Posted on 12/23/2011 11:13:55 AM PST by GeronL
I have kind of done this before. I have been working to delete a virus all morning on this borrowed computer. I think I have succeeded in the main.
The problem is the virus did cause some problems. Some exe files will not execute. It is probably a registry value that has been changed.
This is a BORROWED computer. I was using it when it apparently got infected. So I have a duty to fix this.
It an an EEPC netbook running Windows XP.
So the registry value at exe in the command line should be what?
SO how do I get access to the registry since Regedit an exe file?
Assuming you have rebooted —
Depending on the virus, it my have destroyed part of the original .exe files.
If so, you might try a system restore from a time previous to your getting the virus.
Otherwise, you may have to re-install those programs.
Can you open Malware Bytes in safe mode? If you can - and find someting - run it a few more times. Could be tentacles...
If you don’t hear back from me in an hour, I goofed up big time. oops. heh.
I downloaded something called “regeditfix” and it seems to have fixed that particular problem. Now to run Malwarebytes!
There must be more parts to the virus than I thought. It was preventing Malware bytes from running and slowing everything down.
It was called ping.exe in the Task Manager.
Drop rkill to your computer. Run it. It will stop all processes.
Download a temp version of Kaspersky.
Run kaspersky. That should get rid of it. Malwarebytes will coat some bucks.
If the puter is borrowed you are not going to want to spend money on it.
AVAST (Free) has a boot time scanner, it worked for me on a nasty little virus which, wouldn’t let me access command prompt, took all my desktop icons, etc. this was on a Win7 machine. Assuming you can download it, give it a shot.
Hope this helps.
BTW regular scan DID NOT catch virus, only “boot time scan” worked.
Seems to have worked good ‘nuff.
I wonder if there isn’t a couple of monitoring and logging files left from the virus though.
Guess I can run Malware Bytes again to make sure.
You can mess with it by finding ping.exe, and replacing it with an empty file named ping.exe. Mark it read-only.
When you do CCleaner’s Registry Cleaner, you need to run it TWICE.
Once to initially clean it, then again to see if it missed anything the first time. It sometimes does...............
There is also a system file named ping.exe thats been here since March 2008.
The problem one is apparently a temporary file created by ANOTHER program. dang.
That's why you want to leave an empty file in it's place, and make it read only.
Once you do that, whatever is launching it will still find the file where it's expecting it, but it won't run. If whatever is creating tries to create a new one, it will fail because there's already a file there by that name. Making it read-only prevents it from being overwritten by the other program. It may start throwing an error that will tell you what the name of the program that tried to create it is.
Someone else already stated this - but SYSTEM RESTORE
This will change the registry keys back to where they were before you got the virus.
I got bombarded one day after posting on a blog where the virus corrupted everything. I had a terrible time getting into any system files. I was even unable to do a system restore from my desktop. I had to run it in safe mode and killed the little bugger instantly and restored everything back to an earlier time. It’s my best friend!
Thanks guys
The actual name of the file is PING.EXE-31216D26.pf and it is located in the Wondows “Prefetch” folder. I am not sure what file is creating it, but I guess we should see.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.