OT - Editing My Registry - OT

[randroid]

Gents,

My AV program (Kaspersky AV 2011) has evidently allowed a worm (W32.Stuxnet) into my system that doesn't allow me to run any programs with the suffix '.exe'. In fact, all of my .exe files are now .lnk files and the only way I can get onto the internet is by tricking Win XP, which is surprisingly easy but still doesn't permit the use of .exe files. I may have come up with a fix for it but it requires access to the registry and the only way I know of accessing the registry is through regedit, which requires the use of an .exe file. Are there any geeks out there who know how to access the registry in a straightforward manner, ie not needing to use anything with .exe in it?

-Randy

[oldodge41]

I am not a computer tech, just a guy who fools around with them a little so take this for what it is worth. I was once able to get out of a similar issue by running my AV program after booting up in "Safe Mode". But when a friend of mine got a similar bug that would not allow any .exe programs to open. It would set a message stating there was no file association for .exe like mine did but would not work in Safe Mode either. It could not even open the anti-virus program (Norton). The antivirus it would open was a bogus one that was part of the actual virus but I forget the name of it. Anyway, the way I got out of it was to right click on "start", left click on open, left click on tools at the top of the page and left click on "folder options" from the drop-down menu. Selected the "File Types" tab in the pop-up box, then selected "New". typed EXE in the dialogue box and clicked "OK". From there I believe you can just close this stuff and then open your true av program to capture the worm. Not sure this is the same worm but it is worth a try. If you get a message stating that EXE is already associated you can just cancel an know that wasn't it. Hope this helps, I am not a fan of messing around with the registry unless I have to..............Tim

[50 Dodge Lug Nut]

Gents,

My AV program (Kaspersky AV 2011) has evidently allowed a worm (W32.Stuxnet) into my system that doesn't allow me to run any programs with the suffix '.exe'. In fact, all of my .exe files are now .lnk files and the only way I can get onto the internet is by tricking Win XP, which is surprisingly easy but still doesn't permit the use of .exe files. I may have come up with a fix for it but it requires access to the registry and the only way I know of accessing the registry is through regedit, which requires the use of an .exe file. Are there any geeks out there who know how to access the registry in a straightforward manner, ie not needing to use anything with .exe in it?

-Randy

FIRST--- Go to System Restore and create a Restore Point immediately before you muck around in the Registry.

Then, go to your Windows Directory--Usually c:/Windows

Find the Regedit.exe file. Right click it, copy and paste it, and the program will give you a Regeit (2).exe file. Rename it Regedit.com.

Double click that and you should be in the Regedit window. Complete your changes, re-boot Windows and if all is OK after the re-boot, then delete the .com file you created earlier.

Hope this works for you. It should!

Frank

Edited February 19, 2011 by 50 Dodge Lug Nut
Added more info.

[randroid]

Gents,

Thank you for the excellent suggestions but, unfortunately, neither of them worked. Tim, what you suggested is what worked for me the first time but I think perhaps the worm has the ability to "learn" because it didn't work this time. Frank, I have been warned since my days of Dos 1.2 that I should keep my stinking hands off the registry and that's exactly what I've done, but I found a straightforward registry fix that doesn't scare me, however, I could not get any farther than renaming the file because evidently the worm doesn't like .com extensions, either. I tried several others just to be sure. The good news is I may have accidentally stumbled upon a solution because I just learned that my flashcard reader is functioning. There's a program called "exefix" that Kaspersky recommended and what I want to try next is to download the program onto my wife's computer and open it in a new folder, then copy it to a flashcard and move the card to my machine to see if it runs. I would like your opinions on doing that before I go ahead with it.

Chrome OS is due for release in India by May and if there aren't any glitches it will then be available everywhere. If you're not familiar with it think of UNIX for dummies. Get that baby plugged into my machine and kiss Microsoft's @$$ goodbye forever! That will be a sweet day for everyone except MS for they will need to bump the quality of their software up a few notches or go the way of other outdated programs. Since they are obviously too arrogant to do the former I can only imagine the latter will ensue.

That was an unplanned rant. Sorry if it offended, I guess.

So, what do you or anybody else think about my scheme of using a flashcard?

-Randy

[oldodge41]

If it were me I would try it. Not a lot to lose at this point. i would try everything before wiping the hard drive and starting over. Oh, by the way, my daughter has a MAC, she loves it and it has never malfunctioned in the three years of college that she has used and abused it. Plus no Microsoft viruses to contend with. I think I could get used to it if I used it enough. Ok enough on that. Did you try booting up in safe mode and restoring the computer to a date previous to the worm attack?.................tim

[Young Ed]

Randy this has worked for us a few times. Buy an adaptor to convert your harddrive to external and then plug it into a functional computer to wipe the worm off. If nothing else you can use this to save your documents before you wipe it and start fresh. You've got me a little worried as I'm about to install kaspersky 2011 on my PCs. Is this a glitch in the software I should be concerned about?

[John Mulders]

How sure are you that it is a virus?

The Stuxnet you mentioned seems to be a totally different virus (targeting Siemens , intended for the Iranian nuclear systems), see:

http://en.wikipedia.org/wiki/Stuxnet

Anyway :

quick search gave a nice option:

http://forums.cnet.com/7723-6122_102-350609.html

Not sure how well you work with computers

I checked the registry file that is provided and it seems ligit (same entries a my registry).

Hope you can solve it.

John

[randroid]

Gents,

Sorry to take so long to get back to you but other issues have taken a lot of my time today. A few points:

1. I have tried doing a system restore through two separate programs and the results are the same. The restore seems to work but when I restart the computer the restore doesn't 'take'.

2. I'm not going to blow-away everything then dive into Chrome OS, but I certainly see it as a light at the end of the tunnel.

