Re: [OT]Regedit > Thanks everybody

new topic     » goto parent     » topic index » view thread      » older message » newer message 

don cole wrote:
> The .com worked.
Then you've got a virus. The virus has set up a program that "runs" your exe 
files. Go to HKEY_CLASSES_ROOT\exefile\shell\open\command to see what program
that is. Change the standard value to "%1" %*. If it's the same virus I once 
had, it will have replace every .exe you have run with a stub, which then 
runs the real program, which is copied into a file with the same filename 
and in the same directory, but with a .dat extension instead. Those stubs are
all the same size, ~10k. If that's the case, it means that if you start a 
single affected program, that registry key will be changed back and the virus
will begin to spread again. The thing you'd want to do is create a small 
program which deletes the .exe and renames the .dat to .exe, if the .exe is 
the right size.

Regards, Alexander Toresson

Assembly. Push 'till you pop.

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu