Re: VBS.GAGGLE.D

From: madmax (maxpro4u_at_nomail.afraid.org)
Date: 08/05/04

  • Next message: madmax: "Re: Korgo-V"
    Date: Thu, 05 Aug 2004 00:45:41 GMT
    
    

    Here is info:
    To restart the computer in Safe mode or end the malicious process

           Windows 95/98/Me
           Shut down the computer and turn off the power. Wait for at least
    30 seconds, and then restart the computer in Safe mode. For
    instructions, read the document, "How to start the computer in Safe Mode."

           Windows NT/2000/XP
           To end the malicious process:
              1. Press Ctrl+Alt+Delete once.
              2. Click Task Manager.
              3. Click the Processes tab.
              4. Double-click the Image Name column header to alphabetically
    sort the processes.
              5. Scroll through the list and look for wscript.exe,
    regsrv.exe, and sendi.exe.
              6. If you find the file, click it, and then click End Process.
              7. Exit the Task Manager.

    To reverse the changes made to the registry

    WARNING: Symantec strongly recommends that you back up the registry
    before making any changes to it. Incorrect changes to the registry can
    result in permanent data loss or corrupted files. Modify the specified
    keys only. Read the document, "How to make a backup of the Windows
    registry," for instructions.

        1. Click Start, and then click Run. (The Run dialog box appears.)

           Type notepad c:\repair.reg

           Then click OK.

        2. When prompted for confirmation, click Yes. (The Notepad text
    editor opens.)
        3. Type, or copy and paste, the following lines into the Notepad
    text editor. If you type them, they must be typed exactly as shown here:

           REGEDIT4

           [HKEY_CLASSES_ROOT\regfile\shell\open\command]
           @="regedit.exe \"%1\""

           [-HKEY_CLASSES_ROOT\keyfile]

           [HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
    Host\Settings]
           "Timeout"=-

           [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Scripting
    Host\Settings]
           "Timeout"=-

     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
           "DisableRegistryTools"=-

     
    [HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Policies\System]
           "DisableRegistryTools"=-

     
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
           "DisableRegistryTools"=-

           [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
           "Kernel32"=-
           "Israfel"=-

        4. Click the File menu > Exit. Click Yes when you are prompted to
    save the changes.
        5. Click Start, and then click Run. (The Run dialog box appears.)

           Type c:\repair.reg

           Then click OK.
        6. When prompted for confirmation, click Yes.
        7. When prompted for confirmation again, click OK.
        8. Restart the computer in Normal mode. For instructions, read the
    section on returning to Normal mode in the document, "How to start the
    computer in Safe Mode."

    -max

    -- 
    To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
    This message is virus free as far as I can tell.
    Change nomail.afraid.org to neo.rr.com so you can reply
    (nomail.afraid.org has been set up specifically for
      use in Usenet. Feel free to use it yourself.)
    

  • Next message: madmax: "Re: Korgo-V"

    Relevant Pages

    • Re: 890830 MSRT keeps wanting to download
      ... If you already saved the update on the disk, run the computer in safe mode ... restart your computer, open the Windows Update site and run an update check. ... I have just had a prompt to download updates and guess what it ... The registry key, where versions of MSRT are stored, is probably ...
      (microsoft.public.windowsupdate)
    • Cant login - Deleted winlogon references in registry
      ... registry. ... When I now restart my (XP Professional running a Toshiba ... I have tried safe mode, safe mode with command prompt etc, ...
      (microsoft.public.windowsxp.security_admin)
    • Re: SAFE MODE
      ... These instructions assume that you are using the traditional Windows ... Here is how you get to Safe Mode. ... Select Restart. ...
      (microsoft.public.windowsxp.basics)
    • Re: Where are startup/shutdown files ?
      ... I have already run Norton and Malewarebyes in safe mode ... which took care of all the major virus problems. ... Include scanning with David Lipman's Multi_AV and follow instructions to ... all your data backed up before you take the machine into a shop. ...
      (microsoft.public.windowsxp.general)
    • RE: ZoneAlarm
      ... Boot into safe mode and follow these Instructions. ... access the c:\windows\internet logs folder ... Restart the PC ...
      (Pen-Test)