[Wolfson]

Hi. I just ran Ad-Aware for the first time (After updating it) and it picked up an object listed as HKEY_CLASSES_ROOT:regfile\shell\open\command"" ("regedit.exe" "1%")

It says it's a possible virus infection, but isn't that the file name for the Registry Editor?

Thanks.

[Advertisements]

Hello, yes that one is legit (OK), but in some cases this entry is slightly modified which gives you errors when you want to import regfiles.

So let's check this first..

Open notepad and copy and paste next bold in it:

regedit /e look.txt "HKEY_CLASSES_ROOT\regfile\shell\open\command"
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch must look afterwards:
Doubleclick look.bat and notepad will open with some txt in it. Copy and paste the content of it in your next reply.

[miekiemoes]

Hello, yes that one is legit (OK), but in some cases this entry is slightly modified which gives you errors when you want to import regfiles.

So let's check this first..

Open notepad and copy and paste next bold in it:

regedit /e look.txt "HKEY_CLASSES_ROOT\regfile\shell\open\command"
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch must look afterwards:
Doubleclick look.bat and notepad will open with some txt in it. Copy and paste the content of it in your next reply.

[Wolfson]

Here it is:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="\"regedit.exe\" \"%1\""

[miekiemoes]

Hi,


This above isn't standard... It must be:

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

Ok, we need to change that manually, because using a regfix won't help because you'll get an error.

* Download: Registrar Lite

* Start Registrar Lite
Copy and paste the next bold into the address bar on top in Registrar Lite:

HKEY_CLASSES_ROOT\regfile\shell\open\command

Click the green Go button.
You'll see a purple/pink folder highlighted in the left pane with the name command

In the right pane, you'll see 'default'
Doubleclick on it and a new window will open.
So, on top of this new window, keyname must be: HKEY_CLASSES_ROOT\regfile\shell\open\command

There you'll also see: 'Value'
Change that value to regedit.exe "%1"
This is how it must look afterwards:



Click apply and click OK at the prompt.
Click OK again to close that window.

Reboot and doubleclick look.bat again and post the content of it in your next reply.

Edited by miekiemoes, 08 October 2005 - 12:43 PM.

[Wolfson]

OK:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[miekiemoes]

Okay, we fixed that.

Now scan again with adaware and it won't show that alert anymore.
Let me know.

[miekiemoes]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.