|
|
|
|
|
|
|
|
|
|
|
 |
|
|
 |
 |
 Cmd Prompt and Regedit restarts Explorer.exe automatically |
|
|
PCTech
Posted: 4/2/2009 2:30:12 PM |
Command Prompt (cmd) and Regedit.exe restarts or crashes Explorer.exe Automatically and Google.com randomly redirects to other websites.
1. Rename your regedit.exe located in c:\windows to a file like pctech.exe then double click and open your registry.
2. Browse to the following location. HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
 3. Copy the path of the key like in this example the viral file is called: dfxu.igg
4. Click start then go to run and paste the path and click ok.
5. You should see the file listed there. If not you may have to turn on hidden files.
6. With this information we then used a tool called Avenger.exe or Hijackthis to delete the file on reboot.
Hijackthis screen shot:
Open hijackthis run system scan then click config (bottom right)
Choose the tab misc Tools on top. Choose delete a file on reboot Click open  It will tell you that this file will be deleted on next reboot. Click Yes or ok and your system will reboot.
This took care of it, now command prompt and regedit edit open fine.
|
| Post Id: 31 | |
 RE: Cmd Prompt and Regedit restarts Explorer.exe automatically |
|
|
kevin
Posted: 4/13/2009 6:43:05 AM |
When I did this, the file under aux2 lists the following path:
"C:\windows\system32\...\ujysdjy.ped"
I can't expand the path to figure out where that is, and when I run a search for the files, the only one it finds is right in the c:\windows folder. Any idea what's going on here?
|
| Post Id: 32 | |
|
RE: Cmd Prompt and Regedit restarts Explorer.exe automatically |
|
|
Jeff Pyryt
Posted: 4/21/2009 6:53:44 PM |
the /../ tells it to go back one folder, I had the same problem, so look in your C:\WINDOWS folder for the infected file
|
| Post Id: 33 | |
|
RE: Cmd Prompt and Regedit restarts Explorer.exe automatically |
|
|
PCTech
Posted: 4/22/2009 3:49:28 PM |
Copy the path C:\windows\system32\...\ and then open up your run command. In XP click the start button and then goto Run. Paste that path in and click ok. Then the files showed up for me to delete with a tool like avenger or hijackthis. It's almost acting like a rootkit hiding it self from the operating system.
|
| Post Id: 34 | |
|
RE: Cmd Prompt and Regedit restarts Explorer.exe automatically |
|
|
neveruseq
Posted: 4/23/2009 11:26:25 AM |
Phenominal! Worked exactly the way you described! THANK YOU!
|
| Post Id: 35 | |
|
RE: Cmd Prompt and Regedit restarts Explorer.exe automatically |
|
|
Cacti10c
Posted: 4/23/2009 5:19:34 PM |
That worked as described. Both regedit and cmd are functional again, and the pc has stopped freezing up. However something seems to blocking my internet connection now (was not a symptom before) as I'm getting the "Limited or No Connectivity" message.
|
| Post Id: 36 | |
|
RE: Cmd Prompt and Regedit restarts Explorer.exe automatically |
|
|
PCTech
Posted: 4/25/2009 6:13:33 PM |
That error about limited connectivity usually indicates there's a problem with winsock.
If you have Windows XP with SP2 Installed use this command at the start run command: netsh winsock reset
Then reboot/restart your computer.
If that doesn't work you can also try this microsoft article: http://support.microsoft.com/default.aspx?scid=kb;en-us;811259
Sometimes there are additional rootkits that will block your access too. Let me know if that works.
|
| Post Id: 37 | |
|
|
|
|
|