Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Help Vanity: Fixing damage from Virus (can't access Regedit)
geronl

Posted on 12/23/2011 11:13:55 AM PST by GeronL

I have kind of done this before. I have been working to delete a virus all morning on this borrowed computer. I think I have succeeded in the main.

The problem is the virus did cause some problems. Some exe files will not execute. It is probably a registry value that has been changed.

This is a BORROWED computer. I was using it when it apparently got infected. So I have a duty to fix this.

It an an EEPC netbook running Windows XP.

So the registry value at exe in the command line should be what?

SO how do I get access to the registry since Regedit an exe file?


TOPICS: Chit/Chat; Computers/Internet
KEYWORDS: computerhelp; computerproblem; regedit; techhelp; virus
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-114 next last
To: Red Badger; tacticalogic; TomGuy

The blank ping file is now 63 kb.

Apparently whatever is writing into it doesn’t care if I delete and replace it.


41 posted on 12/23/2011 2:45:33 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 34 | View Replies]

To: freedumb2003; fr_freak

While it appears I got the main virus and fixed the exe association I still have associated files on the computer.

One of them comes up on task manager as ping.exe and is hogging the processor but is just a ruse apparently. I replaced it with a blank notebook file and it is now around 85kb, so it doesn’t do anything.

There’s another program that writes to this file. I have to figure out how to identify the culprit.


42 posted on 12/23/2011 2:48:58 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 4 | View Replies]

To: smokingfrog

Now I have a different problem


43 posted on 12/23/2011 2:49:55 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 14 | View Replies]

To: GeronL

Did you mark the replacement as Read Only?


44 posted on 12/23/2011 2:50:30 PM PST by tacticalogic ("Oh, bother!" said Pooh, as he chambered his last round.)
[ Post Reply | Private Reply | To 41 | View Replies]

To: tacticalogic

The second time. It wouldn’t let me after it was being written to by whatever other program. lol.

I need to track down that troll!


45 posted on 12/23/2011 2:56:09 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 44 | View Replies]

To: tacticalogic

ping.exe is running again according to Task Manager and its taking 55-80% of the CPU


46 posted on 12/23/2011 2:59:09 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 44 | View Replies]

To: tacticalogic

There are several suspicious files running on TaskManager...

PSIMREAL.exe??


47 posted on 12/23/2011 3:04:24 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 44 | View Replies]

To: GeronL
Well, we know what executable name it's using now. I'd search the registry for any reference to ping.exe.

See if you can find where it's getting loaded.

48 posted on 12/23/2011 3:06:52 PM PST by tacticalogic ("Oh, bother!" said Pooh, as he chambered his last round.)
[ Post Reply | Private Reply | To 45 | View Replies]

To: GeronL

https://www.google.com/search?pq=newt&hl=en&ds=i&cp=9&gs_id=17&xhr=t&q=black%20farmer&um=1&safe=off&gbv=2&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.r_cp.,cf.osb&biw=1366&bih=624&wrapid=tljp1324679419567014&ie=UTF-8&sa=N&tab=iw&ei=AwH1TtuXIaOVi


49 posted on 12/23/2011 3:08:24 PM PST by Revolting cat! (Let us prey!)
[ Post Reply | Private Reply | To 47 | View Replies]

To: Revolting cat!

sorry wrong link.


50 posted on 12/23/2011 3:10:03 PM PST by Revolting cat! (Let us prey!)
[ Post Reply | Private Reply | To 49 | View Replies]

To: GeronL

https://www.google.com/search?source=ig&hl=en&rlz=1G1TSNA_ENUS374&q=psimreal&oq=psimreal&aq=f&aqi=g2g-v8&aql=&gs_sm=s&gs_upl=6574l9045l0l12156l8l8l0l2l2l0l146l728l1.5l6l0

(Read the 3rd entry.)


51 posted on 12/23/2011 3:11:21 PM PST by Revolting cat! (Let us prey!)
[ Post Reply | Private Reply | To 47 | View Replies]

To: GeronL

Do you still need help....I have some programs that will fix quite a bit of problems. I run them from a thumb drive when needed.


52 posted on 12/23/2011 3:15:06 PM PST by eyedigress ((Old storm chaser from the west)?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: tacticalogic; Revolting cat!

I am going to try Combofix


53 posted on 12/23/2011 3:15:58 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 48 | View Replies]

To: GeronL

Kill any process that has 3 characters as a name.


54 posted on 12/23/2011 3:19:32 PM PST by eyedigress ((Old storm chaser from the west)?)
[ Post Reply | Private Reply | To 46 | View Replies]

To: GeronL

I would recommend that you download from CNET several freeware repair tools, even if they overlap each other, and run scans to cleanup the machine.

I use CCleaner, Avast, Glary Utilities, IOBit Freeware, Advanced System Care, MRU-Blaster, Spybot, all of them carefully chosen after reading CNET reviews.

Beware, as some (all?) install spyware, not always giving you an option. But that’s a minor problem, as the crap is harmless and easily removable.


55 posted on 12/23/2011 3:20:30 PM PST by Revolting cat! (Let us prey!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL

You may not have to do that but it will probably work. be careful


56 posted on 12/23/2011 3:20:36 PM PST by eyedigress ((Old storm chaser from the west)?)
[ Post Reply | Private Reply | To 53 | View Replies]

To: GeronL

I kill 3 letter processes then run Rkill (DOS) then FixNCR. It is effective against some of the new nasties that sneak past the AV and firewall.


57 posted on 12/23/2011 3:23:34 PM PST by eyedigress ((Old storm chaser from the west)?)
[ Post Reply | Private Reply | To 53 | View Replies]

To: Revolting cat!

The Combofix tool from bleepingcomputer doesn’t execute properly, ggrrr


58 posted on 12/23/2011 3:23:46 PM PST by GeronL (The Right to Life came before the Right to Pursue Happiness)
[ Post Reply | Private Reply | To 55 | View Replies]

To: GeronL

Do you have the latest copy?


59 posted on 12/23/2011 3:26:01 PM PST by eyedigress ((Old storm chaser from the west)?)
[ Post Reply | Private Reply | To 58 | View Replies]

To: GeronL

I know, I tried downloading it, seeing you mention it and it won’t install. Try the other products I mentioned. There is also IO Bit Malware Fighter.


60 posted on 12/23/2011 3:28:15 PM PST by Revolting cat! (Let us prey!)
[ Post Reply | Private Reply | To 58 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-114 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson