Missing or Corrupt c:\windows\system32\config\system

The best option here would be to conduct what is called the "repair install", where only the basic and essential system files are replaced without making any other files or folders. When booting from the installation disk you choose the first option to start this facility, where fast and the installer should ask if you want to repair your current installation. This is a quick way to fix damage and / pr missing system files with the preservation of data. This also require the relocation of some programs as well as Service Pack 2 if not included with the installation disk. The other, but not the best advice is the start of the manual XP system restoration process in the recovery of the console. However, the instructions in the following article :

http://www.michaelstevenstech.com/XPrepairinstall.htm is the better method over a limited.
Use of the system restore using the MS instructions found at : http://support.microsoft.com/default.aspx?scid=kb;en-us;304449&sd=tech

1. Insert CD`s Bootable Windows XP

2. Then choose --> Repair "r"

3. Select drive you want repair --> 1: c:\windows (enter)

4. Goto folder : c:\windows\system32\config\
then :
rename c:\windows\system32\config\system system.bad
rename c:\windows\system32\config\software software.bad

5. And then go to c:\windows\repair
copy file "system" and "software" to --> c:\windows\system32\config\
c:\windows\repair\>copy system c:\windows\system32\config\
c:\windows\repair\>copy software c:\windows\system32\config\

6. Remove CD Boottable from CD-Drive

7. Exit and done

Troubleshoot, Tweaks and Fixes Registry Edits For Repair Windows XP

http://www.ziddu.com/download/2887827/DisableorEnableRegistryEditingTools.rar.html

http://www.ziddu.com/download/2887828/AddCommandLinetotheRightClick.rar.html

http://www.ziddu.com/download/2887829/DisabletheWindowsLogoKeys.rar.html

http://www.ziddu.com/download/2887830/DisableAutorun.rar.html

http://www.ziddu.com/download/2887831/DisableWallpaperBackgroundChanges.rar.html

http://www.ziddu.com/download/2887877/DiskCleanupAlltmp-CompressOldFilesFreezes.rar.html

http://www.ziddu.com/download/2887878/Disable_Autorun_XPHome.rar.html

http://www.ziddu.com/download/2887879/Disable_Autorun_XPProf.rar.html

http://www.ziddu.com/download/2887880/DiskCleanupAlltmp-CompressOldFilesFreezes-UNDO.rar.html

http://www.ziddu.com/download/2887881/Enable-DisableDesktopIcons.rar.html

http://www.ziddu.com/download/2887907/EnableorDisableScreenSaver.rar.html

http://www.ziddu.com/download/2887908/EnableorDisableCtrl-Alt-Delete.rar.html

http://www.ziddu.com/download/2887909/EnableRestorePropertise.rar.html

http://www.ziddu.com/download/2887910/EnableCDAutoPlayforXPPro.rar.html

http://www.ziddu.com/download/2887911/Enable-DisableDesktopIcons.rar.html

http://www.ziddu.com/download/2887936/Enable_exe.rar.html

http://www.ziddu.com/download/2887937/Enable_DragDrop.rar.html

http://www.ziddu.com/download/2887938/Enable_Fix-exe-XP.rar.html

http://www.ziddu.com/download/2887939/EnableWallpaperBackgroundChanges.rar.html

http://www.ziddu.com/download/2887940/Enable_Flash_IE.rar.html

http://www.ziddu.com/download/2887956/Enable_FolderandIconRefresh.rar.html

http://www.ziddu.com/download/2887957/Enable_Klik_kanan.rar.html

http://www.ziddu.com/download/2887958/Enable_FolderOptions.rar.html

http://www.ziddu.com/download/2887959/Enable_MenuWinlogin.rar.html

http://www.ziddu.com/download/2887960/Enable_MenuSearch.rar.html

http://www.ziddu.com/download/2887973/Enable_MyComputer.rar.html

http://www.ziddu.com/download/2887974/Enable_Registry.rar.html

http://www.ziddu.com/download/2887975/Enable_Scroll_Program.rar.html

http://www.ziddu.com/download/2887976/Enable_SaveMode.rar.html

http://www.ziddu.com/download/2887977/Enable_Regedit-4.rar.html

http://www.ziddu.com/download/2888040/Enable_StartMenu.rar.html

http://www.ziddu.com/download/2888041/Enable_Taskmanager.rar.html

http://www.ziddu.com/download/2888042/enable_TaskMgr.rar.html

http://www.ziddu.com/download/2888043/Enable_Search.rar.html

http://www.ziddu.com/download/2888044/Enable_Single_Click.rar.html

http://www.ziddu.com/download/2888094/EnableDisable_WellcomeScreen.rar.html

http://www.ziddu.com/download/2888095/EnableDisableShowHiddenFiles-Folders.rar.html

http://www.ziddu.com/download/2888096/EnableDisable-NetworkConnection.rar.html

http://www.ziddu.com/download/2888097/Enable_TaskMgr-5.rar.html

http://www.ziddu.com/download/2888098/Enable_USB_PortFix.rar.html

http://www.ziddu.com/download/2888136/EXElnkandregfileFixforWindowsXP.rar.html

http://www.ziddu.com/download/2888137/Icon_Fixed.rar.html

http://www.ziddu.com/download/2888138/menubandrestore.rar.html

http://www.ziddu.com/download/2888139/FixtheDingWavFile.rar.html

http://www.ziddu.com/download/2888140/EnhanceCMDQuickEditOptions.rar.html

http://www.ziddu.com/download/2888176/PictureandFaxDisable.rar.html

http://www.ziddu.com/download/2888177/RemoveFile-Edit-Viewdll.rar.html

http://www.ziddu.com/download/2888178/RemoveAccesstoallWindowsUpdateFeatures.rar.html

http://www.ziddu.com/download/2888179/PropertiesMissingFromMyComputer.rar.html

http://www.ziddu.com/download/2888180/Read-FindyourProductIDNumber.rar.html

http://www.ziddu.com/download/2888193/RestoreFastUserSwitching.rar.html

http://www.ziddu.com/download/2888194/RepairtheOfficeXPShortcutBarButtons.rar.html

http://www.ziddu.com/download/2888195/RestoreAdminTools.msc.rar.html

http://www.ziddu.com/download/2888196/Replace-RepairtheRecycleBininWindowsXP.rar.html

http://www.ziddu.com/download/2888197/ReplaceAMPMClockwithwordofChoice.rar.html

http://www.ziddu.com/download/2888215/RestoreMissingNewandTextDoc.rar.html

http://www.ziddu.com/download/2888216/SearchisMissingfromtheStartMenu.rar.html

http://www.ziddu.com/download/2888217/RestoreSaveRemoveHardware_Icon.rar.html

http://www.ziddu.com/download/2888218/screensaverenabledisable.rar.html

http://www.ziddu.com/download/2888219/ScreenSaver-EnableDisable.rar.html

http://www.ziddu.com/download/2888238/TaskBarUnLock.rar.html

http://www.ziddu.com/download/2888239/WinKeys_Enable-Disable.rar.html

http://www.ziddu.com/download/2888240/TaskBarLock.rar.html

http://www.ziddu.com/download/2888241/TabMissing.rar.html

http://www.ziddu.com/download/2888242/SearchisMissingfromtheStartMenu-TOREMOVE.rar.html

http://www.ziddu.com/download/2888252/xpinfo-exe.zip.html

http://www.ziddu.com/download/2888253/util_CreatescopiesofREGEDITMSCONFIGandTaskManager.rar.html

Defend Computer From Hacker and Virus

The arrival of broadband Internet access has opened a new playground for hackers. "There is no software available on the network that makes it easy for hackers to probe thousands of hosts and, if file sharing is turned on, they will find you and commitment," said X - Force director Chris Rouland here talking about how to protect your computer from hackers let go! Stop using Internet Explorer and Firefox to make the change, it is more secure, easy and simple. If you have the ability to change our IP address, update regularly. A team will get a new IP address automatically when themachine boots after a restart. Some DSL accounts of their capacity. If your computer has a fixed IP, minimizeopportunities by hackers to shut down the computer when not in use. There are a variety of affodable software and hardware firewall solutions available for home computers and small business networks or Get Spybot Search and Destroy and AdAware SE and update it immediately Check with the manufacturer of your operating system patches and security bulletins issues.Download and install the system patches that are available An important part of any security plan is the installation of an up to date anti-virus software like Norton, Trend Micro PC-cillin, NOD 32, McAfee and Avast a system to protect against viruses and trojan is effective only if horses.This updates are installed on a regular basis basis.the makers of these products offer the ability to download updates of virus signatures to call over the Internet shut down file-sharing software on your computer's operating system.Your service The Internet may be able to provide information on how to manufacture this.your operating system, which may also help. If your computer has been hacked and specifically that can never be 100% sure that your system is no longer in danger and that starts with 11, to back up personal files on the infected system and format and reinstall Windows.

Manual Registry Repair For Windows XP

To use the Regedits : Save the REG file on your hard drive. Double click it and answer yes to the import prompt. REG files can be viewed in Notepad by right-clicking on the file and selecting Edit.


To use the files VBS : Download. Vbs file and save it to your hard drive (you may want to do right click and use Save Target As). Double click the vbs file. You will be prompted when the script is done.


NOTE : If your anti-virus software that warns of a "malicious" script, this is normal if you have "security scripting" or similar enabled technology. These scripts are not malicious, but it does make changes to the system registry.

Disable or Enable Registry Editing Tools .reg

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"**.del.DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"**del.DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

Enable or Disable Screen Saver ( Save As To .vbs )

Dim WSHShell, RegKey, ScreenSaver, Result
Set WSHShell = CreateObject("WScript.Shell")
RegKey = "HKCU\Control Panel\Desktop\"
ScreenSaver = WSHShell ( Save As To .reg )Read (regkey & "ScreenSaveActive")
If ScreenSaver = 1 Then 'Screen Saver is Enabled
Result = MsgBox("Your screen saver is currently active." & _
vbNewLine & "Would you like to disable it?", 36)
If Result = 6 Then 'clicked yes
WSHShell ( Save As To .reg )Write regkey & "ScreenSaveActive", 0
End If
Else 'Screen Saver is Disabled
Result = MsgBox("Your screen saver is currently disabled." & _
vbNewLine & "Would you like to enable it?", 36)
If Result = 6 Then 'clicked yes
WSHShell ( Save As To .reg )Write regkey & "ScreenSaveActive", 1
End If
End If

Enable_DragDrop ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_EnableDragDrop"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoChangeStartMenu"=dword:00000000

Enable_Installer ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
"{098f2470-bae0-11cd-b579-08002b30bfeb}"

Enable_Fix-exe-XP ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Enable_Flash_IE ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"

Enable_Folder and Icon Refresh ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update]
"UpdateMode"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"NoNetCrawling"=dword:00000000

Enable_FolderOptions ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=dword:0000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=dword:0000000

Enable_Right_Click ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoViewContextMenu"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoViewContextMenu"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetTaskbar"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

Enable_Menu+Winlogin ( Save As To .inf )

[Version]
Signature="$Chicago$"
Provider=Vaksincom

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit,0, "C:\WINDOWS\system32\userinit.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoClose
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDesktop
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDrives
HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache,C:\WINDOWS\system32\winlogin.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
HKCU, Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKCU, Software\Microsoft\Windows\CurrentVersion\RunOnce, services
HKCU, Software\Microsoft\Windows\CurrentVersion\RunServices, services
HKCU, Software\Microsoft\Windows\CurrentVersion\RunServicesOnce, services
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, services
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoClose
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDesktop
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDrives
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDiskCpl
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp, Disabled
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion,Winlogon
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,ShowSuperHidden
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer,NoFind
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer,NoRun
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, services
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx, services
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, services
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce, services
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run, services
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, winlogon
HKU, S-1-5-21-1177238915-412668190-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunServices,services
HKU, S-1-5-21-1177238915-412668190-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,services
HKU, S-1-5-21-1177238915-412668190-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache,C:\WINDOWS\system32\winlogin.exe
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools

Enable_MenuSearch ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoShellSearchButton"=dword:00000000

Enable_MyComputer ( Save As To .vbs )

Message = "To work correctly, the script will close" & vbCR
Message = Message & "and restart the Windows Explorer shell." & vbCR
Message = Message & "This will not harm your system." & vbCR & vbCR
Message = Message & "Continue?"
X = MsgBox(Message, vbYesNo, "Notice")
If X = 6 Then
On Error Resume Next
Dim WSHShell, n, MyBox, p, t, errnum, vers
Dim itemtype
Dim enab, disab, jobfunc
Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
itemtype = "REG_DWORD"
enab = "ENABLED"
disab = "DISABLED"
jobfunc = "The My Computer icon is now "
t = "Confirmation"
Err.Clear
n = WSHShell ( Save As To .reg )Read (p)
errnum = Err.Number
if errnum <> 0 then
WSHShell ( Save As To .reg )Write p, 0, itemtype
End If
If n = 0 Then
n = 1
WSHShell ( Save As To .reg )Write p, n, itemtype
Mybox = MsgBox(jobfunc & disab & vbCR, 4096, t)
ElseIf n = 1 then
n = 0
WSHShell ( Save As To .reg )Write p, n, itemtype
Mybox = MsgBox(jobfunc & enab & vbCR, 4096, t)
End If
Set WshShell = Nothing
On Error GoTo 0
For Each Process in GetObject("winmgmts:"). _
ExecQuery ("select * from Win32_Process where name='explorer.exe'")
Process.terminate(0)
Next
MsgBox "Finished." & vbcr & vbcr , 4096, "Done"
Else
MsgBox "No changes were made to your system." & vbcr & vbcr, 4096, "User Cancelled"
End If

Enable_SaveMode ( Save As To .inf )

[Version]
Signature="$Chicago$"
Provider=Vaksincom

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys,,,FSFilter System Recovery
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmiot.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys,,,FSFilter System Recovery
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys,,,Driver
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys,,,Driver

Enable_Scroll_Program ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"Start_ScrollPrograms"=dword:00000001
"StartMenuScrollPrograms"="NO"

Enable_Search ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFind"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFind"=dword:00000000

Enable_StartMenu ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuMorePrograms"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_EnableDragDrop"=dword:00000001

Enable_TaskMgr-1 ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

Enable_TaskMgr-2 ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000

Enable_USB_PortFix ( Save As To .reg )

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\
00,52,00,2e,00,53,00,59,00,53,00,00,00
"DisplayName"="USB Mass Storage Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum]
"0"="USB\\Vid_116f&Pid_0005\\20031015193616796"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Enable+Disable Show Hidden Files-Folders ( Save As To .vbs )

