Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry altered when malware was removed


  • Please log in to reply
1 reply to this topic

#1 Eric Ladd

Eric Ladd

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 24 November 2010 - 06:25 AM

While browsing I picked up a bug of some kind that was redirecting my browser and launching "Security Console" when I tried to run my other scanning software. I used the Windows Task Manager to identify a file called vz.exe that was being launched and shut down that process. Stopping that process would close the "Security Console" so I was certain that was my culprit. I located and deleted the vz.exe file from my system, but now whenever I try to launch an executable I get thrown to the "Open With" window. I looked in my registry and my HKEY_CLASS_ROOT\exefile\shell\open\command is set to : "%1" %* as I think it should be, but my HKEY_CLASS_ROOT\.exe is set to: sezfile

I changed the HKEY_CLASS_ROOT\.exe entry to read exefile and I can launch programs now, but I am worried something else is lurking on the system. Can someone advise me on scanning my computer to ensure it is healthy? I would like to provide a professional the information to give me some advice.

Thank you,
Eric

BC AdBot (Login to Remove)

 


#2 trebormuhaha

trebormuhaha

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 24 November 2010 - 06:37 AM

this lists the changes that are made with that file assuming it is the same file

http://www.threatexpert.com/report.aspx?md5=20cbb83e05ac77978d72a9b6c8e1339b

and has a very low security level

pay load

Downloads/requests other files from Internet.

so any one guess as to what it may have downloaded

i would start with running trendmicro housecall on your pc while you wait for some one more in the know
Best things since sliced bread

Download UBCD here
UBCD

Trend Micro House Call make sure those nasty little buggers are gone
Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users