Question about Computers & Internet

1 Answer

",.exe" (comma.exe) causing a problem

[System]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\,=]C:\,.EXE=](Embedded EXE o) Trojan.Autorun.EX Disinfect Failed
[System]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\;=]C:\WINDOWS\DEBUG\,.EXE=](Embedded EXE o) Trojan.Autorun.EX Disinfect Failed
C:\WINDOWS\Debug\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)
C:\System Volume Information\_restore{A7C29AB4-ECE2-4045-84D9-6D5286C5E1DB}\RP624\A0250172.inf Trojan.Autorun.EX Disinfect Failed
C:\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)
D:\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)
E:\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)

Posted by on

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that gotĀ 5 achievements.

    Sergeant:

    An expert that hasĀ over 500 points.

    Champion:

    An expert who has answered 200 questions.

  • Expert
  • 310 Answers

Its your OS affected by virus..

Posted on Mar 04, 2008

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

I don't want Palladium on my computer and I can't delete it


Manual Removal procedure for Palladium Pro The first step you must take in order to remove Palladium Pro is to stop one of the following processes below. Only one of them will be running.
  • Palladium.exe
  • PalladiumPro.exe
  • Palladiumantivirus.exe
  • Z.exe
To Stop this process you can browse to the file location shown below and re-name the file first and then restart your computer. Then browse to that file location again and delete the file.
The next step in Palladium Pro removal is to delete the following file:
Windows XP :
  • C:\Program Files\Palladium Pro\PalladiumPro.exe
  • C:\Documents and Settings\USER NAME\Application Data\Palladium.exe
  • C:\Documents and Settings\USER NAME\Application Data\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Palladium Pro.lnk
  • C:\Documents and Settings\USER NAME\Application Data\Roaming\Microsoft\Windows\Start Menu\Programs\Palladium Pro\Palladium Pro.lnk
  • C:\Program Files\Startup\Palladium Pro.lnk
Windows Vista / Windows 7 :
  • C:\Users\YOUR USER NAME\AppData\Palladium.exe
  • C:\Program Files (x86)\Palladium Pro\PalladiumPro.exe
  • C:\Users\YOUR USER NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Palladium Pro.lnk
  • C:\Users\YOUR USER NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palladium Pro\Palladium Pro.lnk
  • C:\Program Files (x86)\Startup\Palladium Pro.lnk
  • C:\%AppData%\Z.exe
Once you have successfully deleted these traces, Palladium Pro should no longer be running in your machine and now you should run a complete virus scan for the system using Spyware Doctor with Antivirus. This will let you know whether you have been able to remove all the traces of Palladium Pro successfully and also whether there is any other threat still available in the system.
If you need advanced help or an expert we recommend www.onlinecomputerrepair.org
Palladium Pro Registry Removal Procedures Now that your system is free from the Palladium Pro file traces that have been mentioned above, it is time to get rid of the infected registry items.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Palladium"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Palladium Pro"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Palladium Pro"
  • HKEY_CURRENT_USER\Software\Palladium Pro
It is important that you run a complete virus scan for your computer when you are done with the removal procedure to ensure maximum protection for the system. For that, we suggest you to run the scan with Spyware Doctor with Antivirus.
Palladium Pro Directories: XP
  • C:\Program Files\Palladium Pro\
  • UPDATED: We have a report of it being at C:\Windows\Palladium Pro for some users.
Windows 7 / Windows Vista
  • C:\Program Files (x86) \Palladium Pro
Or mail me googolplexcorporation@gmail.com we will remove it through remote desktop support

