Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

regedit.exe? [RESOLVED]


  • This topic is locked This topic is locked

#1
Wolfson

Wolfson

    Member

  • Member
  • PipPip
  • 27 posts
Hi. I just ran Ad-Aware for the first time (After updating it) and it picked up an object listed as HKEY_CLASSES_ROOT:regfile\shell\open\command"" ("regedit.exe" "1%")

It says it's a possible virus infection, but isn't that the file name for the Registry Editor?

Thanks.
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello, yes that one is legit (OK), but in some cases this entry is slightly modified which gives you errors when you want to import regfiles.

So let's check this first..

Open notepad and copy and paste next bold in it:

regedit /e look.txt "HKEY_CLASSES_ROOT\regfile\shell\open\command"
start notepad look.txt


Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch must look afterwards: Posted Image
Doubleclick look.bat and notepad will open with some txt in it. Copy and paste the content of it in your next reply.
  • 0

#3
Wolfson

Wolfson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here it is:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="\"regedit.exe\" \"%1\""
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,


This above isn't standard... It must be:

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

Ok, we need to change that manually, because using a regfix won't help because you'll get an error.

* Download: Registrar Lite

* Start Registrar Lite
Copy and paste the next bold into the address bar on top in Registrar Lite:

HKEY_CLASSES_ROOT\regfile\shell\open\command

Click the green Go button.
You'll see a purple/pink folder highlighted in the left pane with the name command

In the right pane, you'll see 'default'
Doubleclick on it and a new window will open.
So, on top of this new window, keyname must be: HKEY_CLASSES_ROOT\regfile\shell\open\command

There you'll also see: 'Value'
Change that value to regedit.exe "%1"
This is how it must look afterwards:

Posted Image

Click apply and click OK at the prompt.
Click OK again to close that window.

Reboot and doubleclick look.bat again and post the content of it in your next reply.

Edited by miekiemoes, 08 October 2005 - 12:43 PM.

  • 0

#5
Wolfson

Wolfson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Okay, we fixed that.

Now scan again with adaware and it won't show that alert anymore. :tazz:
Let me know.
  • 0

#7
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP