Registry - Illegal instruction errors

[kimandbear]

Just recently I tried to get into the registry and a window came up and it said:

(Something about an illegal instruction) then:

CS:9fff IP:0054 OP:db ff ff c3 e7

Then I had a choice to either ignore or abort. I chose to ignore and then another similar one came up, again, the choice to either ignore or abort. Again I chose to ignore and another one came up. I think you get the picture. In total about 10 windows popped up one after the other.

I just tried to open it up now to see what it says exactly, however, now the command window pops up for about 1/2 a second and then disappears.

I remember one of the windows saying something about 16 bit window in a 32 bit window or something like that.

To help you with this is my computer particulars:

Windows XP Pro - Version 2002
Celeron CPU 2.66 Gzzzhz - 0.99 GB of Ram
emachine - Desktop - C - 2881

I'm not sure what else I could tell you to help you with, so please let me know if there is anything else you need to know.

Thanks alot for this. I can't beleive that you are all willing to take time out to help others and I just wanted to say that I think it's pretty cool.

Cheers!
Kimberley

 

[pscowboy]

We will need some elaboration.

1. Are you SP2?
2. Are you having any other trouble?
3. Are you running an anti-virus? Which one?
4. Are you running anti-spyware apps? Which ones?
5. Can you reach the desktop, upon boot, without incident?
6. Can you remember what was going on with your pc before the trouble started?
7. Are you comfortable doing stuff in DOS, like off a boot menu?
8. Have all your "protection" scans been negative? Or, were you hit with something?

Problems getting into the registry can be a sign of a worm or virus.

Don't panic! There are many courses of action to try. Give us the answers, and we'll go from there.

 

[nolo]

it's a bitch when you are denied to the task manager or regedit, because that's about the only way you can shut down the malicious processes...

as a substitute to the task manager you can use procexplorer.

you can regain your rights to edit the registry or to use the task manager by tweaking the security policy. just open a mmc and add a security policy snapin, and in it you can grant/deny rights for using them (or just any other facility in windows).

 

[Zoron]

If the task manager or regedit won't open, it's definately a virus. If it's the same virus I'm thinking of, you shouldn't be able to right-click either.

 

[Jake_Barnes]

Good to know ... now what is that virus name?

 

[Zoron]

Meh... I see so many viruses in the course of a month, you really expect me to remember?



I don't remember the name, but I do remember that it spread by MSN Messenger. Now, my memory could be fuzzy, but I'm pretty sure of that much. Again, though, the name eludes me at the moment. One of the free virus scans should pick it up and clean it though.

(You may have to check your Hosts file to make sure the antivirus sites haven't been blocked)

 

[Jake_Barnes]

LOL ... I've got a 460KB Hosts file (that's locked down tighter than a drum). I was curious so I could google it. I do some sercurity moding at another site though. I'll ask someone there.

 

[Zoron]

Bropia.A spreads via MSN Messenger. It does this by searching the application for an instance of the class 'IMWindowClass' and, if it finds one, it sends itself out with one of the following names: Drunk_lol.pif, Webcam_004.pif, sexy_bedroom.pif, naked_party.pif and love_me.pif.

After it is run, Bropia.A searches -in %systemdir%- files with the following
names: adaware.exe, VB6.EXE, lexplore.exe and Win32.exe. If they don't exist, it creates a file that contains a copy of a variant of Gaobot.
Bropia.A also generates several empty files in the path %systemdir% and opens them to prevent the taskmgr.exe and cmd.exe processes from executing.

Similarly, Bropia.A disables the CTRL+ALT+Del key combination, and can also disable the right button on the mouse.

This is the one I've found that disables CTRL-ALT-Del and the right-click... but if I remember correctly, it also disables regedit.

 

[Jake_Barnes]

Thanks ... looks like a nasty ah heck 8O