Question about Operating Systems

1 Answer

",.exe" (comma.exe) causing a problem

[System]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\,=]C:\,.EXE=](Embedded EXE o) Trojan.Autorun.EX Disinfect Failed
[System]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\;=]C:\WINDOWS\DEBUG\,.EXE=](Embedded EXE o) Trojan.Autorun.EX Disinfect Failed
C:\WINDOWS\Debug\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)
C:\System Volume Information\_restore{A7C29AB4-ECE2-4045-84D9-6D5286C5E1DB}\RP624\A0250172.inf Trojan.Autorun.EX Disinfect Failed
C:\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)
D:\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)
E:\,.exe=](Embedded EXE o) Trojan.Autorun.EX Delete Failed (file was in an archive)

Posted by on

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that gotĀ 5 achievements.

    Sergeant:

    An expert that hasĀ over 500 points.

    Champion:

    An expert who has answered 200 questions.

  • Expert
  • 310 Answers

Its your OS affected by virus..

Posted on Mar 04, 2008

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

Two Internet Explorer.exe running


I guess that is web3000 Adware. Here is what you need to do.
  1. Check whether one or more file from this list exists on your machine. Use Windows Search.
  2. instnetmgr.dll
    w3knet.dll
    w3knet_rbt.dll
    w3knet_w3i.dll
    w3kpopup.dll
    w3util2.dll
  3. If exist you have to unregister those dll files. Here's how
  4. Click on Start Menu -> Run. In Run box, type this and hit enter each time.
  5. REGSVR32 -u dllname.dll
  6. Dllname.dll must be replaced with each file name above. Do it for each one.
  7. Deleting Registry Keys is the second step.
  8. In the Run box type Regedit and hit enter.
  9. Navigate to the following Keys and Delete each Key.
  10. HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\msbb
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\w3knetwork
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\stashedgmi
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\textwiz_is1
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web3000 network
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web3000 network\displayname
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web3000 network\uninstallstring
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xtractor plus_is1
    HKEY_LOCAL_MACHINE\software\web3000.com
    HKEY_USERS\.default\software\web3000.com
  11. Remove these Directories:
  12. %ProgramFiles%\textwiz\, %CommonPrograms%\textwiz1.5\, %ProgramFiles%\textwiz\tw.exe , %System%\tw.exe
  13. If you were unable to find the exact directories, just find and delete the third file. If you have deleted the folder, skip the third file. The last file will be in System or in System32 as well.
  14. Clear your Temporary Internet files, Temp files in Documents and Settings/<your Admin Account - the one you use>/Temp
  15. To see the temp, you have to set your Folder Options to see Hidden Files and Folders.
  16. In the Run box, type in msconfig and press enter. Go to Startup Tab.
  17. Look and locate files with the locations which we have deleted and Remove their Ticks. If there are any associated files ticked, Remove them as well. Click on OK and click on Restart Later.
  18. Flush your DNS.
  19. In the Run box, type cmd and hit enter.
  20. Type in ipconfig /flushdns and hit enter.
  21. Re start the machine.
Hope this helps. If the problem persists please feel free to contact again. Please be kind enough to RATE the answer.
Thanks for contacting Fixya!

Jul 17, 2010 | Microsoft Windows XP Professional

1 Answer

My OS is XP. It became infected with the internet


Internet Security 2010 manual removal:Kill processes:
IS2010.exe 41.exe winlogon86.exe winupdate86.exe help.gifHELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\IS2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security 2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winupdate86.exe"


help.gifHELP:
how to remove registry entries

Unregister DLLs:
winhelper86.dll
help.gifHELP:
how to unregister malicious DLLs

Delete files:
IS2010.exe 41.exe winhelper86.dll winlogon86.exe winupdate86.exe Internet Security 2010.lnk help.gifHELP:
how to remove harmful files

Delete directories:
C:\s
C:\Program Files\InternetSecurity2010\


Jan 28, 2010 | Microsoft Windows XP Home Edition

3 Answers

Windows cannot find gphone.exe??


Gphone.exe is a file that an instant-message worm infects. This worm spreads through Google chat and Yahoo! Messenger. This “Gphone.exe” worm disables your antivirus security software, and downloads more crapware onto your PC.

To remove do this:
1. Block Gphone.exe sites: http://rnd009.googlepages.com/
2. Stop Gphone.exe processes: %Windir%\gphone.exe
%System%\gphone.exe
%System%\DEFAULT_NOT_SET.exe
C:\Documents and Settings\All Users\Desktop\gphone.exe
%Temp%\gphone.exe
%System%\gphone.exe
%DriveLetter%\New Folder.exe
%DriveLetter%\gphone.exe
[ROOT FOLDER]\New Folder.exe
[ROOT FOLDER]\gphone.exe Get rid of Gphone.exe files:

%DriveLetter%\autorun.inf
%Windir%\Tasks\At1.job
[ROOT FOLDER]\autorun.inf
C:\disk.txt
%System%\autorun.ini
%System%\setting.ini
%Temp%\log_[TIME AND DATE].txt


3. Delete Gphone.exe registry keys using regedit from start - run:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\”shared” = “[ROOT FOLDER]\New Folder.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Yahoo Messengger” = “%System%\gphone.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe gphone.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\”AtTaskMaxHours” = “0′
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\”NextAtJobId” = “2′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr” = “1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableRegistryTools” = “1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NofolderOptions” = “1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Page_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\”HomePage” = “1′
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\”HomePage” = “1′ Note: In any Gphone.exe files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Gphone.exe removal, go ahead and leave a comment.