Jan 27, 2011 | Computers & Internet

1 Answer

Two Internet Explorer.exe running


I guess that is web3000 Adware. Here is what you need to do.
  1. Check whether one or more file from this list exists on your machine. Use Windows Search.
  2. instnetmgr.dll
    w3knet.dll
    w3knet_rbt.dll
    w3knet_w3i.dll
    w3kpopup.dll
    w3util2.dll
  3. If exist you have to unregister those dll files. Here's how
  4. Click on Start Menu -> Run. In Run box, type this and hit enter each time.
  5. REGSVR32 -u dllname.dll
  6. Dllname.dll must be replaced with each file name above. Do it for each one.
  7. Deleting Registry Keys is the second step.
  8. In the Run box type Regedit and hit enter.
  9. Navigate to the following Keys and Delete each Key.
  10. HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\msbb
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\w3knetwork
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\stashedgmi
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\textwiz_is1
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web3000 network
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web3000 network\displayname
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web3000 network\uninstallstring
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xtractor plus_is1
    HKEY_LOCAL_MACHINE\software\web3000.com
    HKEY_USERS\.default\software\web3000.com
  11. Remove these Directories:
  12. %ProgramFiles%\textwiz\, %CommonPrograms%\textwiz1.5\, %ProgramFiles%\textwiz\tw.exe , %System%\tw.exe
  13. If you were unable to find the exact directories, just find and delete the third file. If you have deleted the folder, skip the third file. The last file will be in System or in System32 as well.
  14. Clear your Temporary Internet files, Temp files in Documents and Settings/<your Admin Account - the one you use>/Temp
  15. To see the temp, you have to set your Folder Options to see Hidden Files and Folders.
  16. In the Run box, type in msconfig and press enter. Go to Startup Tab.
  17. Look and locate files with the locations which we have deleted and Remove their Ticks. If there are any associated files ticked, Remove them as well. Click on OK and click on Restart Later.
  18. Flush your DNS.
  19. In the Run box, type cmd and hit enter.
  20. Type in ipconfig /flushdns and hit enter.
  21. Re start the machine.
Hope this helps. If the problem persists please feel free to contact again. Please be kind enough to RATE the answer.
Thanks for contacting Fixya!

Jul 17, 2010 | Microsoft Windows XP Professional

2 Answers

How do you remove Virtumonde from Windows XP? I have tried malwarebytes and Ad Adware both with no success. I use Avast 5.0 which didn't catch it and Spybot S & D doesn't even spot it as a virus. This...


As far as free tools, you will want to try VundoFix and/or VirtumundoBegone.

VirtuMonde manual removal instructions:
Kill VirtuMonde processes:
kopCFEWV.exe
castlecops[1].exe
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
editpad.exe
quicken.exe
winhost.exe
editpad.exewindowsupd2.exe
quicken.exe
winhost.exe
windowsupd2.exe
Delete VirtuMonde files\folders and unregister dll’s:
opnnljj.dll
cbxxywx.dll
nnnmmlk.dll
vtuspmn.dll
mllkk.dll
sstrs.dll
awtqqnl.dll
kopCFEWV.exe
gf1.0.0.2
castlecops[1].exe
ddcbabx.dll
iifddby.dll
2chkdsk
pmnlk.dll
SbCIe02b.dll
ssttr.dll
geebc.dll
pmnno.dll
jtr0079me.dll
hrj6051se.dll
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
cidrules.dll
rulesak.dll
lspak.dll
editpad.exe
quicken.exe
winhost.exe
unknown.exewindowsupd2.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe

Remove VirtuMonde registry values (keys and subkeys):
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
05029E1B-4C41-4681-8F7F-2AEC346136F4
01ABD624-98FE-4B37-81F2-4E5B41799B6B
1FB63E52-4D6E-48C1-A08F-F630FE50F337
5A4A2D56-931A-4733-9121-033A2D95A274
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
22E58089-6DB5-45D9-BF87-6C8975246D26
F73AF695-229D-4549-B1A0-20DA99A81F19
F00EFDF5-0042-4F5E-9F20-C688409CF918
B2030C9A-DE59-457D-A042-D827AD69C8F3
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
662BB3E3-204F-44FA-A827-143B8AB4B036
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
B763C083-57E0-4993-B058-13008952DF68
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
6148028B-D532-4417-8C0B-5A4A0B745393
D38439EC-4A7F-42b4-90C2-D810D7778FDD
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
83B28A74-640D-48F4-9F51-E80EED7CC7E0
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
D714A94F-123A-45CC-8F03-040BCAF82AD6
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
68616403-4FFB-4B19-B360-0B0B1F55D5EC
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
D01C9902-73AF-47FF-B784-05FDB6604FCF
HKEY_LOCAL_MACHINE\software\targetsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\atlevents.atlevents