Message = "To work correctly, the script will close" & vbCR
Message = Message & "and restart the Windows Explorer shell." & vbCR
Message = Message & "This will not harm your system." & vbCR & vbCR
Message = Message & "Continue?"
X = MsgBox(Message, vbYesNo, "Notice")
If X = 6 Then
On Error Resume Next
On Error Resume Next
Dim WSHShell, n, p, itemtype, MyBox
Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
itemtype = "REG_DWORD"
n = WSHShell ( Save As To .reg )Read (p)
errnum = Err.Number
if errnum <> 1 then
WSHShell ( Save As To .reg )Write p, 2, itemtype
End If
If n = 2 Then
WshShell ( Save As To .reg )Write p, 1, itemtype
MyBox = MsgBox("Show Hidden Files and Folders are now ENABLED", 64, "Hidden Files and Folders")
End If
If n = 1 Then
WshShell ( Save As To .reg )write p, 2, itemtype
MyBox = MsgBox("Show Hidden Files and Folders are now DISABLED", 64, "Hidden Files and Folders")
End If
Set WshShell = Nothing
On Error GoTo 0
For Each Process in GetObject("winmgmts:"). _
ExecQuery ("select * from Win32_Process where name='explorer.exe'")
Process.terminate(0)
Next
MsgBox "Finished." & vbcr & vbcr , 4096, "Done"
Else
MsgBox "No changes were made to your system." & vbcr & vbcr, 4096, "User Cancelled"
End If

Enable+Disable_WellcomeScreen ( Save As To .vbs )

Dim WSHShell, n, MyBox, p, p1, t, cn, Caption, itemtype, errnum
Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\Administrator"
itemtype = "REG_DWORD"
t= "Choose Accordingly"
On Error Resume Next
n = ws ( Save As To .reg )Read(p)
errnum = Err.Number
If errnum <> 0 then
n = 0
End If
Caption = "1 = Show Administrator on Destop, 0 = Don't Show Administrator on Desktop"
On Error Goto 0
cn = InputBox(Caption, t, n)
If cn <> "" Then
WSHShell ( Save As To .reg )Write p, cn, itemtype
End If
If cn <>"" Then
MyBox = MsgBox("You must Log Off/Log On for the changes to take effect.", vbOKOnly,"Done")
End If
VisitKelly's Korner
Sub VisitKelly's Korner
If MsgBox("This script came from the Tweaks Section of Kelly's Korner" & vbCRLF & vbCRLF & "Would you like to visit Kelly's Web Site now?", vbQuestion + vbYesNo + vbDefaultButton, "Visit Kelly's Korner") =6 Then
wshshell.Run "http://www.kellys-korner-xp.com/xp_tweaks.htm"
End If
End Sub

Easy To Remove Virus From PC

Identify the name of the virus. I usually use systeminternals the manager know the name of the virus. if they can not even access the software then tell me what the virus is doing with your PC then i will help you determine your name. Killing the running process of the virus on your PC ... For example, if the virus is running under iph.exe process then kill the task. Remove the virus back up your hard drive to WipEout potential future threats. Redesign of the previous damage done by the virus as mission-manager with disabilities, autoruns virus, and so on.
First open the notebook, then type the following, as I have done everything possible to kill the virus process running in the background.

@ECHO OFF
TASKKILL /F /IM "RUNDLL32.EXE"
TASKKILL /F /IM "DRWTSN32.EXE"
TASKKILL /F /IM "RAVMON.EXE"
TASKKILL /F /IM "NEW FOLDER.EXE"
TASKKILL /F /IM "NEWFOLDER.EXE"
TASKKILL /F /IM "WINFILE.EXE"
TASKKILL /F /IM "SCVSHOSTS.EXE"
TASKKILL /F /IM "SCVVHSOT.EXE"
TASKKILL /F /IM "SSCVIHOST.EXE"
TASKKILL /F /IM "SVCHSOT.EXE"
TASKKILL /F /IM "SCVHOSTS.EXE"
TASKKILL /F /IM "SXS.EXE"
TASKKILL /F /IM "BLASTCLNNN.EXE"
TASKKILL /F /IM "SCCVIHOST.EXE"
TASKKILL /F /IM "FUN.EXE"
TASKKILL /F /IM "RMHOST.EXE"
TASKKILL /F /IM WSCRIPT.EXE
TASKKILL /F /IM IMAPD.EXE
TASKKILL /F /IM DXDLG.EXE

Remove possible virus backups from the hard disk. Here is the piece of code that I used.

DEL "%WINDIR%\RAVMON.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\NEW FOLDER.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\NEWFOLDER.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\WINFILE.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCVSHOSTS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCVVHSOT.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SSCVIHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SSCVIHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCVHOSTS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SVCHSOT.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SXS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\RUN.WSH" /F /Q /S /A H R S A
DEL "%WINDIR%\KERNEL32.SYS" /F /Q /S /A H R S A
DEL "%WINDIR%\XMSS.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\BLASTCLNNN.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SCCVIHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\KINZA.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\FUN.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\ISETUP.VBS" /F /Q /S /A H R S A
DEL "%WINDIR%\RMHOST.EXE" /F /Q /S /A H R S A
DEL "%WINDIR%\SYS.VBS" /F /Q /S /A H R S A
DEL "%WINDIR%\BOOT.VBS" /F /Q /S /A H R S A
DEL "%WINDIR%\SOVITTAMRAKAR.EXE" /F /Q /S /A H R S A

Now we're going to repair the row that the virus had damaged.

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0

Remove Antivirus 2009

Antivirus 2009 is a new rogue anti-spyware program. It is also a clone of Antivirus 2008 - also a rogue, and that one of the clones produced more than any other recently. The list of these clones is long: System Antivirus 2008 Antivirus end of 2008, Vista Antivirus 2008, XP Antivirus 2008 etc. Like any of his predecessors, Trojans Antivirus2009 uses, such as Zlob or Vundo, to the spread. These Trojans lurking in the porn / warez sites disguised as video codecs and, upon entering the system, flooding the user with pop-ups and false notification system, presumably to inform him of an infection. While the system at hand can be infected, Antivirus 2009 to inform the user of this regardless of whether it is true or not. The point of this disinformation is to convince the user who is infected and therefore need an antispyware program to dispose of the threat. The user can click on one of the pop-ups or notifications, all of which assert that it will lead to a legitimate security tool, but try to buy him Antivirus2009 the "authorized version" instead. Antivirus2009 can redirect browser to anti-prima-scan.com, webscannertools.com, googlescanners-360.com, livesecurityinfo.com, antivirusonlivescan.com, bestantivirusscan.com, anti-best.com, internetquarantinesite.com, and premiumlivescan.com secureclick1.com Web sites that sell malware. Some of these website are not only fraudulent, but are also malicious. are able to install new malware. Antivirus 2009 is a scam and should be treated as such: Do not download or buy and block Web sites is through your HOSTS file. Download Remove For Antivirus 2009 or here.

Kill processes :

av2009.exe
av2009[1].exe
AV2009Install.exe
Antivirus2009.exe

Delete registry values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run\15358943642955870504508370025739
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”
HKEY_CURRENT_USER\Software\Antivirus

Delete files :

av2009.exe
av2009install.exe
av2009install_0011.exe
av2009[1].exe
Antivirus2009.exe
ieupdates.exe
scui.cpl
%program_files%\\antivirus
2009\\av2009.exe
%startmenu%\\antivirus
2009\\antivirus
2009.lnk
%startmenu%\\antivirus
2009\\uninstall
antivirus
2009.lnk
winsrc.dll
%desktopdirectory%\\antivirus
2009.lnk
winsrc.dll
ieupdates.exe
av2009install_0011.exe
av2009install.exe
%program_files%\\antivirus
2009\\av2009.exe

Try Antivirus Alternative From Microsoft Windows OneCare Live

Microsoft will soon join the ranks of companies that offer all-in-one security protection to consumers. We take a look at the public beta of Windows OneCare Live, a new subscription-based PC protection package. It is one of several Internet-based services that are available for download from the Windows Live Ideas page.

