• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 21:28
CEST 03:28
KST 10:28
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins Maestros of the Game 231ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12TL.net Map Contest #22 - Voting & Ladder Map Selection7
Community News
Weekly Cups (June 29-July 5): Solar Doubles0MC vs IdrA, Boxer vs Nal_rA to be Legacy Matches @ BlizzCon415.0.16 Hotfix (June 30) - Balance + Bug Fixes40Weekly Cups (June 22-28): Zergs thrive in new patch5[TLMC] Summer 2026 Ladder Map Rotation0
StarCraft 2
General
Serral wins Maestros of the Game 2 Is the larve respawn broken? 5.0.16 patch for SC2 goes live (8 worker start) 5.0.16 Hotfix (June 30) - Balance + Bug Fixes Weekly Cups (June 29-July 5): Solar Doubles
Tourneys
Crank Gathers Season 4: BW vs SC2 Team League GSL CK #5 Race War HomeStory Cup 29 RSL Revival: Season 6 - Qualifiers and Main Event Vespene Cup #1 — $300+ USD, July 10
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
Mutation # 533 Die Together The PondCast: SC2 News & Results Mutation # 532 Nuclear Family Mutation # 531 Experimental Artillery
Brood War
General
ASL 22 Proposed Map Pool Snow On New ASL S22 Map, Zerg Nerf BW General Discussion BGH Auto Balance -> http://bghmmr.eu/ Starcraft vs Retro Category on Twitch
Tourneys
IPSL Spring 2026 Top 4! CSLAN 4 is Coming! Escore Tournament StarCraft Season 2 The Casual Games of the Week Thread
Strategy
Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies Why doesn't anyone use restoration?
Other Games
General Games
Dawn of War IV Stormgate/Frost Giant Megathread Nintendo Switch Thread Summer Games Done Quick 2026! ZeroSpace at Steam NextFest - Last free demo
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread TL Mafia Power Rank Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread UK Politics Mega-thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The HerO Fan Club!
Media & Entertainment
Anime Discussion Thread Movie Discussion! Series you have seen recently... [Req][Books] Good Fantasy/SciFi books [TV/BOOK] *SPOILERS* Game of Thrones Discussion
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard? Computer Build, Upgrade & Buying Resource Thread
TL Community
The Automated Ban List
Blogs
Major Shifts in the Gaming I…
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
Customize Sidebar...

Website Feedback

Closed Threads



Active: 5123 users

Computer got hacked, help pl0x! - Page 2

Blogs > TuElite
Post a Reply
Prev 1 2 3 Next All
TuElite
Profile Blog Joined March 2010
Canada2123 Posts
August 05 2011 15:47 GMT
#21
On August 06 2011 00:36 Darkdeath3 wrote:
Have you tried the system resotore or can u still not start any programs?


Just tried System Restore.

Same as any other program, can't access it.
Always Smile - Jung Nicole - Follow Nicole on Twitter @_911007 and me @TuElite
mucker
Profile Blog Joined May 2009
United States1120 Posts
August 05 2011 15:50 GMT
#22
Try using the exe association fix from here
It's supposed to be automatic but actually you have to press this button.
iamperfection
Profile Blog Joined February 2011
United States9647 Posts
August 05 2011 15:51 GMT
#23
Microsoft has an article to this problem and links to this page to solve it.
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012
http://www.teamliquid.net/forum/viewmessage.php?topic_id=406168&currentpage=78#1551
Marcus420
Profile Joined January 2011
Canada1923 Posts
Last Edited: 2011-08-05 15:56:17
August 05 2011 15:53 GMT
#24
On August 06 2011 00:47 TuElite wrote:
Show nested quote +
On August 06 2011 00:36 Darkdeath3 wrote:
Have you tried the system resotore or can u still not start any programs?


Just tried System Restore.

Same as any other program, can't access it.

you can boot off the installation dvd, and choose the “Repair your computer” option on the lower left hand side. If you don’t have an installation/repair disc, you can make one with these instructions. http://www.howtogeek.com/howto/windows-vista/how-to-make-a-windows-vista-repair-disk-if-you-dont-have-one/

Click next on the next screen, and then choose System Restore from the System Recovery dialog. It will take a few seconds to come up, and you will see the same screen that you would see in windows.

Click next, and on the next screen select the drive that your copy of Windows 7 or Vista is installed on.

Click Finish, and Windows will roll back to the previous restore point. Really pretty simple stuff.
TuElite
Profile Blog Joined March 2010
Canada2123 Posts
Last Edited: 2011-08-05 16:09:47
August 05 2011 16:02 GMT
#25
GOOD NEWS UPON ME

By using Task Manager and holding CTRL + File(Run) I managed to access the DOS or whatever (the black screen where u can get shit done). I can now access regedit and the registry from there.

Now I'm going to try and delete the following files in the registry
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'


As well as these files

%AllUsersProfile%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\ppn.exe %Temp%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\U3F7PNVFNCSJK2E86ABFBJ5H %AppData%\TEMPLATES\U3F7PNVFNCSJK2E86ABFBJ5H

And that should get rid of the virus....

