G
Guest
hi! quite a few of our PCs has been infected by trojan and changes has been
made to the registry. Instead of going in to the registry manually, can
anyone assist on automating this process by using a script file? The list
below is the regedit changes that i required. Thanks.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"FS6519" =
"%Windir%\FS6519.dll.vbs"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window Title" =
"TAGA LIPA ARE!"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"EXPLORER" =
"C:\Program Files\Common Files\System\wab32res.exe..."
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoFolderOptions" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\"Start" =
"4"
made to the registry. Instead of going in to the registry manually, can
anyone assist on automating this process by using a script file? The list
below is the regedit changes that i required. Thanks.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"FS6519" =
"%Windir%\FS6519.dll.vbs"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window Title" =
"TAGA LIPA ARE!"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"EXPLORER" =
"C:\Program Files\Common Files\System\wab32res.exe..."
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoFolderOptions" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\"Start" =
"4"