OneCare Live is a collection of security tools and utilities that you can manage in a single interface. The components of security that currently consists of a firewall and antivirus software, Microsoft hopes to add an antispyware application in the context of a beta version. Other utilities in the package includes a backup application and an adjustment of up to automate routine tasks such as defragmenting disks and disk cleanup.

Like most antivirus tools, OneCare Live lets you scan on demand or on a schedule, set the files and folders you want scanned, and exclude files from the scanning process. Currently, there is no incoming or outgoing e-mail scanning, and scans instant messaging traffic only from MSN Messenger, the company said, however, that plans to incorporate e-mail scanning and consider other IM clients scan later. A layer of behavior-based protection monitors file suspicious activity, such as modifying the registry keys. Our first scan took an acceptable 15-plus minutes.

OneCare's firewall, which monitors both incoming and outgoing network traffic, is a beef version of the Windows Firewall, which tracks only incoming traffic. After the first use OneCare question about the business of software that is not recognized as a software update from Apple and Lotus Notes network activity. For the most part, was kept out of our way as we have with security updates.

The installation was easy, despite the fact that we are forced to use Internet Explorer 6. (Check security updates requires the use of Internet Explorer 5 or later.) A web-based wizard assessed our system to see if they meet the minimum requirements, and to identify potential conflicts of software before you can install OneCare . Microsoft says that OneCare will make sure that you do not have antivirus software is running into conflict during the installation, but it does not recognize the client version of Symantec Norton AntiVirus Corporate Edition installed on our PC. However, a reader comment today on our blog @ PC World, reported that he did for rapid detection and elimination of the desktop version of Norton AntiVirus.

Microsoft has not set a price for the package, but a Buy Now button indicates that OneCare will not be free forever.

Tips Khusus Cara Mengidentifikasi Suatu Virus Dengan PEID

1. Installer program palsu (biasanya berbentuk *.exe atau *.com)

Yang pertama harus kita lakukan adalah mengunduh Software PeiD di www.peid.has.it

PEiD merupakan sebuah alat untuk mengidentifikasi sebuah file .exe berformat PE.

Mari kita lihat lebih dalam pada PEiD.

Ternyata file tersebut merupakan .exe yang dibuat dan dipaket dengan "petite". Sebagai informasi saja, kita jarang sekali melihat installer dipaket dengan format "petite".

Berikut contoh lainnya :

Installer pada umumnya dibuat dengan :

- RAR SFX (RAR self extractor)

- WinZIP SFX (WinZIP self extractor)

- Installshield

- Inno Setup

- Nullsoft Scriptable Install System (Nullsoft PiMP SFX)

- Wise Installer

- Windows SFX installer

- GP-Install

Tips Sederhana Pencegahan Awal Virus Autoinfect Tanpa Anti Virus

Langkah-langkahnya simpelnya sebagai berikut :


- Pada folder c:\windows dan c:\windows\system32 untuk semua file yang ber-ekstensi *.exe dan *.com bisa di "Read Only", yang bertujuan agar tidak dapat diediting/dirubah oleh virus.

- My Computer Klik kanan --> Propertise --> System Restore --> Centang : Turn Of System Restore On All Drives

- Disable Autorun

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer --> NoDriveTypeAutoRun ( ganti dengan FF )

- Disable Autorun/Autoplay melalui Group Policy [GPEDIT.MCS], caranya:

Klik menu + Start

Klik Run

Ketik : GPEDIT.MSC

Setelah muncul layar “Group Policy” klik folder “System” pada menu “User Configuration” dan “Computer Configuration”

Pada kolom Settings, klik dua kali “Turn off Autoplay”

Setelah muncul layar “Turn off Autoplay” properties, klik tabulasi [Settings] dan pilih opsi “Enable” pada menu “Turn off Autoplay” kemudian Pilih “All Drive” pada kolom “Turn off Autoplay on”

- Bisa menggunakan Register Monitoring, untuk mengontrol setiap saat perubahan pada register yang dikehendaki maupun tidak ( seperti : scotty dll )

Ini sudah saya coba di komputer pribadi saya dan hasilnya virus memang masuk ke komputer kita tapi dengan nama virus aslinya dan tapi tidak akan pernah merubah dan meng-cloning system windows. Tapi dan alangkah bijak, aman dan nyamannya apabila kita tetap menggunakan antivirus yang sudah beredar luas serta selalu rajin meng-updatenya.

nb : Mungkin ada tambahan dari teman-teman yang lebih simpel.

Instructions How To Removal Antivirus XP 2008 ( Win XP - Win Vista Antivirus XP 2008 )

Antivirus 2008 XP or Vista Antivirus 2008 or XP Antivirus 2008, is one of the most counterfeited antispyware which has devastated the World Wide Web. XP Antivirus 2008 usually comes after you install a video codec or software patches that come with Trojan, malware and viruses. All these variants are of the same family of viruses that are created to make our lives miserable. In short, XP Antivirus 2008 usually generates false and misleading system error messages pop to end-users are duped into buying XP Antivirus 2008 Antivirus 2008 or Vista Antivirus 2008. It is very important to remove all the components of the XP Antivirus 2008 and all malware and Trojans that may have come with the package (as zlob.trojan, trojan.vundo and Trojan.Downloader). To effectively remove XP Antivirus 2008, we created a manual removal instructions that is easy to understand. As always, make sure you back up your data before continuing.

Image 1 : Antivirus XP 2008



Image 2 : Antivirus 2008



Image 3 : Vista Antivirus 2008

Instructions Manual How To Removal Antivirus XP 2008 :

Unregister XP Antivirus 2008 DLL Files:

%ProgramFiles%\[RANDOM NAME]\MFC71.dll

%ProgramFiles%\[RANDOM NAME]\MFC71ENU.DLL

%ProgramFiles%\[RANDOM NAME]\msvcp71.dll

%ProgramFiles%\[RANDOM NAME]\msvcr71.dll

%ProgramFiles%\[RANDOM NAME]\shlwapi.dll

%ProgramFiles%\[RANDOM NAME]\wininet.dll

For Windows XP

Sometimes we have to register a dll to solve a problem in Windows XP or Vista. Here's how :

1. Start > Run > CMD



2. Type “regsvr32 /u filename.dll”. Please keep in mind that this is changing and the system can be very risky. It is always advisable to maintain a system backup on hand in case things go wrong.




For Windows Vista

Windows Vista has not been run on the Start menu by default, but you can easily access it by pressing "Windows" + "R" keys simultaneously.



You can also customize the Start menu :

1. Right-click on the taskbar, and then selecting "Properties".

2. Click "Start Menu" tab, then click Customize. "

3. Check "Run command."

Stop XP Antivirus 2008 Processes:

vav.exe

XPAntivirus.exe

XPAntivirusUpdate.exe

xpa.exe

xpa2008.exe

braviax.exe

1. Press “Alt+Ctrl+Delete“, then click on “Task Manager“. You can also launch the Task Manager instantly if you press Ctrl + Shift + ESC simultaneously. This is much easier than accessing it from Ctrl + Alt + Delete or the taskbar. It works for both Windows XP or Windows Vista.

