Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regsvr.exe


  • Please log in to reply
2 replies to this topic

#1 roosterr

roosterr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 12 December 2005 - 12:58 AM

to make the effort worth, i would start by saying that i am a regular @ yahoo chat rooms. i seem to have picked sumthing malicious by clicking a link & downloading a exe...damn stupid of me well neways, i right away found that someone had hijacked my yahoo id since i found a msg in the archive messages..lucky i use archive.
to make matters worse, i see a process REGSVR.EXE running when i startup. i have tried everything i can to remove the file, including but not limited to Norton AV, McFee Stinger, Ad-Aware, Spy Doctor. The damn file just wont go!!
i tried deleting the file in safe mode, & even used The KillBox to kill & delete the file, but it recreates itself everytime i start in normal mode.
Can you please help me resolve the mess i have got into? guess the last option would be low level formatting of my laptop, but can someone save me from this

BC AdBot (Login to Remove)

 


#2 phatcat42141

phatcat42141

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 12 December 2005 - 01:18 AM

Here is what it is and how to get rid of it --
http://www.bleepingcomputer.com/startups/r...r.exe-4481.html

#3 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 12 December 2005 - 03:07 AM

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido again run from safe mode.

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users