3. I read the problem associated my troubles is caused by the W32.Suxtnet worm but I wouldn't know what that was if it walked up and kicked me.

4. I was able to open Regedit by the info in the link John sent. I edited it and it didn't fix the problem but it's better than it was.

5. I haven't tried bringing exefix.exe in through the back door yet but that's because I'm very tired (not much sleep last night) and want to be alert when I do it.

6. I have never heard anything other than good about Macs and probably wouldn't be having this problem if I drove one. Google Chrome OS is a UNIX-based OS but rather than me trying to explain it I would encourage you all to 'google' it. There are several informative demonstration videos there that explain it much better than I, but the two most impressive aspects of it that I recall are that from the time you boot your computer until you're on the internet is about seven seconds because you don't have to deal with MS clutter getting in your way. The other reason is that you don't need to store anything on you computer because it's stored on the internet.

I'm falling asleep writing this so I'll stop babbling and be done with it for the night. Thank you all very much for the time you've taken to contribute to this thread; all the information has been good and when I finally lick this puppy I'll let you know how I did it.

-Randy

[oldodge41]

The solution Young Ed offered has worked for us several times on different viruses. Just make sure the machine you connect to has an up to date AV program and it will usually go straight for the virus and quarantine it. The page John linked looks promising as well. It may be a good option to try first if you don't have access to an external drive housing. As for Chrome, I haven't looked lately to see how far along development is. It originally looked like a good candidate for a partitioned hard drive with Mac or Windows on one partition to run the normal computer software and Chrome on the other for web based applications. Or for use on a web only machine. The ten second boot on Chrome would be great. Looking forward to learning how this turns out for you. Never know when it will hit another one of us. thanks for sharing. Good luck. ........Tim

[50 Dodge Lug Nut]

Gents,

Sorry to take so long to get back to you but other issues have taken a lot of my time today. A few points:

1. I have tried doing a system restore through two separate programs and the results are the same. The restore seems to work but when I restart the computer the restore doesn't 'take'.

2. I'm not going to blow-away everything then dive into Chrome OS, but I certainly see it as a light at the end of the tunnel.

3. I read the problem associated my troubles is caused by the W32.Suxtnet worm but I wouldn't know what that was if it walked up and kicked me.

4. I was able to open Regedit by the info in the link John sent. I edited it and it didn't fix the problem but it's better than it was.

5. I haven't tried bringing exefix.exe in through the back door yet but that's because I'm very tired (not much sleep last night) and want to be alert when I do it.

-Randy

Folks --

All good ideas and suggestions. Yet, there is obviously a deeper issue here.

Randy, when did you first noticed this virus or get an alert? You stated (above) you performed System Restore through two separate programs, the results were the same.

Have you tried doing a Restore Point, say from a week or so ago? Perhaps you can determine the date when this virus hit your system and Restore to a point just before that event. Even if that fails, you can do an Un-restore and return to your current settings.

Another idea: Have your tried to change the "Services" or "Startup" settings in msconfig for Kaspersky? Maybe by starting the computer without Kaspersky loaded, you might be able to do the registry entry changes you want to.

If you need help with changing the settings in the msconfig panel, I'll try to help you here.

Just go to "Start, Run, type in msconfig. hit enter or OK. When the new panel opens, go to the far right hand columns, Startup and Services and uncheck all that applies to Kaspersky. Write down all your changes so you can undo them when your finished, exit msconfig and select "reboot". After the computer loads, try your registry fix or changes. If they stick and all is well, go back and reset your Kaspersky settings in msconfig.

As far as your flashcard idea, that might be an answer. Can you boot the computer from the card? Maybe a temporary change in your BIOS to allow the system to boot to the card will give you access.

Again, good luck with this.

Frank

[randroid]

Gents,

I've been asked what I think of Kaspersky AV and, after playing with it for another five hours today and receiving another email from them telling me which .exe file to use, I must admit that my opinion of them is rather low. Four emails to them asking how to fix not being able to use .exe files and four replies each steering me toward yet another .exe file makes me question how great their sense of urgency to help me might be. Still, they're rated as the #1 AV system floating around so whether or not I renew my subscription next October remains to be seen. They're better than AVG and Norton for stopping attacks but at least I could get coherent correspondence from AVG.

Yet another reason to leave MS in the dirt.

Thanks again for all the assistance.

-Randy

[randroid]

Gents,

The gist of it is that I evidently asked a question too difficult difficult for Kaspersky to answer without thinking very deeply and they've given up on me which, by strange coincidence, is now what I plan to do to them when my subscription renewal comes due next October.

None of the many excellent suggestions given, both on this thread and by PM, were able to correct the problem because I simply can't seem to download anything anymore, but I've kept at it because I have more determination than common sense. What I'll do is take the HD to my favorite geek and have him piggy-back it to another HD that already has the malware installed and be shed of the problem. I could do that with Lynn's computer but she doesn't feel too secure with me messing with her machine right now and I can't blame her.

Thanks again,

-Randy

[Harvey Tank]

I took my PC to a computor guy. for $60.00 he cleaned every thing up . now no problem

[kbuhagiar]

What I'll do is take the HD to my favorite geek and have him piggy-back it to another HD that already has the malware installed and be shed of the problem.

Thanks again,

-Randy

Let us know the outcome!

[BobT-47P15]

Yep, a $65 visit to a local computer shop worked to get some malware

off of mine. They missed certain parts of it first because it was snuck

in in some legit looking manner.

When some nuisance item would crop

up, I finally began cutting and pasting to a blank email the address

line of the item. Then I took the computer back to the shop with the

printouts of the addresses. It appears they were able to remove the

things. Haven't seen any more yet.

But they say you can't tell where

you will encounter malware or related nuisances. It can be picked up

from totally legit sites, not just from places considered "bad".