hklm/software - virus?

D

ddotsyl

I'd appreciate any help I can get in simple terms! Yesterday, I was
minding my own business when I was hit by a virus of some sort.
Nortons alerted me of it but couldn't fix it, or stop it in time. As
quick as it appeared on my screen, pop-ups started appearing 20 per
second it seems. I downloaded another anti-virus system and I think I
cleared it. Unfortunately, everything in my startup folder is now in
the location HKLM/Software/Microsoft/Windows/CurrentVersion/Run.

My question is how can I restore everything to normal without risking
my system not running at all. Please help!

Thanks
Sylvia
 
C

Crouchie1998

First of all. What is the virus you had? It sounds more like adware.

Anything running under the registry key you posted is running on startup

Can you post the list of programs running in the run key?

Crouchie1998
BA (HONS) MCP MCSE
 
P

Paraleptropy

I'd appreciate any help I can get in simple terms! Yesterday, I was
minding my own business when I was hit by a virus of some sort.
Nortons alerted me of it but couldn't fix it, or stop it in time. As
quick as it appeared on my screen, pop-ups started appearing 20 per
second it seems. I downloaded another anti-virus system and I think I
cleared it. Unfortunately, everything in my startup folder is now in
the location HKLM/Software/Microsoft/Windows/CurrentVersion/Run.

My question is how can I restore everything to normal without risking
my system not running at all. Please help!

Thanks
Sylvia

Virus's are a real pain in the ass. I'm pretty familiar with what
belongs in my windows and windows\system32 directories.

One thing to do is boot using an ERD disk. Get a directory listing in
those two directories and sort them by date. Just by looking, I can
usually tell what belongs and what does not belong. If you can't
tell, you can always do a search for the file('s) in question.

Sort by date; the latest date of course. Remove files that don't
belong. Make sure you unhide too because some will hide files. Go
into your registry and rename your run key to RUN.BAK or something of
the sorts.

Do this in both USER and MACHINE. Of course for user, you'll have to
know the correct SID.

Rename your 'STARTUP' folders for both 'all users' and current logged
on user. This is typically in, C:\documents and
settings\<username>\start menu\programs\startup.

I know I'm being somewhat vague about this, but I know my stuff and am
able to do this when needed without worrying about killing stufff. If
you're not so familiar, you should get someone with more knowledge to
help you.

check your explorer shell in the registry. Sometimes you may think
you're running Explorer but you may be running something else that
looks like explorer. Also, when explorer is run at startup, it could
always be run with another executable attached to it. Don't forget to
check this.

Hope that helps.


-=Paraleptropy=-
http://www.neflyfishing.net
0 Limit,Catch -n- Release
 
Joined
Jan 18, 2009
Messages
1
Reaction score
0
I have had this problem before, the way i fixed it was
1.CTRL, ALT, DEL, Task manager
2.Go to Processes and there should be a file named HKLM.exe
3.Click the HKLM.exe and End processes
4.Go to start afterwords then go up to (Startup) and there should be something names hklm in it (DELETE IT)

Then you should be fine =)
Hope it helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top