverse engineering, OS internals and malware analysis
Quads wrote:This is what can happen to Windows 7 after the use of OTL or Combofix after or during the process of removal of the leftovers. attachedI like to see this first hand. Which dropper did you use?
Quads wrote:I can't remember which dropper I used it was a frw days ago, I was testing one as I had a user appear after the use of OTL on XP the netsvcs key was stuffed, XP is easier to fixIt's okay if you can't remember which dropper? Can you tell me IF it's the malware which deleted the netsvcs key OR was it the doing of the tools?
It's this thread that reminded me http://www.bleepingcomputer.com/forums/topic457851.html
Quads wrote:It's the malware that damages the netsvcs key a far few of the timesIf it's malware that's deleting the key, then there's little a tool can do. Legitimate 3rd party programs may also write to such keys. Perhaps inadvisable for automated tools to over-write them default values.
it was after running Combofix the problem with screenshot appeared.Doubt if it's ComboFix's doing. Do you have an X64 machine? Try exporting your netsvcs and compare it.
Quads wrote:I am just telling people all over to be aware of what happens after Combofix and OTL.Lol .. I already said it wasn't caused by ComboFix. Answer is there. Just look closer. ;)
I am working on a thread at the moment where Combofix won't even run buy just unpacks and that is it.Whenever that happens, it's generally advised to double click CF once more. If/When that doesnt work, a reboot typically works.