Solved

Worm help quick please

Posted on 2004-04-17
4
155 Views
Last Modified: 2013-12-04
deleted spoolfg.exe (after getin worm - which deleted) from windows dir on granmas pc - no reference on web - now exe apps request prog to run them help
0
Comment
Question by:Serotonin_X_Infinite
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Joseph_Moore earned 500 total points
ID: 10851934
Some viruses modify the Registry in a very specific place:
HKEY_CLASSES_ROOT\exefile\shell\open\command
This specific branch controls how an EXE files are opened. What a lot of viruses do is they add themselves to the Default value, so that whenever any EXE file is launched (either by clicking on a shortcut for it, an icon under the Start button, or just double-clicking an EXE file itself), the virus itself is ALSO launched along with the program you want to run.
So, what happens a lot is after the virus file is removed, this REgistry value does NOT get changed back to its default value of:  "%1" %*
Instead, the Registry is left looking like:  "%1" %* spoolfg.exe

Here is a link to a virus on Symantec's site that does this same thing of appending itself to the Default value for running EXE files:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gwgirl.html

The Symantec article tells you how to manually fix the Registry to remove this virus leftover. It's not that hard to do.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 10853187
Check online for viruses

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&close_parent=true 

OR

Update the AntivVirus then logon by Safe Mode then do scan all computer

good luck
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 10853203
Thanks - i also got a meassage sayin Administrator has restricted access to registry - every1's administrator.

Hope I'm able to get into regedit as it's an exe
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 10999335
*
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Adding site to local intranet security. 4 50
Allow logon locally on server group policy 18 135
Modify local Group Policy through powershell 5 74
Forensic audit of SBS 2008 3 85
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
OfficeMate Freezes on login or does not load after login credentials are input.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question