Re: hklm/software - virus?

On 17 Jun 2005 06:18:30 -0700, "ddotsyl" <ddotsyl@xxxxxxxxx> wrote:

>I'd appreciate any help I can get in simple terms! Yesterday, I was
>minding my own business when I was hit by a virus of some sort.
>Nortons alerted me of it but couldn't fix it, or stop it in time. As
>quick as it appeared on my screen, pop-ups started appearing 20 per
>second it seems. I downloaded another anti-virus system and I think I
>cleared it. Unfortunately, everything in my startup folder is now in
>the location HKLM/Software/Microsoft/Windows/CurrentVersion/Run.
>
>My question is how can I restore everything to normal without risking
>my system not running at all. Please help!
>
>Thanks
>Sylvia

Virus's are a real pain in the ass. I'm pretty familiar with what
belongs in my windows and windows\system32 directories.

One thing to do is boot using an ERD disk. Get a directory listing in
those two directories and sort them by date. Just by looking, I can
usually tell what belongs and what does not belong. If you can't
tell, you can always do a search for the file('s) in question.

Sort by date; the latest date of course. Remove files that don't
belong. Make sure you unhide too because some will hide files. Go
into your registry and rename your run key to RUN.BAK or something of
the sorts.

Do this in both USER and MACHINE. Of course for user, you'll have to
know the correct SID.

Rename your 'STARTUP' folders for both 'all users' and current logged
on user. This is typically in, C:\documents and
settings\<username>\start menu\programs\startup.

I know I'm being somewhat vague about this, but I know my stuff and am
able to do this when needed without worrying about killing stufff. If
you're not so familiar, you should get someone with more knowledge to
help you.

check your explorer shell in the registry. Sometimes you may think
you're running Explorer but you may be running something else that
looks like explorer. Also, when explorer is run at startup, it could
always be run with another executable attached to it. Don't forget to
check this.

Hope that helps.


-=Paraleptropy=-
http://www.neflyfishing.net
0 Limit,Catch -n- Release

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
.

Relevant Pages

  • aircraft despite Ramzi Dawoods destruction
    ... satisfied and spanish, belongs in front of it, coulding together. ... sort of the establishment's lake. ... co rarely experiences Rifaat, it tears Fahd instead. ...
    (sci.crypt)
  • Re: Weird file name sorting order in folder explorer window
    ... I very often sort files in explorer, ... and it happens to me even in a newly created folder that has ... more recent versions try to sort filenames numerically, ... Microsoft MVP [Windows Shell/User] ...
    (microsoft.public.scripting.vbscript)
  • Re: Copying pictures in a certain order
    ... However, when you are getting a list of files on the CD, with Windows ... For instance, to sort by date, click on the date column. ... you can get Explorer to sort in either ascending or descending order. ... formatted pseudo disk so that the meta-data entries correspond to the ...
    (rec.photo.digital)
  • Re: random ordering a list in excel
    ... before you sort use another helper ... the first entry is in row 1) and sort both columns by the helper column. ... pair, thus, the 1st sentence belongs to class 1 and 2nd sentence ... numbering belongs to class 1 and sentences with an even numbering ...
    (microsoft.public.excel.worksheet.functions)
  • Re: Copying pictures in a certain order
    ... However, when you are getting a list of files on the CD, with Windows ... For instance, to sort by date, click on the date column. ... you can get Explorer to sort in either ascending or descending order. ... Including renaming MP3 files by their MP3 header data for music ...
    (rec.photo.digital)