| Blogs > TuElite |
|
TuElite
Canada2123 Posts
On August 06 2011 00:36 Darkdeath3 wrote: Have you tried the system resotore or can u still not start any programs? Just tried System Restore. Same as any other program, can't access it. | ||
|
mucker
United States1120 Posts
| ||
|
iamperfection
United States9645 Posts
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 | ||
|
Marcus420
Canada1923 Posts
On August 06 2011 00:47 TuElite wrote: Just tried System Restore. Same as any other program, can't access it. you can boot off the installation dvd, and choose the “Repair your computer” option on the lower left hand side. If you don’t have an installation/repair disc, you can make one with these instructions. http://www.howtogeek.com/howto/windows-vista/how-to-make-a-windows-vista-repair-disk-if-you-dont-have-one/ Click next on the next screen, and then choose System Restore from the System Recovery dialog. It will take a few seconds to come up, and you will see the same screen that you would see in windows. Click next, and on the next screen select the drive that your copy of Windows 7 or Vista is installed on. Click Finish, and Windows will roll back to the previous restore point. Really pretty simple stuff. | ||
|
TuElite
Canada2123 Posts
By using Task Manager and holding CTRL + File(Run) I managed to access the DOS or whatever (the black screen where u can get shit done). I can now access regedit and the registry from there. Now I'm going to try and delete the following files in the registry HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1' HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*' HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1' As well as these files %AllUsersProfile%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\ppn.exe %Temp%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\U3F7PNVFNCSJK2E86ABFBJ5H %AppData%\TEMPLATES\U3F7PNVFNCSJK2E86ABFBJ5H And that should get rid of the virus.... Hoppefully my .exe files comeback after that too but I have a feeling that I'll need to do more shit... | ||
|
h3r1n6
Iceland2039 Posts
On August 06 2011 01:02 TuElite wrote: GOOD NEWS UPON ME By using Task Manager and holding CTRL + File(Run) I managed to access the DOS or whatever (the black screen where u can get shit done). I can now access regedit and the registry from there. Now I'm going to try and delete the following files in the registry As well as these files %AllUsersProfile%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\ppn.exe %Temp%\U3F7PNVFNCSJK2E86ABFBJ5H %LocalAppData%\U3F7PNVFNCSJK2E86ABFBJ5H %AppData%\TEMPLATES\U3F7PNVFNCSJK2E86ABFBJ5H And that should get rid of the virus.... Hoppefully my .exe files comeback after that too but I have a feeling that I'll need to do more shit... On August 06 2011 00:27 h3r1n6 wrote: Try a rescue cd, most anti virus companies have them. I suggest the Kaspersky rescue disk. Just try a rescue disk, way easier and more efficient. | ||
|
Wordpad
Denmark154 Posts
| ||
|
enigmaticcam
United States280 Posts
On August 06 2011 00:50 mucker wrote: Try using the exe association fix from here This is your answer. I had this exact same virus on my machine just a couple months ago. Ended up accidentally removing the association to exe files in an attempt to get rid of it. I did a google search and found the reg keys you can download to re-associate exe files. You don't need to reinstall windows. | ||
ZeromuS
Canada13389 Posts
| ||
|
Frigo
Hungary1023 Posts
| ||
|
Probe1
United States17920 Posts
 Sorry. | ||
|
Dance.
United States389 Posts
| ||
|
obesechicken13
United States10467 Posts
What are rescue disks? I might make one soon. Also, this thread should be under tech support, you'd get less replies but better replies there. | ||
|
h3r1n6
Iceland2039 Posts
On August 06 2011 07:54 obesechicken13 wrote: I would use the association fix now, and then run combofix (transfer from USB to desktop) to get rid of the virus. What are rescue disks? I might make one soon. Also, this thread should be under tech support, you'd get less replies but better replies there. A bootable cd image, that will scan and remove infections from your pc. So it's basically an anti virus that you can run without booting your os Trying to disinfect a pc by booting it first and then trying to remove the infection is a losing battle. | ||
|
Sad[Panda]
United States458 Posts
 | ||
|
iSometric
2221 Posts
| ||
Kipsate
Netherlands45349 Posts
Good luck! Also, perhaps you should make a seperate thread in the Tech Support section?There are some really smart guys there too who don't read blogs. | ||
|
obesechicken13
United States10467 Posts
On August 06 2011 08:36 iSometric wrote: Not to derail the thread (idk how to make my own thread) but, I have a similar problem where I can't open FB/Youtube sometimes. I think its a virus and its like sometimes I can access certain websties and sometimes I can't. (internet works for e.g. yahoo.com though) PM me if u can help! Make a new thread. If you speak binary, post it in tech support. Otherwise post it in blogs or say "use a code to english translator" before hitting post. Derailing a thread only serves to lose focus on the original intention. | ||
|
TuElite
Canada2123 Posts
On August 06 2011 08:41 Kipsate wrote: Well fuck your KARA collection better not be in danger. Good luck! Also, perhaps you should make a seperate thread in the Tech Support section?There are some really smart guys there too who don't read blogs. Number 1 reason why I didn't just reinstall obv obv. I haven't tried to fix my registry yet, I will try tomorrow morning and if I can't get it to work I'll consider posting in Tech Support (lol did not even know that section existed). Thanks! And then I'm backing up the collection on external hard drive. This work of art must be preserved. | ||
|
mizU
United States12125 Posts
Try to get a better anti-virus/malware so it doesn't happen again. There's almost never a need to re-install windows, or run msconfig, cuz if you don't know what you're doing you can EFF up big time. Regedit is pretty confusing, but once you get down the file tree and layout as well as the data entry, you should be fine. Make sure you only change what you need to, cuz if you mess certain things up... gg. Just follow the guide on the site you got and it should be fine. Regedit should help you take care of most of the virus triggers, but make sure you search your C drive for hidden folders or newly created files+folders. (Sort by date modified) Also use MalwareBytes to makes sure everything is gone. GL! | ||
| ||
StarCraft 2 StarCraft: Brood War Dota 2 Counter-Strike Other Games Grubby5205 FrodaN2784 Liquid`RaSZi2246 tarik_tv2094 Beastyqt907 Harstem469 Liquid`Hasu418 Mlord390 mouzStarbuck371 B2W.Neo252 Pyrionflax245 KnowMe214 XaKoH  168ArmadaUGS160 TKL  73QueenE60 Dewaltoss57 ZombieGrub23 DeMusliM0 |
|
SOOP
SHIN vs GuMiho
Cure vs Creator
The PondCast
Wardi Open
Big Gabe XPERIONCRAFT
AI Arena Tournament
Sparkling Tuna Cup
WardiTV Invitational
IPSL
DragOn vs Sziky
Replay Cast
Wardi Open
[ Show More ] |
|
|
EPT