2. Select the process that you want to stop, then click on “End Process“.

It is advised not to stop a system. Stopping a system process may make the computer crashes or freezes.

Find and Delete these XP Antivirus 2008:

xpa.exe

vav.exe

xpa2008.exe

xpa_2008.exe

XPAntivirus.exe

braviax.exe

XPAntivirusUpdate.exe

XPAntivirus.lnk

Uninstall XPAntivirus.lnk

XPAntivirus on the Web.lnk

XP Antivirus 2008.lnk

Uninstall XP Antivirus 2008.lnk

%ProgramFiles%\[RANDOM NAME]\MFC71.dll

%ProgramFiles%\[RANDOM NAME]\MFC71ENU.DLL

%ProgramFiles%\[RANDOM NAME]\msvcp71.dll

%ProgramFiles%\[RANDOM NAME]\msvcr71.dll

%ProgramFiles%\[RANDOM NAME]\shlwapi.dll

%ProgramFiles%\[RANDOM NAME]\wininet.dll

%program_files%\rhc7nsj0e57c\mfc71.dll

%program_files%\rhc7nsj0e57c\mfc71enu.dll

%program_files%\rhc7nsj0e57c\msvcp71.dll

antivirusxp2008installer.exe

rhc7nsj0e57c.exe

%common_desktopdirectory%\antivirus xp 2008.lnk

%common_programs%\antivirus xp 2008.lnk

%common_programs%\antivirus xp 2008\antivirus xp 2008.lnk

%common_programs%\antivirus xp 2008\how to register antivirus xp 2008.lnk

%common_programs%\antivirus xp 2008\license agreement.lnk

%common_programs%\antivirus xp 2008\register antivirus xp 2008.lnk

%common_programs%\antivirus xp 2008\uninstall.lnk

%profile%\application data\microsoft\internet explorer\quick launch\antivirus xp
2008.lnk

%program_files%\rhc7nsj0e57c\database.dat

%program_files%\rhc7nsj0e57c\license.txt

%program_files%\rhc7nsj0e57c\uninstall.exe

%program_files%\rhc7nsj0e57c\msvcr71.dll

%program_files%\rhc7nsj0e57c\rhc7nsj0e57c.exe

%program_files%\rhc7nsj0e57c\rhc7nsj0e57c.exe.local

antivirusxp2008installer.exe

%program_files%\rhc7nsj0e57c\uninstall.exe

%program_files%\rhc7nsj0e57c\rhc7nsj0e57c.exe

%program_files%\rhc7nsj0e57c\mfc71.dll

%program_files%\rhc7nsj0e57c\msvcr71.dll

%program_files%\rhc7nsj0e57c\msvcp71.dll

%program_files%\rhc7nsj0e57c\mfc71enu.dll

1. From Start –> Search, then click on “For Files and Folders…“

2. From “What do you want to search for?” list on the left, click on “All files and folders”

Remove XP Antivirus 2008 Registry Values:

HKEY_USERS\Software\XP antivirus

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run smrhc7nsj0e57c

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c
displayname

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rhc7nsj0e57c
uninstallstring

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c advid

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c automaticallyupdates

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c backgroundscan

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c backgroundscantimeout

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c databaseversion

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c daysinterval

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c domain

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c engineversion

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c guiversion

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c installdir

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c minimizeonstart

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c programversion

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c proxyname

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c proxyport

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c registrationdiscurl

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run smrhc7nsj0e57c

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c registrationurl

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c scandepth

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c scanpriority

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c scansystemonstartup

HKEY_LOCAL_MACHINE\software\rhc7nsj0e57c softid

For Windows XP :

1. In Windows XP, from Start, and then click on Run.

2. Type “regedit“, then click on OK.



3. Open registry editor



4. You can easily navigate through the subkey if you know what you're looking for. Or, you can press "Ctrl + F" to locate the subkey that contains the value that you want to edit. (F3 to Find Next)




For Windows Vista :

1. From Start, then type “regedit“.



2. Click on “regedit” on the search result to open the registry editor in Windows Vista.

3. Step 3 & 4 are the same as Windows XP (see above).

Careful With New Virus Affecting rundll32.exe

I discovered a new virus unpleasant today it took me a while to get rid of, Here is details. rundll32.exe (not a virus) * affected byjdpxgo.dll <- launches (VIRUS) boot name * Name: BMe30d5070 Route: rundll32.exe; "C:\WINDOWS\system32\byjdpxgo.dll",s ; Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run Once deleted it re names its self


Name: e03e63ec

Path: rundll32.exe "C:\WINDOWS\system32\lrlrvovu.dll",b

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run


This was a nasty virus and How to remove?

Please be careful!

Get a Live CD ... (not boot to windows) remove the DLL's infection eliminate rundll32.exe to restart the Windows system.


Changes services and startup items Deactivate these services:


TCP / IP

telephony

Windows Installer (not sure if that is all disables) * I had a backup of my registration * restore


It allows these services : messenger (the service is annoying ... LOT OF SPAM!)

How To Get Back Missing Search Option At Your System Windows XP

This is a common tactic of today's malware to disable certain functions of Windows utility that can help get rid of these malicious programs. Some of the functions that are normally the disabled are the Task Manager, Registry Editor, Folder Options, show hidden files and folders, Run dialog from the Start menu and the search function of Windows. Today a friend of mine asked me to their search option was missing its Windows. I did a little research and discovered that usually takes care of malware to disable the search function. Here are some ways to get back the search option missing in Windows XP.


Using the Group Policy Editor :


1. Go to Start –> Run –> gpedit.msc

2. The group policy editor will open. Now go to the following key : User Configuration –> Administrative templates –> Start Menu and Task Bar. In the right hand pane, select “Remove Search menu from Start menu”

Most probably it will be set to enabled. Just disable it once, click Apply and then select “Not Configured” and again click Apply.


Usually the Search function is enabled instantaneously. If it is not enabled, go to Start –> Run –> cmd and issue the following command : C:\>gpupdate /force

This will force the settings to be applied instantaneously.



Using the command REG

Sometimes it is better to add record through command line rather than go through all the manual processes to open the Registry Editor, find the right key and change it. Therefore, I am giving the solution of command line to allow the search function of Windows. To enable the search function, simply go to Start -> Run and copy and paste the following command and press OK to continue.


Using commands automated registration

If you are unsure of all the above, I created this script that will allow the search function automatically without user intervention. Copy the script below and save as
repair.reg

When you run this program asks whether you want to add registration information. Please click Yes.

Save as below this script --> Repair.reg :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFind"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFind"=dword:00000000

How To Show Hidden Files and Folders For Windows XP

A few days ago, a client came to me and told me he had problems with its Windows XP. The show hidden files and folders did not work at all. If you select the button "Show hidden files and folders", then press Ok .. changes just disappear when opening the dialog box again. It is likely that some virus attack after the Windows registry is not updated correctly. So here's what I did to restore again. There are many methods to restore the record again. If one method does not work, please try another.


Method 1 :

a. Start

b. Run

c. Type --> Regedit

d. Fine this key --> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced


In the right hand area, double click hidden and change the value to 1. Now you’re all set to go. Check it in your tools menu if the changes have taken effect.


Method 2 :

a. Start

b. Run

c. Type --> Regedit

d. Fine this key :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

e. Look at the “CheckedValue” key. This should be a DWORD key. If it isn’t, delete the key.

f. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.

g. The “Show hidden files & folders” check box should now work normally.


