Re: Regedit will not run

From: Zvi Netiv (support_at_replace_with_domain.com)
Date: 11/04/05

• Next message: Alun Jones: "Re: Microsoft is running a disreputable spyware outfit"
• Previous message: David H. Lipman: "Re: Regedit will not run"
• In reply to: stalingrad: "Regedit will not run"
• Next in thread: stalingrad: "Re: Regedit will not run"
• Reply: stalingrad: "Re: Regedit will not run"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 04 Nov 2005 17:03:32 +0200

"stalingrad" <validemail@validemail.info> wrote:

> I have recently removed viruses & spyware from my computer @ trend micro's
> site. However now when I type regedit at the run box I get an error.
>
> The command prompt window appears with garbage in it, and a dialog is
> displayed titled "16 bit MS-DOS Subsystem" in the dialog it says
> c:\winnt\system32\regedit.com
> The NTVDM CPU has encountered an illegal instruction.
>
> It gives the option to close or ingnore.

As explained in the follow-up post to Dave's, Regedit.com is most probably a
corrupted file of what was a "companion Trojan" to the original Regedit.exe.

The purpose of a companion virus or Trojan is to take advantage of the
precedence in execution of a COM file over EXE, when two files share the same
name, but have different extensions (com vs exe).

My assumption is that the cleaner that you used may have castrated the companion
file but didn't do a complete job, by leaving the companion where it should have
been deleted.

To test whether the original Regedit utility is still there, run REGEDIT.EXE,
explicitly, from the desktop 'run' box and see if regedit opens. If it does,
then delete the bogus regedit.com from the ..\system32 directory.

Regards, Zvi

--
NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew)
InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities

---

• Next message: Alun Jones: "Re: Microsoft is running a disreputable spyware outfit"
• Previous message: David H. Lipman: "Re: Regedit will not run"
• In reply to: stalingrad: "Regedit will not run"
• Next in thread: stalingrad: "Re: Regedit will not run"
• Reply: stalingrad: "Re: Regedit will not run"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Regedit will not run ... However now when I type regedit at the run box I get an error. ... > The purpose of a companion virus or Trojan is to take advantage of the ... but have different extensions (com vs exe). ... > To test whether the original Regedit utility is still there, ... (microsoft.public.security.virus) Re: Regedit will not run ... that the REGEDIT.COM file isn't corrupted, it's a companion Trojan, proper. ... the REGEDIT companion cannot run since your XP system is now ... Before you fix that problem, you need to make sure that there aren't any more ... you'll get reinfected as soon as you fix the 16 bit subsystem. ... (microsoft.public.security.virus) Lost ability to use exe files ... I just lost the ability to use exe files. ... strange problem. ... registered program. ... that gave instructions but I had to use regedit, ... (microsoft.public.windowsxp.general) Re: All .exe files suddenly fail to run ... if you are comfortable with regedit follow these instructions to check my ... if you had to rename regedit then now change it back. ... > cuts to an EXE file to run it, ... > an EXE icon to select another application to run the file, ... (microsoft.public.windowsxp.perform_maintain) Re: All .exe files suddenly fail to run ... >if regedit doesn't start and you get same error as ... >> cuts to an EXE file to run it, ... >> an EXE icon to select another application to run the ... (microsoft.public.windowsxp.perform_maintain)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2005-11