Mar 19, 2010 | Dell Dimension 3000 PC Desktop

1 Answer

How can i fix m3plugin .dll error


Do the following step and get rid of it.
Open Run , type regedit and press enter
Go to

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

and check for the key Shell, the value of this must be Explorer.exe . if you can see some other after that like Explorer.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin... , then remove the second file from the value, means it must only Explorer.exe

In Regedit go to;

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

and delete any value except "Default".

then go to;

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

and delete value except default and anti virus.

Best of luck.

Hasan

Dec 05, 2009 | Intel Motherboard

3 Answers

Windows cannot find gphone.exe??


Gphone.exe is a file that an instant-message worm infects. This worm spreads through Google chat and Yahoo! Messenger. This “Gphone.exe” worm disables your antivirus security software, and downloads more crapware onto your PC.

To remove do this:
1. Block Gphone.exe sites: http://rnd009.googlepages.com/
2. Stop Gphone.exe processes: %Windir%\gphone.exe
%System%\gphone.exe
%System%\DEFAULT_NOT_SET.exe
C:\Documents and Settings\All Users\Desktop\gphone.exe
%Temp%\gphone.exe
%System%\gphone.exe
%DriveLetter%\New Folder.exe
%DriveLetter%\gphone.exe
[ROOT FOLDER]\New Folder.exe
[ROOT FOLDER]\gphone.exe Get rid of Gphone.exe files:

%DriveLetter%\autorun.inf
%Windir%\Tasks\At1.job
[ROOT FOLDER]\autorun.inf
C:\disk.txt
%System%\autorun.ini
%System%\setting.ini
%Temp%\log_[TIME AND DATE].txt


3. Delete Gphone.exe registry keys using regedit from start - run:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\”shared” = “[ROOT FOLDER]\New Folder.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Yahoo Messengger” = “%System%\gphone.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe gphone.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\”AtTaskMaxHours” = “0′
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\”NextAtJobId” = “2′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr” = “1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableRegistryTools” = “1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NofolderOptions” = “1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Page_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\”HomePage” = “1′
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\”HomePage” = “1′ Note: In any Gphone.exe files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Gphone.exe removal, go ahead and leave a comment.


How to delete Gphone.exe files in Windows XP and Vista:
1.Click your Windows Start menu, and then click “Search.”
2.A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
3.Type a Gphone.exe file in the search box, and select “Local Hard Drives.”
4.Click “Search.” Once the file is found, delete it.
How to stop Gphone.exe processes:
1.Click the Start menu, select Run.
2.Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
3.Click Processes tab, and find Gphone.exe processes.
4.Once you’ve found the Gphone.exe processes, right-click them and select “End Process” to kill Gphone.exe.
How to remove Gphone.exe registry keys:
Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.
1.Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
2.Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
3.To find a registry key, such as any Gphone.exe registry keys, select “Edit,” then select “Find,” and in the search bar type any of Gphone.exe’s registry keys.
4.As soon as Gphone.exe registry key appears, you can delete the Gphone.exe registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
How to delete Gphone.exe DLL files:
1.First locate Gphone.exe DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
2.To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Gphone.exe DLL file is located. If you’re not sure if the Gphone.exe DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
3.When you’ve located the Gphone.exe DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore any Gphone.exe DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.
Did Gphone.exe change your homepage?
1.Click Windows Start menu > Control Panel > Internet Options.
2.Under Home Page, select the General > Use Default.
3.Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
4.Select Apply > OK.
5.You’ll want to open a fresh web page and make sure that your new default home page pops up.
Gphone.exe Removal Tip
Is your computer acting funny after deleting any Gphone.exe files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.
Want to save time finding Gphone.exe files? Download Spyware Doctor, let it find the Gphone.exe files for you, and then manually delete Gphone.exe files.

