Command Prompt (cmd) and Regedit.exe restarts or crashes Explorer.exe Automatically and Google.com randomly redirects to other websites.
1. Rename your regedit.exe located in c:\windows to a file like pctech.exe then double click and open your registry.
2. Browse to the following location. HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
3. Copy the path of the key like in this example the viral file is called: dfxu.igg
4. Click start then go to run and paste the path and click ok.
5. You should see the file listed there. If not you may have to turn on hidden files.
6. With this information we then used a tool called Avenger.exe or Hijackthis to delete the file on reboot.
Hijackthis screen shot:
Open hijackthis run system scan then click config (bottom right)
Choose the tab misc Tools on top.
Choose delete a file on reboot
Click open
Choose the tab misc Tools on top.
Choose delete a file on reboot
Click open
It will tell you that this file will be deleted on next reboot. Click Yes or ok and your system will reboot.
This took care of it, now command prompt and regedit edit open fine.
When I did this, the file under aux2 lists the following path: “C:\windows\system32\…\ujysdjy.ped” I can’t expand the path to figure out where that is, and when I run a search for the files, the only one it finds is right in the c:\windows folder. Any idea what’s going on here?
the /../ tells it to go back one folder, I had the same problem, so look in your C:\WINDOWS folder for the infected file
Copy the path C:\windows\system32\…\ and then open up your run command. In XP click the start button and then goto Run. Paste that path in and click ok. Then the files showed up for me to delete with a tool like avenger or hijackthis. It’s almost acting like a rootkit hiding it self from the operating system.
Phenominal! Worked exactly the way you described! THANK YOU!
That worked as described. Both regedit and cmd are functional again, and the pc has stopped freezing up. However something seems to blocking my internet connection now (was not a symptom before) as I’m getting the “Limited or No Connectivity” message.
That error about limited connectivity usually indicates there’s a problem with winsock.
If you have Windows XP with SP2 Installed use this command at the start run command: netsh winsock reset
Then reboot/restart your computer.
If that doesn’t work you can also try this microsoft article: http://support.microsoft.com/default.aspx?scid=kb;en-us;811259
Sometimes there are additional rootkits that will block your access too. Let me know if that works.