Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help, Cannot open Regedit (hijackthis log) [RESOLVED]


  • This topic is locked This topic is locked

#31
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
You've done great so far, don't quit on me yet.

That file is supposed to be a text file. You need to save it to a location, right-click it and choose Install. (It does not display any notice or boxes when you run it.).

Also, please run me another Ewido scan and post that log.

We've made incredible progress... you've gone from 1,000+ infections to less than 7. Just stick with me and we'll figure this out together. It just may take a while longer.

Edited by Guse, 13 July 2005 - 08:49 PM.

  • 0

Advertisements


#32
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Also do something for me. Open My Computer. Click Tools | Folder Options | View. Then, make sure that the radio button for Show Hidden Files and Folders is checked and clear the boxes for Hide Protected Operating System Files (Recommended) and Hide Extensions for Known File Types.

Then, using Windows Explorer (not Search, browse there) and check for these files and let me know if they're there (they may not be):

D:\Windows\System32\cmd.com
D:\Windows\System32\regedit.com


Be really careful that you match up the extension (*.com, *.exe). There SHOULD be a file called "cmd.exe"... "cmd.com" is bad. Don't do anything yet... just give it a look-see.

In your next post, let me know if you find those.
  • 0

#33
mattiscool

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hey Heres my Scan Log


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:11:23 PM, 7/14/2005
+ Report-Checksum: DC5AA96E

+ Scan result:

HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
C:\Documents and Settings\Lou\.jpi_cache\jar\1.0\ar3.jar-586bddde-3e22c5fc.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup


::Report End





and YEs, I see "Regedit.com" and "cmd.com"
  • 0

#34
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Okay, let's try something.

Rename both "regedit.com" and "cmd.com" to "regedit.old" and "cmd.old". Then try to run regedit and cmd again and tell me how that works.

Don't delete the files, rename the extensions.

Let me know.
  • 0

#35
mattiscool

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
1 Down, 1 to go.

CMD works! it open CMD.exe!

But..

Regedit, now opened "Regedit.pif"
  • 0

#36
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Download : The Killbox
Unzip it to the desktop but do NOT run it yet.

First rename "regedit.pif" to regedit.bak. Now try regedit again.

If that works and functionality is back, follow these steps:

Run The Killbox
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\WINDOWS\system32\CMD.OLD
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\regedit.old
    C:\WINDOWS\system32\regedit.bak
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\tracert.com

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. You'll have to do this one file at a time, which means click No until you reach the last file in the list. Then click "Yes" at the LAST Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Post back and let me know.
  • 0

#37
mattiscool

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
i havent read all that yet, but! its still called "regedit.old" in the System32 folder, but when i type in "regedit" in Run, on the..whats it called..the overhead bar... it says "regedit.pif" ...i renamed it Regedit.bak, but its still "regedit.pif"
  • 0

#38
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Does regedt32 work?

That is Start | Run , then type regedt32

Edited by Guse, 14 July 2005 - 03:03 PM.

  • 0

#39
mattiscool

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
yeah that works!..but shouldnt i get rid of the virus files, like Regedit.bak, ping.com, and cmd.old?
  • 0

#40
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Absolutely. I just wanted to make sure. Run the instructions from post 36 (Killbox).

If you're interested, I'd like to get regedit to work. But, if you feel you've got what we need, we can quit.

Is there a regedit.exe in the System32 folder?
  • 0

Advertisements


#41
mattiscool

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
i have

Regedit - Shortcut to MS DOS program
Regedit.bak - BAK File
Regedit32.exe - Application
  • 0

#42
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
If you haven't deleted it already, rename regedit.bak to regedit.exe and then try to run it.
  • 0

#43
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
If you have deleted it, there's a copy of regedit.exe in C:\Windows\ServicePackFiles\i386 that you can copy over to your C:\Windows\System32 folder.

Come to think of it, if renaming "bak" to "exe" doesn't work, we can delete that file and copy the one from ServicePackFiles over to System32 anyways.

Edited by Guse, 14 July 2005 - 03:17 PM.

  • 0

#44
mattiscool

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
oh wow, i did a search. i have Regedit.exe in C:Windows..and it works.


I renamed the other .bak file, to .exe, still didnt work, it still says "regedit.pif"

Edited by mattiscool, 14 July 2005 - 03:18 PM.

  • 0

#45
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Copy that to C:\Windows\System32 and try to run regedit through Start | Run.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP