?
Solved

help with a virus

Posted on 2003-03-28
6
Medium Priority
?
218 Views
Last Modified: 2010-04-26
I have got the following help:


Quote

--------------------------------------------------------------------------------
Probably because the "virus" changed the registry key for opening executable files. Check the value of the following reg key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

Make sure that it has <"%1" %*> as the value to get everything back to normal.

BTW, copy REGEDIT.EXE to REGEDIT.COM first so you can change this

HTH,
AVChap
... take my advice, I don't use it anyway!

--------------------------------------------------------------------------------



how do i do this line:


Quote

--------------------------------------------------------------------------------
BTW, copy REGEDIT.EXE to REGEDIT.COM first so you can change this
--------------------------------------------------------------------------------



when i try to edit the key it says i cannot edit it?
0
Comment
Question by:short_fat_n_black
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 

Author Comment

by:short_fat_n_black
ID: 8229501
ok....so i can change the file to .com now...but now i cant edit the key....why wont it let me edit the key???<<cry>>
0
 
LVL 97

Expert Comment

by:war1
ID: 8229536
Greetings, short_fat_n_black!
   The person who wrote got it generally correct, except you cannot get in the registry to edit to make the edit because the Regedit program is an .exe file, and your virus has disable the use of it.  To get it back, perform the registry patch below, which does not require the use of an .exe file. I am assuming you are using Windows 98 or Windows ME. If not, do not perform the patch.
   First, I assume you have gotten rid of the virus that cause this problem. Second, backup the registry. Third, copy the all the info between the line into Notepad. Save the file as "exefix.reg". Select file type as *.*  Once the file is saved, double click on the file, and it will merge the file with the registry. Restart the computer, and your exe files will be working again.

-----------------------------------------------
REGEDIT4

[HKEY_CLASSES_ROOT\.exe]
"Content Type"="application/x-msdownload"
@="exefile"

[HKEY_CLASSES_ROOT\exefile]
"EditFlags"=hex:d8,07,00,00
@="Application"

[HKEY_CLASSES_ROOT\exefile\shell]
@=""

[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

------------------------------------------------------------------

Best wishes, war1
0
 
LVL 97

Expert Comment

by:war1
ID: 8229564
short_fat_n_black,

>> so i can change the file to .com now...but now i cant edit the key

After my fix, you need to change regedit.com back to regedit.exe for future use.
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 8229631
It looks like you have been hit with the YAHA worm

McAffee has utility that is aimed at removing the virus and fixing the registry

Stinger
http://vil.nai.com/vil/stinger/


Also Symantec
Here is a link on how to remove it. This is pretty detailed so pay close attention and do it the way it is outlined.


http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha@mm.html


http://www.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html 

or

http://www.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html 
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 340 total points
ID: 8229635
If this is Win2000 or XP then you need to sign in with an account that has administrative privileges to be able to edit the registry.
0
 

Author Comment

by:short_fat_n_black
ID: 8229892
egh....i ended up just reformatting...again..only twice today! well, thanks for all the help!  I think that the virus was within some files that i backed up so i am starting fresh.  oh btw, the virus was the winampw.exe virus....and i was running xp corp.  and no...i couldnt delete the file.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question