Virus? Can't run regedit

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I think my PC is infected by a virus that blocks use of vital system
utilities *and* clobbers antivirus programs. (I suspected the "Gaobot" virus,
but a Symantec fix tool didn't find it.) Norton Internet Security (2004) quit
running about 10 days ago, and disappeared from my system tray. I
uninstalled and re-downloaded the program, as well as the 2005 version, but
installation fails repeatedly. I found Symantec instructions on how to edit
the registry, but am unable to open registry *even in safe mode.* I tried an
"emergency utilities" tool that claims to create usable copies of utilities,
but even the copies do not run. Both regedit and msconfig won't open.
Windows Live Update also fails. I've had this machine only since September
2004; it has Service Pack 2. Oh, one more thing:
If I do a Google search for Symantec or similar companies, or for the word
"antivirus," my browser closes! Help, please. TIA.

Larry Sherman
Wits End, NY
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Have you tried in safe mode?
and if you want to run something, try to rename the file to .com, liike
regedit.com from a dos prompt...


icenine378 wrote:
> *I think my PC is infected by a virus that blocks use of vital
> system
> utilities *and* clobbers antivirus programs. (I suspected the
> "Gaobot" virus,
> but a Symantec fix tool didn't find it.) Norton Internet Security
> (2004) quit
> running about 10 days ago, and disappeared from my system tray. I
> uninstalled and re-downloaded the program, as well as the 2005
> version, but
> installation fails repeatedly. I found Symantec instructions on how
> to edit
> the registry, but am unable to open registry *even in safe mode.* I
> tried an
> "emergency utilities" tool that claims to create usable copies of
> utilities,
> but even the copies do not run. Both regedit and msconfig won't
> open.
> Windows Live Update also fails. I've had this machine only since
> September
> 2004; it has Service Pack 2. Oh, one more thing:
> If I do a Google search for Symantec or similar companies, or for the
> word
> "antivirus," my browser closes! Help, please. TIA.
>
> Larry Sherman
> Wits End, NY *



--
slurp812
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1336594.html
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

http://www.dougknox.com/xp/utils/xp_emerutils.htm
Creates usable copies of REGEDIT, MSCONFIG and Task Manager

You could be infected with one of these worms:

W32.Spybot.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
W32.Klez.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html
W32.Yaha.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.e@mm.html

These viruses terminate Regedit.exe and taskmgr.exe
W32.HLLW.Kefy:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.kefy.html
W32.HLLW.Cydog@mm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cydog@mm.html
Backdoor.IRC.Yoink.A:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.yoink.a.html
Backdoor.Volac.dr:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.dr.html
W32.Kwbot.R.Worm:
http://www.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html

These viruses delete the Regedit.exe, Regedt32.exe, Msconfig.exe, Taskmgr.exe
W32.Petch.B:
http://www.symantec.com/avcenter/venc/data/w32.petch.b.html
W32.HLLW.Maax.B@mm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.maax.b@mm.html


Downloadable McAfee AVERT Stinger:
Stinger: http://vil.nai.com/vil/stinger/
stand-alone utility used to detect and remove specific viruses. It is not a
substitute for full anti-virus protection, but rather a tool to assist
administrators and users when dealing with an infected system. Stinger utilizes
next generation scan engine technology, including process scanning, digitally
signed DAT files, and scan performance optimizations.


"icenine378" <icenine378@discussions.microsoft.com> wrote in message
news:C3094F4A-6BB7-45C2-80EB-A19106F50870@microsoft.com...
>I think my PC is infected by a virus that blocks use of vital system
> utilities *and* clobbers antivirus programs. (I suspected the "Gaobot" virus,
> but a Symantec fix tool didn't find it.) Norton Internet Security (2004) quit
> running about 10 days ago, and disappeared from my system tray. I
> uninstalled and re-downloaded the program, as well as the 2005 version, but
> installation fails repeatedly. I found Symantec instructions on how to edit
> the registry, but am unable to open registry *even in safe mode.* I tried an
> "emergency utilities" tool that claims to create usable copies of utilities,
> but even the copies do not run. Both regedit and msconfig won't open.
> Windows Live Update also fails. I've had this machine only since September
> 2004; it has Service Pack 2. Oh, one more thing:
> If I do a Google search for Symantec or similar companies, or for the word
> "antivirus," my browser closes! Help, please. TIA.
>
> Larry Sherman
> Wits End, NY
>