Re: [OT]Regedit > Thanks everybody
- Posted by Alexander Toresson <alexander.toresson at gmail.com> Feb 05, 2005
- 448 views
don cole wrote: > The .com worked. Then you've got a virus. The virus has set up a program that "runs" your exe files. Go to HKEY_CLASSES_ROOT\exefile\shell\open\command to see what program that is. Change the standard value to "%1" %*. If it's the same virus I once had, it will have replace every .exe you have run with a stub, which then runs the real program, which is copied into a file with the same filename and in the same directory, but with a .dat extension instead. Those stubs are all the same size, ~10k. If that's the case, it means that if you start a single affected program, that registry key will be changed back and the virus will begin to spread again. The thing you'd want to do is create a small program which deletes the .exe and renames the .dat to .exe, if the .exe is the right size. Regards, Alexander Toresson Assembly. Push 'till you pop.