Improve company productivity with a Business Account.Sign Up

x
?
Solved

Worm help quick please

Posted on 2004-04-17
4
Medium Priority
?
167 Views
Last Modified: 2013-12-04
deleted spoolfg.exe (after getin worm - which deleted) from windows dir on granmas pc - no reference on web - now exe apps request prog to run them help
0
Comment
Question by:Serotonin_X_Infinite
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Joseph_Moore earned 2000 total points
ID: 10851934
Some viruses modify the Registry in a very specific place:
HKEY_CLASSES_ROOT\exefile\shell\open\command
This specific branch controls how an EXE files are opened. What a lot of viruses do is they add themselves to the Default value, so that whenever any EXE file is launched (either by clicking on a shortcut for it, an icon under the Start button, or just double-clicking an EXE file itself), the virus itself is ALSO launched along with the program you want to run.
So, what happens a lot is after the virus file is removed, this REgistry value does NOT get changed back to its default value of:  "%1" %*
Instead, the Registry is left looking like:  "%1" %* spoolfg.exe

Here is a link to a virus on Symantec's site that does this same thing of appending itself to the Default value for running EXE files:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gwgirl.html

The Symantec article tells you how to manually fix the Registry to remove this virus leftover. It's not that hard to do.
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 10853187
Check online for viruses

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&close_parent=true 

OR

Update the AntivVirus then logon by Safe Mode then do scan all computer

good luck
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 10853203
Thanks - i also got a meassage sayin Administrator has restricted access to registry - every1's administrator.

Hope I'm able to get into regedit as it's an exe
0
 
LVL 1

Author Comment

by:Serotonin_X_Infinite
ID: 10999335
*
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
Watch the video of Kernel Migrator for SharePoint, which demonstrate the process easily of migration from SharePoint to SharePoint, OneDrive for Business & Google Drive servers, Public Folder to SharePoint, File Server to SharePoint. The tool has va…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question