Thread Rating:
![[-]](https://bluegrassrivals.com/forum/images/lifestyle/collapse.png)
11-13-2005, 07:56 PM
I run avg too, and when the program itself wouldnt heal or quarentine it.. I would go into the results and click on the directory it is infected and choose myself to heal or quarentine it.. If it isnt a used program, like major one, you could delete it and redo it.. Just last weekend , our other computer had a BAD virus on it, and we couldnt heal it , but in the process of it, actually went into our windows and wouldnt let me get the desktop, had to format it completely.. So hopefully you can do it yourself and solve your problems.. Thats the only two things, set aside wiping the hard drive, to get rid of it
11-14-2005, 04:35 PM
Do this..
1. Disable System Restore (go to start, programs, accessories, systems tools, system restore to do this.
2. Make sure your virus definitions are uptodate.
THEN
1. Reboot your computer.
2. When the computer starts booting back up keep pressing F8. This will take you to the safe mode selection screen.
3. Choose safe mode.
4. Log in under administrator.
5. Once in safe mode, Hit "Start" then "Run"
6. IN the run command Line type "regedit" (without the quotes and hit enter)
7. This pulls up the registry editor. Heres the path you will follow. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
8. ON the left hit the + sign next to HKEY LOCAL MACHINE
9. NOW UNDER HKEY LOCAL MACHINE Hit the + sign next to software
10. Now under Software Hit the + sign next to Microsoft
11. Now under Microsoft hit the + sign next to Windows
12. Now under Windows hit the + sign next Currentversion
13. Now under Currentversion double the the folder that says 'Run'
14. Now on the right you see some keys.. (viruses 90 percent of the time are planted here so they run on startup) (eg., default key and some more) Right click each key in there and delete them all except the one that references your avg. Its probably avg.exe. BTW, you cant hurt anything by deleting all the keys. So if you dont know its best to delete all them. Windows will regenerate any authenic keys it needs.
Most likely you will have a key named this.. "winupdates" = "%ProgramFiles%\winupdates\winupdates.exe /auto" <<<This is your culprit. But I suggest deleting other keys to incase you have any other viruses you may not no about.
Once you deleted those keys, close the registry editor and follow these next steps.
1. Hit Start, and go to Run.
2. In the Run box type "msconfig" without the quotes
3. press enter.. This will pull up the system configuration utility.
4. Now on the right click on start up tab. Uncheck every thing under startup except for you avg.
5. Hit Apply then OK.
6. YOur system will ask you to reboot. Tell it not right now.
Now..
1. Open up your AVG and do a full system scan while still in safe mode..
2. Once complete reboot your computer normally.
3. You will be prompted at start up that you are using a selective start. Just check never show this again.
Now Enjoy, your Virus free computer.. BTW, I suggest printing this. These steps will fix most any virus.
1. Disable System Restore (go to start, programs, accessories, systems tools, system restore to do this.
2. Make sure your virus definitions are uptodate.
THEN
1. Reboot your computer.
2. When the computer starts booting back up keep pressing F8. This will take you to the safe mode selection screen.
3. Choose safe mode.
4. Log in under administrator.
5. Once in safe mode, Hit "Start" then "Run"
6. IN the run command Line type "regedit" (without the quotes and hit enter)
7. This pulls up the registry editor. Heres the path you will follow. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
8. ON the left hit the + sign next to HKEY LOCAL MACHINE
9. NOW UNDER HKEY LOCAL MACHINE Hit the + sign next to software
10. Now under Software Hit the + sign next to Microsoft
11. Now under Microsoft hit the + sign next to Windows
12. Now under Windows hit the + sign next Currentversion
13. Now under Currentversion double the the folder that says 'Run'
14. Now on the right you see some keys.. (viruses 90 percent of the time are planted here so they run on startup) (eg., default key and some more) Right click each key in there and delete them all except the one that references your avg. Its probably avg.exe. BTW, you cant hurt anything by deleting all the keys. So if you dont know its best to delete all them. Windows will regenerate any authenic keys it needs.
Most likely you will have a key named this.. "winupdates" = "%ProgramFiles%\winupdates\winupdates.exe /auto" <<<This is your culprit. But I suggest deleting other keys to incase you have any other viruses you may not no about.
Once you deleted those keys, close the registry editor and follow these next steps.
1. Hit Start, and go to Run.
2. In the Run box type "msconfig" without the quotes
3. press enter.. This will pull up the system configuration utility.
4. Now on the right click on start up tab. Uncheck every thing under startup except for you avg.
5. Hit Apply then OK.
6. YOur system will ask you to reboot. Tell it not right now.
Now..
1. Open up your AVG and do a full system scan while still in safe mode..
2. Once complete reboot your computer normally.
3. You will be prompted at start up that you are using a selective start. Just check never show this again.
Now Enjoy, your Virus free computer.. BTW, I suggest printing this. These steps will fix most any virus.