Or download this --> Smart Virus Remover ( 589 Kb )

Registry Editing Has Been Disabled by Your Administrator ( Windows XP )

1. Repair From Group Policy Editor

a. Go to Run -> gpedit.msc

b. On the left, go to User Configuration -> Administrative Templates -> System.

c. Now in the right pane, select "prevent access to the registry editing tools." It is likely that not configured or authorized. If activated, disable it and if it is not configured, first as you can, apply the settings and then turn it off. More likely, adjustments have been implemented immediately. If not, then run in GPUpdate commands to implement the policy group.

2. Repair by Run Menu
I received this pinch while surfing the internet. Go to Start -> Run, copy and paste the track in the Run box and press OK

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Enabling Task Manager Windows XP

For Enabling Task Manager from Group Policy Editor :

1. Go to “Start” -> “Run” -> Write “Gpedit.msc” and press on “Enter” button.

2. Navigate to “User Configuration” -> “Administrative Templates” -> “System” -> “Ctrl+Alt+Del Options”

3. In the right side of the screen verity that “Remove Task Manager”" option set to “Disable” or “Not Configured”.

4. Close “Gpedit.msc” MMC.

5. Go to “Start” -> “Run” -> Write “gpupdate /force” and press on “Enter” button.

For Enabling Task Manager from Registry Editor :

1. Go to “Start” -> “Run” -> Write “regedit” and press on “Enter” button.

Warning: Modify your registry can cause serious problems that may require you to reinstall your operating system. Always backup your files before doing this registry hack.

2. Navigate to the following registry keys and verity that following settings set to default : ( save as enable_task.reg )

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

“DisableTaskMgr”=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]

“DisableTaskMgr”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]

“DisableTaskMgr”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

“DisableCAD”=dword:00000000

3. Reboot the computer.


For your convenience, I have created a registry file. Just download, double click it and add the info to your registry. The task manager will be enabled.

Clean and Removing Worm W32.SillyFDC ( Pendekar Blank )Virus

Here is manual tutorial for cleaning and removing " Pendekar Blank Virus " :
1. You must have PROCEXP and run, can be downloaded http://www.sysinternals.com/
2. Right click and choose suspend@blank.doc, empty.jpg, hole.zip, unoccupied.reg, zero.txt
3. Next go to control --> Folder Options, View tab election and advanced settings : option Show hidden files and folders, Uncheck Hide extensions for known file types, Uncheck Hide protected operating system files (Recommended)

W32.SillyFDC [Symantec] is also known as Threat Alias :

W32/Zaflen.a [McAfee]
Worm.VB.FKF [PC Tools]
Worm.Win32.VB.gr [Kaspersky Lab]
Worm.Win32.VB.ck [Kaspersky Lab]
W32/YahLover.worm [McAfee]
WORM_SOHANAD.FI [Trend Micro]
W32/Autorun.worm.h [McAfee]
Generic!atr [McAfee]
VBS_AUTORUN.DMS [Trend Micro]
PE_FLUENZA.ART-O [Trend Micro]
Virus.Win32.AutoRun.as [Kaspersky Lab]
Generic Packed [McAfee]
WORM_SILLY.DQ [Trend Micro]
PE_ABI.A [Trend Micro]
Worm.Win32.VB.fi [Kaspersky Lab]
Worm.VB.GUE [PC Tools]
Generic.dx [McAfee]
Generic VB.b [McAfee]
WORM_ABI.B [Trend Micro]
W32.SillyDC [Symantec]
Worm.VB.FMU [PC Tools]
IM-Worm.Win32.VB.gd [Kaspersky Lab]
Trojan.Hider.G [PC Tools]
Trojan.Win32.VB.atg [Kaspersky Lab]
Worm.Delf!sd5 [PC Tools]
TROJ_AGENT.SAO [Trend Micro]
Worm.VB.FWG [PC Tools]
Worm.Win32.Delf.aj [Kaspersky Lab]
WORM_VB.EIQ [Trend Micro]
Win32.Drowor.Gen [PC Tools]
New Malware.n [McAfee]
WORM_IMAUT.AA [Trend Micro]
Worm.Win32.Agent.ay [Kaspersky Lab]
W32/Dorcrag.worm [McAfee]
W32/Virut.gen [McAfee]
Worm.AutoIt.DQ [PC Tools]
W32/Autorun.worm.cs [McAfee]
Trojan.Win32.Hider.i [Kaspersky Lab]
Trojan-Downloader.Win32.VB.bbl [Kaspersky Lab]
Worm.VB.GIO [PC Tools]
W32/Autorun.worm.f [McAfee]
WORM_VB.CIU [Trend Micro]
WORM_SILLYDC.AL [Trend Micro]
Trojan.VB.ZBW [PC Tools]
Downloader.gen.a [McAfee]
Virus.Win32.VB.bg [Kaspersky Lab]
Hider [McAfee]
W32/Autorun.worm.n [McAfee]
WORM_VB.FKO [Trend Micro]
Worm.Win32.VB.el [Kaspersky Lab]
W32/Autorun.worm.i.gen [McAfee]
Mal_Otorun5 [Trend Micro]
Worm.AutoIt.S [PC Tools]
Worm.AutoRun.PX [PC Tools]
W32/Autorun.worm.u [McAfee]
WORM_VB.CII [Trend Micro]
Worm.Win32.Delf.ca [Kaspersky Lab]
Trojan.VB.EPP [PC Tools]
Worm.AutoRun.AO [PC Tools]
Trojan.DL.Agent.VRX [PC Tools]
W32/Autorun.worm.ch [McAfee]
W32/Generic!worm [McAfee]
Worm.Win32.AutoIt.i [Kaspersky Lab]
WORM_SILLY.EP [Trend Micro]
Virus.Win32.VB.eg [Kaspersky Lab]
W32/Autorun.worm.b [McAfee]
W32/Hooon.worm [McAfee]
Worm.AutoRun.AIP [PC Tools]
Worm.Win32.AutoRun.cwe [Kaspersky Lab]
TROJ_HIDER.I [Trend Micro]
Worm.AutoIT.V [PC Tools]
PE_VIRUT.XL [Trend Micro]
W32/Autorun.worm.g [McAfee]
W32/USBAgent [McAfee]
Trojan.QQPass.Gen [PC Tools]
W32/Cekar [McAfee]
PE_VIRUT.GEN-2 [Trend Micro]
WORM_AUTORUN.BUK [Trend Micro]
Virus.Win32.Virut.q [Kaspersky Lab]
PE_DROWOR.A [Trend Micro]
Virus.Win32.AutoRun.cb [Kaspersky Lab]
Worm.VB!sd5 [PC Tools]
W32/Autorun.worm.j [McAfee]
Worm.VB.EDCS [PC Tools]
WORM_AGENT.ACCD [Trend Micro]
WORM_VB.ERF [Trend Micro]
Backdoor.VB.ESE [PC Tools]
Trojan.Win32.VB.ayo [Kaspersky Lab]
Virus.Win32.AutoRun.aik [Kaspersky Lab]
W32/Autorun.worm.bl [McAfee]
Virus.Win32.AutoRun.abt [Kaspersky Lab]
Worm.Hamweg.Gen [PC Tools]
WORM_BRONTOK.BW [Trend Micro]
WORM_VB.GAY [Trend Micro]
JS.Chir.B [PC Tools]
TROJ_AGENT.ANAR [Trend Micro]
Trojan.QQPass.Gen.4 [PC Tools]
Trojan.QQPass.Gen.7 [PC Tools]
Trojan-Downloader.Win32.AutoIt.x [Kaspersky Lab]
Virus.Win32.AutoRun.gp [Kaspersky Lab]

