Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start Up Error


  • Please log in to reply
6 replies to this topic

#1 fabfifie

fabfifie

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 07 August 2012 - 07:29 AM

EDit:moved from Vista to Am I Infected~boopme

Hi, I picked up some malaware at the weekend and used malabytes to remove them. Since removing these files, whenever I boot up the PC, then I get the following messaage:

"Could not load or run 'C:Users\George\LOCALS~1\Temp\msviyv.cmd' specified in the registry. Make sure the file exists on your computer or remove your reference to it in the registry"

Not sure how I go about removing this from the registry or whether it is safe to do this?

Any help gratefully received

cheers

Edited by boopme, 07 August 2012 - 08:22 AM.


BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:29 PM

Posted 07 August 2012 - 07:33 AM

After removing the malware there is still a startup entry looking for a file that MalwareBytes removed. Download and run Mike Lin's Startup Control Panel (http://www.mlin.net/StartupCPL.shtml) and delete the entry relating to msviyv.cmd

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 PM

Posted 07 August 2012 - 08:18 AM

StartupCPL will not show this entry.

Create a restore point before modifying registry entries

Press Windows+R key and type

regedit and click ok

Browse to

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

On right pane you should find LOAD or RUN key with this value C:Users\George\LOCALS~1\Temp\msviyv.cmd ,delete it.If you get access denied error

go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

right click on Windows key

Click on permissions

CLick on Everyone

Under permissions ,select FULL CONTROL and click ok,now you should be able to delete the LOAD key

good luck

#4 fabfifie

fabfifie
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 07 August 2012 - 01:17 PM

thanks, narenxp, worked a treat

cheers

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 PM

Posted 07 August 2012 - 01:44 PM

You're welcome :)

#6 Allan

Allan

  • BC Advisor
  • 8,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:29 PM

Posted 08 August 2012 - 03:55 PM

Thanks for the assist narenxp - I absolutely misread his first post about the location of the startup item.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 PM

Posted 09 August 2012 - 12:18 AM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users