Solved

Worm help quick please

Posted on 2004-04-17
4
151 Views
Last Modified: 2013-12-04
deleted spoolfg.exe (after getin worm - which deleted) from windows dir on granmas pc - no reference on web - now exe apps request prog to run them help
0
Comment
Question by:Serotonin_X_Infinite
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Joseph_Moore earned 500 total points
Comment Utility
Some viruses modify the Registry in a very specific place:
HKEY_CLASSES_ROOT\exefile\shell\open\command
This specific branch controls how an EXE files are opened. What a lot of viruses do is they add themselves to the Default value, so that whenever any EXE file is launched (either by clicking on a shortcut for it, an icon under the Start button, or just double-clicking an EXE file itself), the virus itself is ALSO launched along with the program you want to run.
So, what happens a lot is after the virus file is removed, this REgistry value does NOT get changed back to its default value of:  "%1" %*
Instead, the Registry is left looking like:  "%1" %* spoolfg.exe

Here is a link to a virus on Symantec's site that does this same thing of appending itself to the Default value for running EXE files:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gwgirl.html

The Symantec article tells you how to manually fix the Registry to remove this virus leftover. It's not that hard to do.
0
 
LVL 8

Expert Comment

by:nader alkahtani
Comment Utility
Check online for viruses

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&close_parent=true

OR

Update the AntivVirus then logon by Safe Mode then do scan all computer

good luck
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
Comment Utility
Thanks - i also got a meassage sayin Administrator has restricted access to registry - every1's administrator.

Hope I'm able to get into regedit as it's an exe
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
Comment Utility
*
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now