11-14-2005, 04:43 PM
I ran norton and it found a virus called bloodhound... i deleted it and msn started working again but my yahoo still doesn't work
11-14-2005, 09:19 PM
Ok bat.. Try this.. Goto C:/Windows and rename regedit.exe to regedit.com
then go to your run line and type "regedit.com"
Sounds like the virus is intercepting regedit.exe. This will work most of time in situations like this.
However, if that doesnt work. Follow the below intructions. The program available will recreate new regedit and msconfig in new folders. But try the method I said above first. Its simpler:rock:
This small VB 6 utility will create a usable backup copy of Taskmgr.exe, MSConfig.exe and Regedit.EXE in a new folder, called C:\EmergencyUtils. The new copies will be named Copy_of_Taskmgr.exe, Copy_of_MSConfig.exe and Copy_of_Regedit.com.
These programs are extremely helpful, and usually necessary in helping to rid your computer of a viral infection. Many virus programs will intercept these programs, based on their original file name, and prevent them from running. The alternate copies will not encounter this problem. Simply navigate to the C:\EmergencyUtils folder and double click the file you need to run.
To use: Download the xp_emergencyutil.zip file and save it to your hard drive. Double-click the xp_emergencyutil.zip file and extract xp_emergencyutil.exe to your hard disk. To run the EXE just double click it, there is no installer. You will have the option of running the programs automatically, after the copies are created.
NOTE: Your antivirus software may warn of a potentially malicious script. This is normal, as the Windows Scripting Host is used to create the "copies" of these 3 utilities.
then go to your run line and type "regedit.com"
Sounds like the virus is intercepting regedit.exe. This will work most of time in situations like this.
However, if that doesnt work. Follow the below intructions. The program available will recreate new regedit and msconfig in new folders. But try the method I said above first. Its simpler:rock:
This small VB 6 utility will create a usable backup copy of Taskmgr.exe, MSConfig.exe and Regedit.EXE in a new folder, called C:\EmergencyUtils. The new copies will be named Copy_of_Taskmgr.exe, Copy_of_MSConfig.exe and Copy_of_Regedit.com.
These programs are extremely helpful, and usually necessary in helping to rid your computer of a viral infection. Many virus programs will intercept these programs, based on their original file name, and prevent them from running. The alternate copies will not encounter this problem. Simply navigate to the C:\EmergencyUtils folder and double click the file you need to run.
To use: Download the xp_emergencyutil.zip file and save it to your hard drive. Double-click the xp_emergencyutil.zip file and extract xp_emergencyutil.exe to your hard disk. To run the EXE just double click it, there is no installer. You will have the option of running the programs automatically, after the copies are created.
NOTE: Your antivirus software may warn of a potentially malicious script. This is normal, as the Windows Scripting Host is used to create the "copies" of these 3 utilities.
11-14-2005, 11:49 PM
well the problem is worm / alcra.b, i have done everything but i cant get into the regedit in order to remoce it, even did a search on the net and they are saying the same thing as you QQ, but they are saying to run nortons and ofcourse i dont have it.
11-15-2005, 01:06 AM
ok bat..
try this..
go to your command line and type in this
" Regedt32 " without the quotes.. note there is not letter I in this one and has 32 on end.
try this..
go to your command line and type in this
" Regedt32 " without the quotes.. note there is not letter I in this one and has 32 on end.
11-15-2005, 01:07 AM
btw, thats a 32 bit version of regedit. Should be on your machine unless its intercepted as well.
11-15-2005, 02:10 AM
bat,, go to this link and download this registry editor and run it instead..
http://www.sharewareconnection.com/downl...recon.html
http://www.sharewareconnection.com/downl...recon.html
11-15-2005, 02:11 AM
it does the same thing as the regedit does.. (edits reg files)
11-15-2005, 02:53 PM
Ok, Bat.. You must have forgot a step or your file was corrupt.
Follow these intructions.
1. Download the xp_emergencyutil.zip file and save it to your hard drive
2. Double-click the xp_emergencyutil.zip file and extract xp_emergencyutil.exe to your hard disk.
3. Doublle click the xp_emergencyutil.exe it will create a directory on you C drive called C:\EmergencyUtils
4. Now go to your C drive and click the folder EmergencyUtils.
5. You will see this when you open it. Double click the copy_of_regedit.com file. This will pull up your registry editor.
6. After you click that and it pulls up the regedit program. See the next thread for instructions on removing. For best results do these steps in safe mode.
Follow these intructions.
1. Download the xp_emergencyutil.zip file and save it to your hard drive
2. Double-click the xp_emergencyutil.zip file and extract xp_emergencyutil.exe to your hard disk.
3. Doublle click the xp_emergencyutil.exe it will create a directory on you C drive called C:\EmergencyUtils
4. Now go to your C drive and click the folder EmergencyUtils.
5. You will see this when you open it. Double click the copy_of_regedit.com file. This will pull up your registry editor.