W32.SillyFDC [Symantec] is known to be created as :

%AllUsersProfile%\desktop.exe
%AllUsersProfile%\documents.exe
%AllUsersProfile%\drm.exe
%AllUsersProfile%\favorites.exe
%AllUsersProfile%\fotitoella.exe
%AllUsersProfile%\templates.exe
%AppData%\cftmon.exe
%AppData%\flexiblesoft\spirit.exe
%AppData%\microsoft\cd burning\auto.exe
%AppData%\microsoft\cd burning\coolworld.exe
%AppData%\microsoft\cd burning\protector.exe
%AppData%\rocket.exe
%AppData%\spool.exe
%AppData%\spooll.exe
%AppData%\waultc.exe
%AppData%\waults.exe
%CommonAppData%\microsoft.exe
%CommonAppData%\microsoft\crypto.exe
%CommonAppData%\microsoft\crypto\dss.exe
%CommonAppData%\microsoft\crypto\dss\fondo1024x768.exe
%CommonAppData%\microsoft\crypto\dss\machinekeys.exe
%CommonAppData%\microsoft\crypto\dss\machinekeys\img00002.exe
%CommonAppData%\microsoft\crypto\fotocote.exe
%CommonAppData%\microsoft\crypto\rsa.exe
%CommonAppData%\microsoft\crypto\rsa\machinekeys.exe
%CommonAppData%\microsoft\crypto\rsa\mariajose.exe
%CommonAppData%\microsoft\crypto\rsa\s-1-5-18.exe
%CommonAppData%\microsoft\ctfmon.exe
%CommonAppData%\microsoft\fotocote.exe
%CommonAppData%\microsoft\media index\fotomj.exe
%CommonAppData%\microsoft\media player\fondo1024x768.exe
%CommonAppData%\microsoft\network.exe
%CommonAppData%\microsoft\network\connections.exe
%CommonAppData%\microsoft\network\connections\cm.exe
%CommonAppData%\microsoft\network\connections\cm\fotomj.exe
%CommonAppData%\microsoft\network\connections\img000152.exe
%CommonAppData%\microsoft\network\connections\pbk.exe
%CommonAppData%\microsoft\network\scs000132.exe
%CommonAppData%\microsoft\spirit.exe
%CommonAppData%\microsoft\user account pictures\bro_act.exe
%CommonAppData%\microsoft\user account pictures\yoppp_playa.exe
%CommonAppData%\vb.net.exe
%CommonAppData%\vmware.exe
%CommonAppData%\vmware\fotitoella.exe
%CommonAppData%\vmware\vmware tools\fondo1024x768.exe
%CommonDesktopDir%\desktop.exe
%CommonDesktopDir%\files.exe
%CommonDesktopDir%\foto_ella_bikini.exe
%CommonDesktopDir%\newfolder.exe
%CommonDesktopDir%\notepad.exe
%CommonDocuments%\bro_act.exe
%CommonDocuments%\my music\accounting.exe
%CommonDocuments%\my music\bro_act.exe
%CommonDocuments%\my music\fotowena.exe
%CommonDocuments%\my music\my playlists\fotocote.exe
%CommonDocuments%\my music\sample music\bro_act.exe
%CommonDocuments%\my music\sample music\lastscan.exe
%CommonDocuments%\my music\sample playlists\00090beb.exe
%CommonDocuments%\my music\sample playlists\lastscan.exe
%CommonDocuments%\my pictures\bro_act.exe
%CommonDocuments%\my pictures\sample pictures\bro_act.exe
%CommonDocuments%\my pictures\sample pictures\fotitoella_10.exe
%CommonDocuments%\my videos\bro_act.exe
%CommonDocuments%\my videos\fotitoella_10.exe
%CommonFavorites%\img000152.exe
%CommonPrograms%\accessories.exe
%CommonPrograms%\accessories\accessibility.exe
%CommonPrograms%\accessories\accessibility\img000152.exe
%CommonPrograms%\accessories\communications.exe
%CommonPrograms%\accessories\entertainment.exe
%CommonPrograms%\accessories\entertainment\fotitoella.exe
%CommonPrograms%\accessories\system tools\foto_respaldo1.exe
%CommonPrograms%\administrative tools\img000152.exe
%CommonPrograms%\fotobikini.exe
%CommonPrograms%\programs.exe
%CommonPrograms%\startup.exe
%CommonPrograms%\startup\avp.exe
%CommonPrograms%\startup\bro_act.exe
%CommonPrograms%\startup\folderwiz.com
%CommonPrograms%\startup\lsass.exe
%CommonPrograms%\startup\msconfig.exe
%CommonPrograms%\startup\osa.exe
%CommonPrograms%\startup\plus.exe
%CommonPrograms%\startup\setup.exe
%CommonPrograms%\startup\startup.exe
%CommonPrograms%\startup\svchots.exe
%CommonPrograms%\startup\systemil2.exe
%CommonPrograms%\startup\tati.exe
%CommonPrograms%\startup\winlogon.exe
%CommonPrograms%\startup\winsys2.exe
%CommonStartMenu%\programs.exe
%CommonStartMenu%\yoppp_playa.exe
%CommonTemplates%\img00002.exe
%CommonTemplates%\spss.exe
%DesktopDir%\desktop.exe
%DownloadedProgramFiles%\svchost.exe
%Favorites%\links.exe
%FontsDir%\fonts.exe
%FontsDir%\nwlnkfwd.exe
%FontsDir%\nwlnkipx.exe

4. Search and delete file contain of the virus :

c:\aut0exec.bat
c:\windows\system32\dllcache\Regedit32.com
c:\windows\system32\dllcache\Shell32.com
c:\windows\system32\dllcache\rund1132.exe
c:\windows\system32\dllchache.exe
c:\windows\system32\M5VBVM60.exe
c:\(Read Me)Pendekar Blank.txt
c:\windows\system32\dllchache\blank.doc
c:\windows\system32\dllchache\empty.jpg
c:\windows\system32\dllchache\hole.zip
c:\windows\system32\dllchache\msvbvm60.dll
c:\windows\system32\dllchache\unoccupied.reg
c:\windows\system32\dllchache\zero.txt
c:\windows\system32.exe

5. Clean and Repair registry

Delete HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Secure32
Delete HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Secure64
Delete HKEY_LOCALMACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Blank Antiviri
CHANGE & MODIFY @ HKCR, comfile\shell\open\command,,,”””%1″” %*”
CHANGE & MODIFY @ HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
CHANGE & MODIFY @ HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
CHANGE & MODIFY @ HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit,0, “C:\Windows\system32\userinit.exe,”
CHANGE & MODIFY @ HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0×00010001,1
CHANGE & MODIFY @ HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit.,0, “userinit.exe”

6. Than Restart yout computer

How to Remove and Fixed Dangerous Trojan Horse

I recently set a machine that was infected by a virus that works like this : Each time you click on a directory, an error message is displayed that goes like this : BQ. Attention, [name]! Some dangerous Trojans detected in his system. Microsoft Windows XP corrupted files. This can lead to the destruction of important files in C: \ WINDOWS. Download the software protection now!


This error message is followed by a dialog. Clicking on it takes you to the website http://free-viruscan.com/id/4912933/4/1/ (warning: The site is a fake intended to deceive the visitor into downloading and executing a program that create more virii. Do not interact with it).

Normally leads me 5 minutes to find a kill a virus, but today I am stumped. The manner in which the virus was operated unusual. Do not load any memory-resident programs. There are loaded at boot. It does not run a service.


