Registry Question and Fending Off w32.korgo.v+Backdoor.berbew.g

[W. Watson]

It's been an interesting day. I found I had acquired the two viruses mentioned in the
subject line. Both were very recently introduced to the internet. I believe one might
have gotten it when I inadvertently left my firewall down for 12 hours while checking
out an ethernet connection problem. I also happened to accept in the midst of this a
large s/w file from a fellow who seemed on the up and up about some motion detection
s/w that I was interested in. I suspect either he deliberately attached the viruses
or was innocently involved. Anyway, here is my current question.

The Symantec removal instructions for removal of Backdoor.berbew.g mention deleting
"QueenKarton"="C". I could not find this at the location they mentioned. I did find
it elsewhere with regedit's Find. Unfortunately, regedit gives me no clue as to what
key it found it in, so I just renamed QueenKarton to QueenyKarton. Should I delete
the entry anyway, and how do I know what key it corresponds to?

--
Wayne T. Watson (The Wizard of Obz, Nevada City, CA)
(121.015 Deg. W, 39.262 Deg. N, 2,701 feet)
-- GMT-8 hr std. time, RJ Rcvr 39° 8' 0" N, 121° 1' 0" W
(Formerly Homo habilis, erectus, heidelbergensis and now sapiens)

"One advantage of being disorderly is that
one is constantly making exciting discoveries"
-A.A. Milne
Web Page: <home.earthlink.net/~mtnviews>

 

[Dave Patrick]

With regedit.exe running you can F3, then in the 'Find what:" box enter in
some string then click the 'Find Next' button. If and when there is a match
in the case of data the value name will be highlighted in the right pane
with the key icon in the left pane graphically open. In the case a key, the
key name will be highlighted. Always backup the registry before editing.

Repair, Recovery, and Restore
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/fndc/fndc_rec_uctu.asp

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


:
| It's been an interesting day. I found I had acquired the two viruses
mentioned in the
| subject line. Both were very recently introduced to the internet. I
believe one might
| have gotten it when I inadvertently left my firewall down for 12 hours
while checking
| out an ethernet connection problem. I also happened to accept in the midst
of this a
| large s/w file from a fellow who seemed on the up and up about some motion
detection
| s/w that I was interested in. I suspect either he deliberately attached
the viruses
| or was innocently involved. Anyway, here is my current question.
|
| The Symantec removal instructions for removal of Backdoor.berbew.g mention
deleting
| "QueenKarton"="C". I could not find this at the location they mentioned. I
did find
| it elsewhere with regedit's Find. Unfortunately, regedit gives me no clue
as to what
| key it found it in, so I just renamed QueenKarton to QueenyKarton. Should
I delete
| the entry anyway, and how do I know what key it corresponds to?
|
| --
| Wayne T. Watson (The Wizard of Obz, Nevada City, CA)
| (121.015 Deg. W, 39.262 Deg. N, 2,701 feet)
| -- GMT-8 hr std. time, RJ Rcvr 39° 8' 0" N, 121° 1' 0" W
| (Formerly Homo habilis, erectus, heidelbergensis and now
sapiens)
|
| "One advantage of being disorderly is that
| one is constantly making exciting discoveries"
| -A.A. Milne
| Web Page: <home.earthlink.net/~mtnviews>
|

 

[W. Watson]

With regedit.exe running you can F3, then in the 'Find what:" box enter in
some string then click the 'Find Next' button. If and when there is a match
in the case of data the value name will be highlighted in the right pane
with the key icon in the left pane graphically open. In the case a key, the
key name will be highlighted. Always backup the registry before editing.

Repair, Recovery, and Restore
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/fndc/fndc_rec_uctu.asp

Unfortunately, the graphical display in the left pane does not position on the key or
highlight it. Is there something specific to the registry at the URL you give above?

--
Wayne T. Watson (The Wizard of Obz, Nevada City, CA)
(121.015 Deg. W, 39.262 Deg. N, 2,701 feet)
-- GMT-8 hr std. time, RJ Rcvr 39° 8' 0" N, 121° 1' 0" W
(Formerly Homo habilis, erectus, heidelbergensis and now sapiens)

"Shoot first (amygdala) and ask questions (neocortex) later."
- Hoot Gibson, 30s Western Star, () -- modern brain science
amygdala--ancient part, neocortex--modern
Web Page: <home.earthlink.net/~mtnviews>

 

[Dave Patrick]

Correct the key icon in the left pane will just graphically appear open.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


:
| Unfortunately, the graphical display in the left pane does not position on
the key or
| highlight it. Is there something specific to the registry at the URL you
give above?
|
| --
| Wayne T. Watson (The Wizard of Obz, Nevada City, CA)
| (121.015 Deg. W, 39.262 Deg. N, 2,701 feet)
| -- GMT-8 hr std. time, RJ Rcvr 39° 8' 0" N, 121° 1' 0" W
| (Formerly Homo habilis, erectus, heidelbergensis and now
sapiens)
|
| "Shoot first (amygdala) and ask questions (neocortex)
later."
| - Hoot Gibson, 30s Western Star, () -- modern brain science
| amygdala--ancient part, neocortex--modern
| Web Page: <home.earthlink.net/~mtnviews>