Over 40,000 "entries" under \windows\currentversion\run in registr

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

A friend's computer was (I think) attacked by a virus. The virus was removed
prior to my getting here. It is now spyware and virus-free. Despite that,
it still takes an infinite (literally) amount of time to give the user
control of the system when booting normally.

Boot into safe mode (with or without networking) and all is relatively well.
Trying to run msconfig doesn't work - well, it does, but it appears to hang.
I try regedit and I can navigate through all keys but one -
\windows\currentversion\run - based on my jerry-rigging AdAware I can see
that there are over 40,000 and counting entries in that particular key.
Could be several thousand or hundreds of thousands more. I don't know.

Is there any way to safely access and manually edit the registry without
being in Windows? I know my way around it so there's no major threat to
navigating through it... My only other option would be to "let it go" and
see if it takes hours or days to "get there" and display all the entries so
they can be removed one-by-one or "en masse".

HELP!

Other than that, it works fine - but at 100% CPU usage, one can't do much!!!
:-)
 
Many viruses are designed to fatally corrupt and destroy the
operating system. You can always remove the virus file,
but the damage caused by the execution of the malicious
virus code has already been done. Try the following:

How to Perform a Windows XP Repair Install
http://www.michaelstevenstech.com/XPrepairinstall.htm

If the "Repair Install" is unsuccessful, then you need to
start from scratch and perform a "Clean Install".

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

Here's what you can do to enhance the security on your PC
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx

Antivirus software: Frequently asked questions
http://www.microsoft.com/athome/security/protect/antivirus.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

-------------------------------------------------------------------------------------------

:

| A friend's computer was (I think) attacked by a virus. The virus was removed
| prior to my getting here. It is now spyware and virus-free. Despite that,
| it still takes an infinite (literally) amount of time to give the user
| control of the system when booting normally.
|
| Boot into safe mode (with or without networking) and all is relatively well.
| Trying to run msconfig doesn't work - well, it does, but it appears to hang.
| I try regedit and I can navigate through all keys but one -
| \windows\currentversion\run - based on my jerry-rigging AdAware I can see
| that there are over 40,000 and counting entries in that particular key.
| Could be several thousand or hundreds of thousands more. I don't know.
|
| Is there any way to safely access and manually edit the registry without
| being in Windows? I know my way around it so there's no major threat to
| navigating through it... My only other option would be to "let it go" and
| see if it takes hours or days to "get there" and display all the entries so
| they can be removed one-by-one or "en masse".
|
| HELP!
|
| Other than that, it works fine - but at 100% CPU usage, one can't do much!!!
| :-)
 
You can delete the Run key, the re-make it.
Check Runonce also.
Try one of those regcleaner after you do that, it should remove
unrelated keys.
 
Export the key if you want to see what is in it (and perhaps save a
few valid entries). You can then delete it.

If you want to, you can do all this from a command line.

....Alan
 
Back
Top