BugBear on Regedit.exe

[Ted Leonard]

I get popup messages stating that I have BugBear on the
regedit.exe file, and telling me to run AVG, my antivirus
program. I run AVG and it says it can't remove the virus
and to replace the inficted copy with a good one. I ran
sfc.exe from the command line, but apparently it did not
find what it thought to be an altered file, so it didn't
fix it. Clicking on regedit.exe brings up the virus
message box, but won't open the program, nor will right
clicking on the file open the drop down window. Anyone
know how can I replace this file?

Thanks for any help.

Ted

 

[Dave Patrick]

Replace the file from the recovery console. To start the Recovery Console,
start the computer from the Windows 2000 Setup CD or the Windows 2000 Setup
floppy disks. If you do not have Setup floppy disks and your computer cannot
start from the Windows 2000 Setup CD, use another Windows 2000-based
computer to create the Setup floppy disks. Press ENTER at the "Setup
Notification" screen. Press R to repair a Windows 2000 installation, and
then press C to use the Recovery Console. The Recovery Console then prompts
you for the administrator password. If you do not have the correct
password, Recovery Console does not allow access to the computer. If an
incorrect password is entered three times, the Recovery Console quits and
restarts the computer. Once the password has been validated, you have full
access to the Recovery Console, but limited access to the hard disk. You can
only access the following folders on your computer: %systemroot% and
%windir%

From a command prompt you can expand the file. An example;

expand E:\I386\calc.ex_ %windir%\system32\calc.exe

would expand a new copy of calc.exe to the \system32 directory.

Also you'll want to use the correct version for the service pack level
you're at. So you may need to extract the file from a service pack.

To extract the service pack files without installing them, execute
J:\W2kSP3\W2KSP3.exe /x
Then when prompted, specify a directory to hold the extracted files.

(note: regedit.exe is located in %windir% aka the "windows" directory
probably \winnt)

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]
Microsoft Certified Professional [Windows 2000]
http://www.microsoft.com/protect


:
| I get popup messages stating that I have BugBear on the
| regedit.exe file, and telling me to run AVG, my antivirus
| program. I run AVG and it says it can't remove the virus
| and to replace the inficted copy with a good one. I ran
| sfc.exe from the command line, but apparently it did not
| find what it thought to be an altered file, so it didn't
| fix it. Clicking on regedit.exe brings up the virus
| message box, but won't open the program, nor will right
| clicking on the file open the drop down window. Anyone
| know how can I replace this file?
|
| Thanks for any help.
|
| Ted

 

[Guest]

Dave,

Thanks for the info. I still have some questions.

1. How do I know if the file to be replaced, i.e.
regedit.exe is from the original CD or the service pack.
I suspect that not all the system files were replaced by
the service pack. Is there a certain date to look for?
2. If the file is from the service pack where do I go to
get it. As I recall the service pack is not saved, but
rather installed when you get it from Microsoft Updates.

Thanks again for any additonal help.

Ted

-----Original Message-----
Replace the file from the recovery console. To start the Recovery Console,
start the computer from the Windows 2000 Setup CD or the Windows 2000 Setup
floppy disks. If you do not have Setup floppy disks and your computer cannot
start from the Windows 2000 Setup CD, use another Windows 2000-based
computer to create the Setup floppy disks. Press ENTER at the "Setup
Notification" screen. Press R to repair a Windows 2000 installation, and
then press C to use the Recovery Console. The Recovery Console then prompts
you for the administrator password. If you do not have the correct
password, Recovery Console does not allow access to the computer. If an
incorrect password is entered three times, the Recovery Console quits and
restarts the computer. Once the password has been validated, you have full
access to the Recovery Console, but limited access to the hard disk. You can
only access the following folders on your computer: % systemroot% and
%windir%

From a command prompt you can expand the file. An example;

expand E:\I386\calc.ex_ %windir%\system32\calc.exe

would expand a new copy of calc.exe to the \system32 directory.

Also you'll want to use the correct version for the service pack level
you're at. So you may need to extract the file from a service pack.

To extract the service pack files without installing them, execute
J:\W2kSP3\W2KSP3.exe /x
Then when prompted, specify a directory to hold the extracted files.

(note: regedit.exe is located in %windir% aka the "windows" directory
probably \winnt)

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]
Microsoft Certified Professional [Windows 2000]
http://www.microsoft.com/protect


:
| I get popup messages stating that I have BugBear on the
| regedit.exe file, and telling me to run AVG, my antivirus
| program. I run AVG and it says it can't remove the virus
| and to replace the inficted copy with a good one. I ran
| sfc.exe from the command line, but apparently it did not
| find what it thought to be an altered file, so it didn't
| fix it. Clicking on regedit.exe brings up the virus
| message box, but won't open the program, nor will right
| clicking on the file open the drop down window. Anyone
| know how can I replace this file?
|
| Thanks for any help.
|
| Ted


.

 

[Dave Patrick]

I'm guessing the version installed with Windows 2000 is 5.0.2195 it appears
SP4 replaced it with version 5.0.2195.6707 You can download and extract the
files from;

http://www.microsoft.com/windows2000/downloads/servicepacks/default.asp

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]
Microsoft Certified Professional [Windows 2000]
http://www.microsoft.com/protect


| Dave,
|
| Thanks for the info. I still have some questions.
|
| 1. How do I know if the file to be replaced, i.e.
| regedit.exe is from the original CD or the service pack.
| I suspect that not all the system files were replaced by
| the service pack. Is there a certain date to look for?
| 2. If the file is from the service pack where do I go to
| get it. As I recall the service pack is not saved, but
| rather installed when you get it from Microsoft Updates.
|
| Thanks again for any additonal help.
|
| Ted