Re: Adware virus
From: WinGuy (no_spam_at_nomail.bot)
Date: 06/28/04
- Next message: George Del Monte: "Tracing IPs"
- Previous message: Bruce Chambers: "Re: System Shut Down"
- In reply to: anonymous_at_discussions.microsoft.com: "Adware virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 27 Jun 2004 23:54:15 GMT
The infection is probably watching the task list. Shortly after you launch
regedit it will show but before you can do anything it gets shut down? The
same if you try to run msconfig? Typical example of an infection that
"fights" repair attempts! You might be able to run regedit if you boot in
safe mode, keep tapping the F8 key as you boot. If you can run the command
prompt from safe mode then you can try making a *copy* of both regedit.exe
and msconfig.exe, giving each a different name than originally used but
keeping the same .exe part of the name (this way the infection can not
recognize the task list entry).
If you can not run the command prompt from safe mode so that you can make
those copies then you need to boot into the Recovery Console (it it has been
installed, or you can enter it by booting the 2000 or XP CD) or you might
have to temporarily put the HDD into another NTFS-based (NT, 2000, or XP)
computer, so that you can make the needed copies. If you put the HDD into
another computer be carefull about the HDD jumper settings that might need
to be changed (or go see a tech). Putting the HDD into another computer also
has the advantage of allowing antivirus to be run against it. Note that a
FAT based computer (95/98/ME) can *not* recognize a NTFS based (NT/2000/XP)
HDD. But a NTFS based computer can recognize a FAT based HDD.
If you can, you should set a Recovery Point before you change the registry.
You should also export the entire registry for backup purposes before you
make any changes to it, once you can get into regedit or into a copy of
regedit that is named differently. I didn't look at those keys you list
below so I don't know if it is really safe to modify or delete them, but I
assume you know what you're doing if you are using regedit. Improper usage
of regedit can make your machine unbootable and any changes you make are
immediate upon exit of the registry editor and without need to in any way
save the registry, although a reboot may be needed before some changes take
effect.
<anonymous@discussions.microsoft.com> wrote in message
news:2192801c45c50$4a818dc0$a601280a@phx.gbl...
> I have adware virus and have to delete reg keys. I can
> not run editreg because of it. Is there another way to
> delete these keys?
>
> On the Windows taskbar, click Start > Run.
> In the Run dialog box, type regedit and then click OK.
> In the Register Editor, navigate to and delete the keys:
>
> HKEY_CLASSES_ROOT\CLSID\{000006B1-19B5-414A-849F-
> 2A3C64AE6939}
> HKEY_CLASSES_ROOT\TypeLib\{690BCCB4-6B83-4203-AE77-
> 038C116594EC}
> HKEY_CLASSES_ROOT\Interface\{4534CD6B-59D6-43FD-864B-
> 06A0D843444A}
> HKEY_CLASSES_ROOT\BiDll.BiDllObj.1
> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BiDll.BiDllObj.1
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
> n\
> Explorer\Browser Helper Objects\{000006B1-19B5-414A-849F-
> 2A3C64AE6939}
> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
> {4534CD6B-59D6-43FD-864B-06A0D843444A}
> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
> {000006B1-19B5-414A-849F-2A3C64AE6939}
> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\
> {690BCCB4-6B83-4203-AE77-038C116594EC}
>
>
> Navigate to the registry key:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
> n\Run
>
>
> In the right pane, delete the value:
>
> <Filename of Adware> = <Path to Adware>
>
- Next message: George Del Monte: "Tracing IPs"
- Previous message: Bruce Chambers: "Re: System Shut Down"
- In reply to: anonymous_at_discussions.microsoft.com: "Adware virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
