Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

help with a virus

Posted on 2003-03-28
6
Medium Priority
?
219 Views
Last Modified: 2010-04-26
I have got the following help:


Quote

--------------------------------------------------------------------------------
Probably because the "virus" changed the registry key for opening executable files. Check the value of the following reg key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

Make sure that it has <"%1" %*> as the value to get everything back to normal.

BTW, copy REGEDIT.EXE to REGEDIT.COM first so you can change this

HTH,
AVChap
... take my advice, I don't use it anyway!

--------------------------------------------------------------------------------



how do i do this line:


Quote

--------------------------------------------------------------------------------
BTW, copy REGEDIT.EXE to REGEDIT.COM first so you can change this
--------------------------------------------------------------------------------



when i try to edit the key it says i cannot edit it?
0
Comment
Question by:short_fat_n_black
  • 2
  • 2
  • 2
6 Comments
 

Author Comment

by:short_fat_n_black
ID: 8229501
ok....so i can change the file to .com now...but now i cant edit the key....why wont it let me edit the key???<<cry>>
0
 
LVL 97

Expert Comment

by:war1
ID: 8229536
Greetings, short_fat_n_black!
   The person who wrote got it generally correct, except you cannot get in the registry to edit to make the edit because the Regedit program is an .exe file, and your virus has disable the use of it.  To get it back, perform the registry patch below, which does not require the use of an .exe file. I am assuming you are using Windows 98 or Windows ME. If not, do not perform the patch.
   First, I assume you have gotten rid of the virus that cause this problem. Second, backup the registry. Third, copy the all the info between the line into Notepad. Save the file as "exefix.reg". Select file type as *.*  Once the file is saved, double click on the file, and it will merge the file with the registry. Restart the computer, and your exe files will be working again.

-----------------------------------------------
REGEDIT4

[HKEY_CLASSES_ROOT\.exe]
"Content Type"="application/x-msdownload"
@="exefile"

[HKEY_CLASSES_ROOT\exefile]
"EditFlags"=hex:d8,07,00,00
@="Application"

[HKEY_CLASSES_ROOT\exefile\shell]
@=""

[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

------------------------------------------------------------------

Best wishes, war1
0
 
LVL 97

Expert Comment

by:war1
ID: 8229564
short_fat_n_black,

>> so i can change the file to .com now...but now i cant edit the key

After my fix, you need to change regedit.com back to regedit.exe for future use.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 44

Expert Comment

by:CrazyOne
ID: 8229631
It looks like you have been hit with the YAHA worm

McAffee has utility that is aimed at removing the virus and fixing the registry

Stinger
http://vil.nai.com/vil/stinger/


Also Symantec
Here is a link on how to remove it. This is pretty detailed so pay close attention and do it the way it is outlined.


http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha@mm.html


http://www.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html 

or

http://www.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html 
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 340 total points
ID: 8229635
If this is Win2000 or XP then you need to sign in with an account that has administrative privileges to be able to edit the registry.
0
 

Author Comment

by:short_fat_n_black
ID: 8229892
egh....i ended up just reformatting...again..only twice today! well, thanks for all the help!  I think that the virus was within some files that i backed up so i am starting fresh.  oh btw, the virus was the winampw.exe virus....and i was running xp corp.  and no...i couldnt delete the file.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question