Re: operating error
From: H Leboeuf (NoAddress_at_generation.invalid)
Date: 04/26/04
- Next message: H Leboeuf: "Re: Page Cannot Be Displayed"
- Previous message: Gregory H: "Re: "Page has expired" - again"
- In reply to: mike: "operating error"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 26 Apr 2004 10:46:12 -0400
Information.
Source: "Ron Badour"
Subject: Re: What is ???????.exe?
1. You may have a Backdoor Trojan that creates randomly generated names. I
will refer to it
as "random.exe" instead of rewriting this standard message each time to
personalize it for
the random name it chooses. Just substitute your Trojan's name for
"random.exe" in the text
below. (Note: As you start fixing the problem, you may notice more than one
name involved so
write down the names you find.) This is a simple procedure for removing the
Trojan;
however, if it doesn't work, go here for complete Trojan information:
http://www.hackfix.org/
a. Most likely your system will have lost the ability to open .exe files so
reboot with
your Windows emergency floppy disk in. When you get to an A: prompt, type:
C: and hit enter.
When you get to a C: prompt, type: CD windows and hit enter. When you get
to a Windows:
prompt, type: ren regedit.exe regedit.com and hit enter. This should give
you the ability
to use the registry editor. Remove the floppy and reboot the PC.
b. Open the registry editor (start menu, run and type: regedit.com) to this
key:
HKEY_CLASSES_ROOT\exefile\shell\open\command
In the right pane, right click default and select modify. Cut and paste this
information to
the value data: "%1" %* and click OK. This should allow you to use .exe
files so open the
Explorer to the Windows folder. Rename regedit.com back to regedit.exe
(Note: if the extensions
are not visible, click View, Folder Options, View tab and remove the mark
from: Hide File
Extensions....) Double click regedit.exe to make sure it works
correctly--the registry editor
should appear. If you receive a notice about adding information, click NO.
You may have to restore a copy of the registry.
c. Double-click the system.ini file and look for a line like this in the
boot section:
shell=explorer.exe "random.exe" or shell="random.exe" Remove
"random.exe" so the line reads:
shell=explorer.exe
and then save the file.
d. Double-click the win.ini file and see if "random.exe" is listed after the
load= or
run= lines. If so, delete it and save the file.
Note: there could be a legitimate entry listed along with "random.exe" but
I would delete
it also. If you do, write down the name that you delete and figure out if it
is needed after
your PC is functioning properly.
e. Do a find on your hard drive for "random.exe" and if found, delete it.
(Note: for steps e and f, if you noticed more than one name, search on both
of them.)
f. Open regedit.exe and do a find on "random.exe" and if found, delete it.
2. Here are other sources to check out if you need them:
F-Secure Virus library:
http://ftp.datafellows.com/virus-info/
NAI Virus library:
http://vil.nai.com/vil/default.asp
Symantec Virus library:
http://www.symantec.com/avcenter/vinfodb.html
The Cleaner (Trojan remover software):
http://www.moosoft.com/cleaner.html
-- Regards Source: Ron Badour, MS MVP W95/98 Systems -- Henri Leboeuf Web page: http://www.colba.net/~hlebo49/index.htm === "mike" <anonymous@discussions.microsoft.com> wrote in message news:408f01c42b14$78e3ecc0$a301280a@phx.gbl... > when i start my computer, i get a message every 5 mins. > saying "xpsp1hfm.exe has encountered a problem and needs > to close. We are sorry for the > inconvenience."and "update.exe has encountered a problem > and needs to close. We are sorry for the inconvenience." > and "Windows Service Pack Setup has encountered a problem > and needs to close. We are sorry for the inconvenience." > so please if any body knows about it and can help me. > Thanks
- Next message: H Leboeuf: "Re: Page Cannot Be Displayed"
- Previous message: Gregory H: "Re: "Page has expired" - again"
- In reply to: mike: "operating error"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