Finally convinced that this was beyond my own power, I downloaded and ran
HijackThis. Still nothing. Now things were getting really interesting. I did not want to resort to the use of a virus. That would be too easy. He wanted to know what exactly does the virus and how.


After what seemed hours of research that eventually came to the FixIEDef program developed by ShadowPuterDude of Malwareteks. Ran was bye bye virus. The records showed the following entries :

Files that have been deleted!!!

C:\WINDOWS\system32\dadef.dll

C:\WINDOWS\system32\dapol.dll

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\tmp.txt

Registry entries that have been removed!!!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind “comment”

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FF811E6-8925-4084-A649-C159955E67E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “KernelFaultCheck”

I would like to know more about how it worked, but I suppose that should be happy and satisfied for the moment that the virus se ha ido.


Addendum : It seems that a new strain of this "Trojan horses dangerous virus comes out almost every week, if running the program does not solve the problem, or if you have any support requests, please visit the official website at http://www.malwareteks.com/

How To Manual Remover Worm Virus With REPAIR.INF and REPAIR.VBS

This is my collection about how to manual remover virus with repair.inf or repair.vbs. Just copy and save in your computer, than right click files to the execution. But before execution that repair.inf or repair.vbs, you must know what is files execute needed to repair virus on your system windows xp.

This is my collection repair.inf or repair.vbs to remove manual virus :

Just Free Share Trial 30 Days

● To Active Your Right Click

● Remove Virus Amburadul

● Remove Virus Amora

● Remove Virus Sohadah_AH

● Remove Virus Anti Pacaran

● Remove Virus Bandot

● Remove Virus Bangle js

● Remove Virus Banten

● Remove Virus Blue Fantasi W32/VBWorm.MYE

● Remove Virus Brontok 2007

● Remove Virus Dago

● Remove Virus Face cool W32/FaceCool

● Remove Virus Flue Burung

● Remove Virus Grogotix A

● Remove Virus Jahil

● Remove Virus Kespo v2

● Remove Virus Kill AV

● Remove Virus Moontox Bro

● Repair menu winlogin

● Remove Virus My Rose VB Worm A

● Remove Virus Nale A

● Remove Virus Brontok

● Remove Virus Renova

● Remove Virus Flue Ikan

● Remove Virus Gultung

● Remove Virus Revenge

● Remove Virus RontokbroEQ

● Remove Virus Tepa MM

● Can`t Save Mode

● Remove Virus UnHookExec

● Remove Virus Hysra Genmm Warteg

● Remove Virus VB Worm SS

● Remove Virus Viking

● Remove Virus VIndika

● Remove Virus Kere

● Remove Virus Warteg

● Remove Virus AVG

● Remove Virus W32 VBTroj CZA

● Remove Virus W32 VBWorm MNG

● Remove Virus W32 Gedug

● Remove Virus Kell AV XF

● Remove Virus W32 Naki G Grogoti zip

● Remove Virus W32 VBTroj FJA

● Remove Virus W32 VBWorm MPT

Note : Don`t forget after that to installing Anti Virus Recommended Up To Date

Remove Virus " Antivirus XP 2008 "

Not all anti-virus program today will help eliminate the virus from their problem, in this case antivirus XP 2008 is spyware that try to make your computer as spam zombie. Be careful when opening e-mails from someone you do not know, especially daily Top 10 to CNN.com Press Top 10 this message which asks you to update your flash player but in reality this file is the virus.

If you've downloaded and run this file becomes master of viruses and files downloaded from the Internet automatically then run it.

C:\WINDOWS\system32\CbEvtSvc.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe

C:\WINDOWS\system32\lphc7nvj0e52e.exe

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\blphc7nvj0e52e.scr

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\windows\system32\drivers\xxx.sys

C:\Documents and Settings\LocalService\Application Data\584289103.exe

C:\Program Files\rhc3nvj0e52e

C:\Windows\system32\pphc7nvj0e52e.exe

C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e

C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008

C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk

This virus will also make your registry changes :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc

DisplayName = CbEvtSvc

ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc

DisplayName = CbEvtSvc

ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CbEvtSvc

DisplayName = CbEvtSvc

ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6127a5e3

ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6127a5e3

ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6127a5e3

ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

lphc7nvj0e52e = C:\WINDOWS\system32\lphc7nvj0e52e.exe

SMrhc3nvj0e52e = C:\Program Files\rhc3nvj0e52e\rhc3nvj0e52e.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\software notifier

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e

DisplayName = AntivirXP08

UninstallString = “C:\Program Files\rhc3nvj0e52e\uninstall.exe”

HKEY_LOCAL_MACHINE\software\rhc3nvj0e52e

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion

rhc3nvj0e52e = 8b 6e 99 48 (bynary)

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent\Post Platform

AntivirXP08 = AntiVirXP08 SV1

This virus also will remove your “screen saver” and “desktop” tab on display properties and change your desktop with file %systemroot%\system32\phc7nvj0e52e.bmp and change your screensaver with executed file %systemroot%\\system32\blphc7nvj0e52e.scr to make you panic by showing fake blue screen of death (BSOD) on your screen.


Then this steps to remove virus " Antivirus XP 2008 " :

1. Run computer on "safe Mode"

2. Start --> run --> services.msc ( to stop activity virus )



3. Fine CbEvtSvc then Disable it.

4. Just Copy this code and save as repair.inf, then right click
intall.

[Version]

Signature=”$Chicago$”

Provider=nobody

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”

HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0,
“Explorer.exe”

HKCU, Control Panel\Desktop, ConvertedWallpaper,0, “”

HKCU, Control Panel\Desktop, OriginalWallpaper,0, “”

HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, “”

HKCU, Control Panel\Desktop, Wallpaper,0, “”

HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0,
“”

HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, “”

[del]

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52e

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, services

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52e

HKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exe

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,
NoDispBackgroundPage

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,
NoDispScrSavPage

HKLM, SYSTEM\CurrentControlSet\Services\6127a5e3

HKLM, SYSTEM\ControlSet002\Services\6127a5e3

HKLM, SYSTEM\ControlSet001\Services\6127a5e3

HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc

HKLM, SYSTEM\ControlSet002\Services\CbEvtSvc

HKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvc

HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc

HKLM, SYSTEM\CControlSet002\Services\CbEvtSvc

HKLM, SOFTWARE\Microsoft\software notifier

HKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e

HKLM, software\rhc3nvj0e52e

HKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52e

HKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User
Agent\Post Platform

HKLM, SOFTWARE\Microsoft\Software Notifier

HKLM, SYSTEM\ControlSet001\Services\125c1fb5

HKLM, SYSTEM\ControlSet002\Services\125c1fb5

HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5

5. Delete the file list like :

C:\WINDOWS\system32\CbEvtSvc.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe

C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs
(xx=random).

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe

C:\WINDOWS\system32\lphc7nvj0e52e.exe

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\WINDOWS\system32\blphc7nvj0e52e.scr

C:\WINDOWS\system32\phc7nvj0e52e.bmp

C:\windows\system32\drivers\xxx.sys (xxx random with size 108 KB)

C:\Documents and Settings\LocalService\Application Data\584289103.exe

C:\Program Files\rhc3nvj0e52e

C:\Windows\system32\pphc7nvj0e52e.exe

C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e

C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008

C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet
Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk

6. Don`t forget to intall antivirus up to date recommended like kaspersky, avg, mcafee etc.

7. I hope that is help you.