Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Worm help quick please

Posted on 2004-04-17
4
Medium Priority
?
161 Views
Last Modified: 2013-12-04
deleted spoolfg.exe (after getin worm - which deleted) from windows dir on granmas pc - no reference on web - now exe apps request prog to run them help
0
Comment
Question by:Serotonin_X_Infinite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Joseph_Moore earned 2000 total points
ID: 10851934
Some viruses modify the Registry in a very specific place:
HKEY_CLASSES_ROOT\exefile\shell\open\command
This specific branch controls how an EXE files are opened. What a lot of viruses do is they add themselves to the Default value, so that whenever any EXE file is launched (either by clicking on a shortcut for it, an icon under the Start button, or just double-clicking an EXE file itself), the virus itself is ALSO launched along with the program you want to run.
So, what happens a lot is after the virus file is removed, this REgistry value does NOT get changed back to its default value of:  "%1" %*
Instead, the Registry is left looking like:  "%1" %* spoolfg.exe

Here is a link to a virus on Symantec's site that does this same thing of appending itself to the Default value for running EXE files:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gwgirl.html

The Symantec article tells you how to manually fix the Registry to remove this virus leftover. It's not that hard to do.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 10853187
Check online for viruses

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&close_parent=true 

OR

Update the AntivVirus then logon by Safe Mode then do scan all computer

good luck
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 10853203
Thanks - i also got a meassage sayin Administrator has restricted access to registry - every1's administrator.

Hope I'm able to get into regedit as it's an exe
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 10999335
*
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question