Hoppefully my .exe files comeback after that too but I have a feeling that I'll need to do more shit...
Always Smile - Jung Nicole - Follow Nicole on Twitter @_911007 and me @TuElite
h3r1n6
Profile Blog Joined September 2007
Iceland2039 Posts
August 05 2011 16:17 GMT
#26
On August 06 2011 01:02 TuElite wrote:
GOOD NEWS UPON ME

By using Task Manager and holding CTRL + File(Run) I managed to access the DOS or whatever (the black screen where u can get shit done). I can now access regedit and the registry from there.

Now I'm going to try and delete the following files in the registry
Show nested quote +
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'


As well as these files

%AllUsersProfile%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\ppn.exe %Temp%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\U3F7PNVFNCSJK2E86ABFBJ5H %AppData%\TEMPLATES\U3F7PNVFNCSJK2E86ABFBJ5H

And that should get rid of the virus....

Hoppefully my .exe files comeback after that too but I have a feeling that I'll need to do more shit...



On August 06 2011 00:27 h3r1n6 wrote:
Try a rescue cd, most anti virus companies have them. I suggest the Kaspersky rescue disk.



Just try a rescue disk, way easier and more efficient.
Wordpad
Profile Blog Joined November 2010
Denmark154 Posts
Last Edited: 2011-08-05 16:38:14
August 05 2011 16:34 GMT
#27
My best advice is to re-install Windows. This type of Malware is designed to be profitable at the expense of the victim, and trust me when I say the creators are relentless. Whether that means tricking you to pay for their crap, or stealing credit card information. Due to that fact, and the nature of how operating systems function (you can never be 100% sure the given malware is completely removed if it has root-kit functionalities), I will personally always recommend a reinstall.
enigmaticcam
Profile Blog Joined October 2010
United States280 Posts
Last Edited: 2011-08-05 16:40:35
August 05 2011 16:40 GMT
#28
On August 06 2011 00:50 mucker wrote:
Try using the exe association fix from here

This is your answer.

I had this exact same virus on my machine just a couple months ago. Ended up accidentally removing the association to exe files in an attempt to get rid of it. I did a google search and found the reg keys you can download to re-associate exe files.

You don't need to reinstall windows.
ZeromuS
Profile Blog Joined October 2010
Canada13410 Posts
August 05 2011 16:56 GMT
#29
Ive only ever gotten rid of this by reinstalling windows.
StrategyRTS forever | @ZeromuS_plays | www.twitch.tv/Zeromus_
Frigo
Profile Joined August 2009
Hungary1023 Posts
August 05 2011 17:18 GMT
#30
Try with full path, c:\windows\system32\regedit.exe?
http://www.fimfiction.net/user/Treasure_Chest
Probe1
Profile Blog Joined August 2010
United States17920 Posts
August 05 2011 17:19 GMT
#31
After it's done you might want to think about buying a backup external drive. After years of clicking on stupid things I learned it's best ot just reformat and start fresh with my media secured on a unconnected drive

Sorry.
우정호 KT_VIOLET 1988 - 2012 While we are postponing, life speeds by
Dance.
Profile Blog Joined July 2010
United States389 Posts
August 05 2011 18:19 GMT
#32
Anyone who uses "pl0x" any where other than 4chan deserves to be hacked.
It is what it is...
obesechicken13
Profile Blog Joined July 2008
United States10467 Posts
Last Edited: 2011-08-05 22:55:17
August 05 2011 22:54 GMT
#33
I would use the association fix now, and then run combofix (transfer from USB to desktop) to get rid of the virus.

What are rescue disks? I might make one soon. Also, this thread should be under tech support, you'd get less replies but better replies there.
I think in our modern age technology has evolved to become more addictive. The things that don't give us pleasure aren't used as much. Work was never meant to be fun, but doing it makes us happier in the long run.
h3r1n6
Profile Blog Joined September 2007
Iceland2039 Posts
August 05 2011 23:07 GMT
#34
On August 06 2011 07:54 obesechicken13 wrote:
I would use the association fix now, and then run combofix (transfer from USB to desktop) to get rid of the virus.

What are rescue disks? I might make one soon. Also, this thread should be under tech support, you'd get less replies but better replies there.


A bootable cd image, that will scan and remove infections from your pc. So it's basically an anti virus that you can run without booting your os Trying to disinfect a pc by booting it first and then trying to remove the infection is a losing battle.
Sad[Panda]
Profile Blog Joined January 2009
United States458 Posts
August 05 2011 23:20 GMT
#35
I got rid of this for a friend recently I just used SuperAntiSpyware's Mobile version its named differently so the virus doesn't block the EXE of it. gl I would just follow the bleepingcomputers link others have posted its what I used as a reference also
( O.O) ("\(t.t )/") ~ I'm just looking for someone to hug
iSometric
Profile Blog Joined February 2011
2221 Posts
Last Edited: 2011-08-05 23:36:40
August 05 2011 23:36 GMT
#36
Not to derail the thread (idk how to make my own thread) but, I have a similar problem where I can't open FB/Youtube sometimes. I think its a virus and its like sometimes I can access certain websties and sometimes I can't. (internet works for e.g. yahoo.com though) PM me if u can help!
strava.com/athletes/zhaodynasty
Kipsate
Profile Blog Joined July 2010
Netherlands45349 Posts
August 05 2011 23:41 GMT
#37
Well fuck your KARA collection better not be in danger.