Aug 04, 2009 | Microsoft Windows XP Professional With...

1 Answer

C:\windows\services.exe


It is a Services Control Manager, which is responsible for running, ending, and interacting with system services.

Notice that: C:\windows\system32\services.exe is normal, but with C:\windows\services.exe is not normal and therefore might be a trojan.

This file should be located in %windir%/system32 (ex. C:\Windows\System32) if not or is found outside this system folder it could be a trojan.

Try deleting it with Security Task Manager then delete the directory and the entries in the registry : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run & HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

=))

Aug 30, 2008 | Microsoft Windows Server Standard 2003 for...

1 Answer

SOLUTION


This is a trace of a virus which remained in the registry will try to load on startup.

1. Open Run , type regedit and press Enter

2. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

and check for the key Shell, the value of this must be Explorer.exe . If you can see some other after that like Explorer.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin... , then remove the second file from the value. It must be only Explorer.exe

3. Then check for the key Userinit. The value must be C:\WINDOWS\system32\userinit.exe, (including the comma) . If after that some thing is there ,delete it.

4. Restart your system .


thank you
bye
any doubts you can reply me
i am always here to assist you
please rate my solution

Aug 21, 2008 | Intel Motherboard

1 Answer

Start up msg


First
Open task manager and kill process wscript.exe.

Then
Delete VirusRemoval.vbs and Autorun.inf files from all usb drives.
Delete "c:\WINDOWS\system32\userinit.exe"

Then
Go to c:\Windows\System32 and delete the file VirusRemoval.vbs. It is super hidden so first go to Folder Options and check show hidden and check boxes. Also required for the above files.

Then
go to start>run and type regedit and enter
Go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
On the right side look for Shell which should have value of just explorer.exe.
delete anything at right side of explorer.exe if there is anything.

Under same key Winlogon also look for Userinit which should have value of
c:\WINDOWS\system32\userinit.exe,
Delete all the **** after the comma.

Then
Go to HKCU\Software\Microsoft\Internet Explorer\Main
On the right side locate Window Title and delete its value i.e. Sujin.com.np

Under the same key locate Start Page and delete its value i.e. http://sujin.com.np/

then go to Start Menu -> Run -> msconfig -> Startup tab -> uncheck .vbs files

Restart System

Jul 23, 2008 | Computers & Internet

4 Answers

Antivirus 2009


I see these every day, note: also fixes AV 2008 and many others.

This Malware is known as "Rogue anti-virus" software.

This program will remove it: http://www.majorgeeks.com/downloadget.php?id=5360&file=10&evp=2e0d43eb67e1e71c0b31e62c003599c0
the website that has it also has a really good antispyware program called malwarebytes

www.malwarebytes.org

once you run a full scan in this program run this program:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
it's another free antispyware. these are both professional grade removal software for free. I remove this stuff about 3 times a day. It seems this outbreak is the largest I've ever seen.

If you want a good protection suite that will keep it out buy a copy of NOD32 (www.nod32-av.com) another you may not have heard of, it will block this and many others before it even gets on your computer.

Jul 17, 2008 | Balance CN6555 Notebook

3 Answers

Xp error message


Try the following:
  1. Click Start > Run.
  2. Type regedit
  3. Click OK.

    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
  4. Navigate to and delete the following entries:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"dc2k5" = "C:\WINDOWS\SVIQ.EXE"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Fun" = "C:\WINDOWS\system\Fun.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"dc" = "C:\WINDOWS\dc.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"run" = "C:\WINDOWS\system32\config\Win.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe C:\WINDOWS\system32\WinSit.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load" = "C:\WINDOWS\inf\Other.exe"
  5. Exit the Registry Editor.

Nov 10, 2007 | Microsoft Windows XP Home Edition

Not finding what you are looking for?
Computers & Internet Logo

Related Topics:

391 people viewed this question

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

kakima

Level 3 Expert

101642 Answers

David Payne
David Payne

Level 3 Expert

14160 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...