How to delete Gphone.exe files in Windows XP and Vista:
1.Click your Windows Start menu, and then click “Search.”
2.A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
3.Type a Gphone.exe file in the search box, and select “Local Hard Drives.”
4.Click “Search.” Once the file is found, delete it.
How to stop Gphone.exe processes:
1.Click the Start menu, select Run.
2.Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
3.Click Processes tab, and find Gphone.exe processes.
4.Once you’ve found the Gphone.exe processes, right-click them and select “End Process” to kill Gphone.exe.
How to remove Gphone.exe registry keys:
Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.
1.Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
2.Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
3.To find a registry key, such as any Gphone.exe registry keys, select “Edit,” then select “Find,” and in the search bar type any of Gphone.exe’s registry keys.
4.As soon as Gphone.exe registry key appears, you can delete the Gphone.exe registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
How to delete Gphone.exe DLL files:
1.First locate Gphone.exe DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
2.To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Gphone.exe DLL file is located. If you’re not sure if the Gphone.exe DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
3.When you’ve located the Gphone.exe DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore any Gphone.exe DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.
Did Gphone.exe change your homepage?
1.Click Windows Start menu > Control Panel > Internet Options.
2.Under Home Page, select the General > Use Default.
3.Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
4.Select Apply > OK.
5.You’ll want to open a fresh web page and make sure that your new default home page pops up.
Gphone.exe Removal Tip
Is your computer acting funny after deleting any Gphone.exe files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.
Want to save time finding Gphone.exe files? Download Spyware Doctor, let it find the Gphone.exe files for you, and then manually delete Gphone.exe files.

Aug 04, 2009 | Microsoft Windows XP Professional With...

2 Answers

Have problem with my Microsoft Windows XP Home Edition, when control panel is open get C:\Windows\Systems32\.Exe'. when I try to open java get same message how do I reslove problem? This is a Dell...


To fix your error, you need to have your windows XP cd. This issue occurs because of a missing or corrupted Rundll32.exe file. This issue may also be caused by a virus.

To resolve this issue, follow these steps:
  1. Put the Windows XP CD ROM disk in the CD ROM drive.
  2. Click Start, and then click Run.
  3. Type expand X:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe in the Open box, where X is the letter of your CD ROM Drive.
  4. Restart the computer.
This may not 100% fix your issue but at least its a try.

Jun 02, 2009 | Microsoft Windows XP Home Edition

1 Answer

Loging in on windows xp


Here is the solution to the logon - logoff issue in Windows XP.
(assumes that problem was caused by Malware called BlazeFind)

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)
Type the following command and press Enter.
CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)
COPY USERINIT.EXE WSAUPDATER.EXE
Quit Recovery Console by typing EXIT and restart Windows.
You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)
Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.

Phase II - Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon
In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately if Windows is installed in a different drive.

Close Registry Editor and restart Windows. The Quick Launch settings should be retained now.

Nov 07, 2008 | Microsoft Windows XP Professional With...

2 Answers

Error: C:\program~1\Mywebs~1\bar\1.bin\m3plugin.dll


Hi
Hey dear its a virus, luckily your antivirus has already removed it from your pc. one trace is remains in registry which will try to load it on startup.

Ok, do the following step and get rid of it.
Open Run , type regedit and press enter
Go to

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

and check for the key Shell, the value of this must be Explorer.exe . if you can see some other after that like Explorer.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin... , then remove the second file from the value, means it must only Explorer.exe

Ok, then check for the key Userinit. the value must be C:\WINDOWS\system32\userinit.exe, (including the comma) . If after that some thing is there , then delete it.
Ok thats all. restart your system .

Sep 17, 2008 | Microsoft Windows XP Home Edition

1 Answer

C:\windows\services.exe


It is a Services Control Manager, which is responsible for running, ending, and interacting with system services.

Notice that: C:\windows\system32\services.exe is normal, but with C:\windows\services.exe is not normal and therefore might be a trojan.

This file should be located in %windir%/system32 (ex. C:\Windows\System32) if not or is found outside this system folder it could be a trojan.

Try deleting it with Security Task Manager then delete the directory and the entries in the registry : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run & HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

=))

Aug 30, 2008 | Microsoft Windows Server Standard 2003 for...

3 Answers

Xp error message


Try the following:
  1. Click Start > Run.
  2. Type regedit
  3. Click OK.

    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
  4. Navigate to and delete the following entries:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"dc2k5" = "C:\WINDOWS\SVIQ.EXE"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Fun" = "C:\WINDOWS\system\Fun.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"dc" = "C:\WINDOWS\dc.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"run" = "C:\WINDOWS\system32\config\Win.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe C:\WINDOWS\system32\WinSit.exe"
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load" = "C:\WINDOWS\inf\Other.exe"
  5. Exit the Registry Editor.

Nov 10, 2007 | Microsoft Windows XP Home Edition

Not finding what you are looking for?
Operating Systems Logo

Related Topics:

383 people viewed this question

Ask a Question

Usually answered in minutes!

Top Operating Systems Experts

Les Dickinson
Les Dickinson

Level 3 Expert

18297 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Prashant  Sharma
Prashant Sharma

Level 3 Expert

1127 Answers

Are you an Operating System Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...