Posted on 12/23/2011 11:13:55 AM PST by GeronL
I have kind of done this before. I have been working to delete a virus all morning on this borrowed computer. I think I have succeeded in the main.
The problem is the virus did cause some problems. Some exe files will not execute. It is probably a registry value that has been changed.
This is a BORROWED computer. I was using it when it apparently got infected. So I have a duty to fix this.
It an an EEPC netbook running Windows XP.
So the registry value at exe in the command line should be what?
SO how do I get access to the registry since Regedit an exe file?
The blank ping file is now 63 kb.
Apparently whatever is writing into it doesn’t care if I delete and replace it.
While it appears I got the main virus and fixed the exe association I still have associated files on the computer.
One of them comes up on task manager as ping.exe and is hogging the processor but is just a ruse apparently. I replaced it with a blank notebook file and it is now around 85kb, so it doesn’t do anything.
There’s another program that writes to this file. I have to figure out how to identify the culprit.
Now I have a different problem
Did you mark the replacement as Read Only?
The second time. It wouldn’t let me after it was being written to by whatever other program. lol.
I need to track down that troll!
ping.exe is running again according to Task Manager and its taking 55-80% of the CPU
There are several suspicious files running on TaskManager...
PSIMREAL.exe??
See if you can find where it's getting loaded.
sorry wrong link.
(Read the 3rd entry.)
Do you still need help....I have some programs that will fix quite a bit of problems. I run them from a thumb drive when needed.
I am going to try Combofix
Kill any process that has 3 characters as a name.
I would recommend that you download from CNET several freeware repair tools, even if they overlap each other, and run scans to cleanup the machine.
I use CCleaner, Avast, Glary Utilities, IOBit Freeware, Advanced System Care, MRU-Blaster, Spybot, all of them carefully chosen after reading CNET reviews.
Beware, as some (all?) install spyware, not always giving you an option. But that’s a minor problem, as the crap is harmless and easily removable.
You may not have to do that but it will probably work. be careful
I kill 3 letter processes then run Rkill (DOS) then FixNCR. It is effective against some of the new nasties that sneak past the AV and firewall.
The Combofix tool from bleepingcomputer doesn’t execute properly, ggrrr
Do you have the latest copy?
I know, I tried downloading it, seeing you mention it and it won’t install. Try the other products I mentioned. There is also IO Bit Malware Fighter.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.