6. After you click that and it pulls up the regedit program. See the next thread for instructions on removing. For best results do these steps in safe mode.
11-15-2005, 02:54 PM
Do this..
1. Disable System Restore (go to start, programs, accessories, systems tools, system restore to do this.
2. Make sure your virus definitions are uptodate.
THEN
1. Reboot your computer.
2. When the computer starts booting back up keep pressing F8. This will take you to the safe mode selection screen.
3. Choose safe mode.
4. Log in under administrator.
5. Once in safe mode, Go to C:\EmergencyUtils
6. Now double click on the copy_of_regedit like demonstrated in the picture.
7. This pulls up the registry editor. Heres the path you will follow. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
8. ON the left hit the + sign next to HKEY LOCAL MACHINE
9. NOW UNDER HKEY LOCAL MACHINE Hit the + sign next to software
10. Now under Software Hit the + sign next to Microsoft
11. Now under Microsoft hit the + sign next to Windows
12. Now under Windows hit the + sign next Currentversion
13. Now under Currentversion double the the folder that says 'Run'
14. Now on the right you see some keys.. (viruses 90 percent of the time are planted here so they run on startup) (eg., default key and some more) Right click each key in there and delete them all except the one that references your avg. Its probably avg.exe. BTW, you cant hurt anything by deleting all the keys. So if you dont know its best to delete all them. Windows will regenerate any authenic keys it needs.
Most likely you will have a key named this.. "winupdates" = "%ProgramFiles%\winupdates\winupdates.exe /auto" <<<This is your culprit. But I suggest deleting other keys to incase you have any other viruses you may not no about.
Once you deleted those keys, close the registry editor and follow these next steps.
1. Go to C:\EmergencyUtils
2. Double click the copy_of_msconfig
3. This will pull up the system configuration utility.
4. Now on the right click on start up tab. Uncheck every thing under startup except for you avg.
5. Hit Apply then OK.
6. YOur system will ask you to reboot. Tell it not right now.
Now..
1. Open up your AVG and do a full system scan while still in safe mode..
2. Once complete reboot your computer normally.
3. You will be prompted at start up that you are using a selective start. Just check never show this again.
1. Disable System Restore (go to start, programs, accessories, systems tools, system restore to do this.
2. Make sure your virus definitions are uptodate.
THEN
1. Reboot your computer.
2. When the computer starts booting back up keep pressing F8. This will take you to the safe mode selection screen.
3. Choose safe mode.
4. Log in under administrator.
5. Once in safe mode, Go to C:\EmergencyUtils
6. Now double click on the copy_of_regedit like demonstrated in the picture.
7. This pulls up the registry editor. Heres the path you will follow. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
8. ON the left hit the + sign next to HKEY LOCAL MACHINE
9. NOW UNDER HKEY LOCAL MACHINE Hit the + sign next to software
10. Now under Software Hit the + sign next to Microsoft
11. Now under Microsoft hit the + sign next to Windows
12. Now under Windows hit the + sign next Currentversion
13. Now under Currentversion double the the folder that says 'Run'
14. Now on the right you see some keys.. (viruses 90 percent of the time are planted here so they run on startup) (eg., default key and some more) Right click each key in there and delete them all except the one that references your avg. Its probably avg.exe. BTW, you cant hurt anything by deleting all the keys. So if you dont know its best to delete all them. Windows will regenerate any authenic keys it needs.
Most likely you will have a key named this.. "winupdates" = "%ProgramFiles%\winupdates\winupdates.exe /auto" <<<This is your culprit. But I suggest deleting other keys to incase you have any other viruses you may not no about.
Once you deleted those keys, close the registry editor and follow these next steps.
1. Go to C:\EmergencyUtils
2. Double click the copy_of_msconfig
3. This will pull up the system configuration utility.
4. Now on the right click on start up tab. Uncheck every thing under startup except for you avg.
5. Hit Apply then OK.
6. YOur system will ask you to reboot. Tell it not right now.
Now..
1. Open up your AVG and do a full system scan while still in safe mode..
2. Once complete reboot your computer normally.
3. You will be prompted at start up that you are using a selective start. Just check never show this again.
11-15-2005, 11:17 PM
thats strange.. I will upload regedit to my server so you can download it.
http://www.bluegrassrivals.com/clickme.exe
i renamed it to clickme.exe just incase the virus is scanning for files named with regedit. Just save that clickme.exe to your hard drive and then double click it.
http://www.bluegrassrivals.com/clickme.exe
i renamed it to clickme.exe just incase the virus is scanning for files named with regedit. Just save that clickme.exe to your hard drive and then double click it.
11-15-2005, 11:58 PM
can you post me a screen shot?
11-16-2005, 02:28 AM
QQ i went ahead and did a full system recovery, i couldnt get a screen shot, because avg was only telling me 81 infected files, will i have to worry about the worm anymore, i am able to type regedit now and it brings it up. running nortons on it and so far only 2 infected files.
Users browsing this thread: 1 Guest(s)