Good luck!

Also, perhaps you should make a seperate thread in the Tech Support section?There are some really smart guys there too who don't read blogs.
WriterXiao8~~
obesechicken13
Profile Blog Joined July 2008
United States10467 Posts
Last Edited: 2011-08-06 01:48:23
August 06 2011 01:36 GMT
#38
On August 06 2011 08:36 iSometric wrote:
Not to derail the thread (idk how to make my own thread) but, I have a similar problem where I can't open FB/Youtube sometimes. I think its a virus and its like sometimes I can access certain websties and sometimes I can't. (internet works for e.g. yahoo.com though) PM me if u can help!

Make a new thread. If you speak binary, post it in tech support.

Otherwise post it in blogs or say "use a code to english translator" before hitting post.

Derailing a thread only serves to lose focus on the original intention.
I think in our modern age technology has evolved to become more addictive. The things that don't give us pleasure aren't used as much. Work was never meant to be fun, but doing it makes us happier in the long run.
TuElite
Profile Blog Joined March 2010
Canada2123 Posts
Last Edited: 2011-08-06 03:22:49
August 06 2011 03:22 GMT
#39
On August 06 2011 08:41 Kipsate wrote:
Well fuck your KARA collection better not be in danger.

Good luck!

Also, perhaps you should make a seperate thread in the Tech Support section?There are some really smart guys there too who don't read blogs.


Number 1 reason why I didn't just reinstall obv obv.

I haven't tried to fix my registry yet, I will try tomorrow morning and if I can't get it to work I'll consider posting in Tech Support (lol did not even know that section existed). Thanks!

And then I'm backing up the collection on external hard drive. This work of art must be preserved.
Always Smile - Jung Nicole - Follow Nicole on Twitter @_911007 and me @TuElite
mizU
Profile Blog Joined April 2010
United States12125 Posts
August 06 2011 21:58 GMT
#40
You didn't get hacked, you just got malware.

Try to get a better anti-virus/malware so it doesn't happen again.

There's almost never a need to re-install windows, or run msconfig, cuz if you don't know what you're doing you can EFF up big time.

Regedit is pretty confusing, but once you get down the file tree and layout as well as the data entry, you should be fine. Make sure you only change what you need to, cuz if you mess certain things up... gg. Just follow the guide on the site you got and it should be fine.

Regedit should help you take care of most of the virus triggers, but make sure you search your C drive for hidden folders or newly created files+folders. (Sort by date modified)
Also use MalwareBytes to makes sure everything is gone.

GL!
if happy ever afters did exist <3 @watamizu_
Prev 1 2 3 Next All
Please log in or register to reply.
Live Events Refresh
Replay Cast
00:00
Crank Gathers S4: Group Stage
CranKy Ducklings SOOP105
CranKy Ducklings81
LiquipediaDiscussion
OSC
17:00
Mid Season Playoffs
Krystianer vs IbaLIVE!
Liquipedia
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
ViBE254
SpeCial 178
StarCraft: Brood War
Rain 3555
GuemChi 3001
Artosis 573
NaDa 36
Britney 0
Dota 2
NeuroSwarm121
Counter-Strike
summit1g9386
Coldzera 917
taco 147
minikerr28
Super Smash Bros
hungrybox334
Other Games
Day[9].tv1322
shahzam596
JimRising 423
C9.Mang0370
Maynarde124
Mew2King55
Temp050
Organizations
Other Games
gamesdonequick32865
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 12 non-featured ]
StarCraft 2
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Dota 2
• masondota2911
Other Games
• Day9tv1322
Upcoming Events
Replay Cast
8h 32m
CrankTV Team League
9h 32m
OSC
11h 32m
Big Brain Bouts
14h 32m
Replay Cast
22h 32m
RSL Revival
1d 7h
Serral vs Bunny
ByuN vs GgMaChine
CranKy Ducklings
1d 8h
Afreeca Starleague
1d 8h
Snow vs Jaedong
YSC vs hero
RSL Revival
2 days
Solar vs Rogue
Maru vs NightMare
Sparkling Tuna Cup
2 days
[ Show More ]
GSL
3 days
Replay Cast
3 days
WardiTV Weekly
4 days
The PondCast
5 days
Replay Cast
6 days
CrankTV Team League
6 days
Liquipedia Results

Completed

CSL Season 21: Qualifier 2
HSC XXIX
Eternal Conflict S2 E1

Ongoing

IPSL Spring 2026
Acropolis #4
YSL S3
CSL 2026 Summer (S21)
Escore Tournament S3: W2
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
Heroes Pulsing #3
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

ASL Season 22: Wild Card Qualifier
CSLAN 4
Blizzard Classic Cup 2026
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
RSL Revival: Season 6
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Eternal Conflict S2 E2
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
Stake Ranked Episode 3
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.