[Tutorial] Protection-Disabling Viruses

Networking/Security Forums -> Viruses // Worms

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Thu Sep 22, 2005 6:13 am    Post subject: [Tutorial] Protection-Disabling Viruses
    ----
I’ve been dealing with a breed of virus lately which likes to disable the installed antivirus software and blocking the PC from accessing every antivirus Web site on the Internet. Further research shows that some of these viruses will also block certain tools including Msconfig (Windows System Configuration Utility) and regedit (Registry Editor).

I have heard of many people performing an outright format and reinstall of Windows to rid themselves of these nasty but clever viruses. Yet the fix is really simple, and you need not delete anything other than one single file on your hard drive.

These viruses will block your antivirus Web sites by altering your HOSTS file. This is a simple text file with no extension that programs on your system use to assign a specific IP address to a Web page. You can find this file in the following locations:

Windows 98/ME – C:/Windows
Windows 2000 – C:/WINNT/system32/drivers/etc
Windows XP – C:/Windows/system32/drivers/etc

To correct the problem, simply delete the HOSTS file; Windows recreates it automatically with zero entries. Now you can log on to an online virus scanner and check your hard drive and remove the virus.

To unblock your defense tools such as Msconfig and regedit, change the extension of these files from .exe to .com.

1. Click on the Start button.
2. Click on Run.
3. Type Command and press the Enter key.
4. Type ren c:/windows/regedit.exe regedit.com and press the Enter key.

Now you will be able to run your Registry Editor. Do the same steps above for changing msconfig.exe to msconfig.com. Windows 2000 does not have this file, but 98/ME and XP does. See below for the location.

Windows 98/ME – C:/windows/system
Windows XP – C:/windows/pchealth/helpctr/binaries

Hopefully this information will save many of you from having to format your hard drives and losing your valuable data.

Author: slavezer0Location: philippines PostPosted: Thu Sep 22, 2005 7:41 am    Post subject:
    ----
thanks, sir tom.

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Fri Sep 23, 2005 2:51 am    Post subject:
    ----
Just 'sharing the knowledge' Smile

Author: Stu WileyLocation: Wakefield,Ma. PostPosted: Thu Oct 06, 2005 2:05 pm    Post subject:
    ----
I believe I have this particular problem. I've followed your instruction but keep getting a syntax error message.I've retyped the commands numerous times but continue to get the error message.I'm running adaware,spybot and registry mechanic and all three seem to stop dead about halfway through.I'm using XP as well.Any more tricks up your sleeve? I was able to remove the hosts file BTW...
Thanks,
Stu Wiley

Author: AdamVLocation: Leeds, UK PostPosted: Thu Oct 06, 2005 2:13 pm    Post subject:
    ----
stu, what's your OS? does the error message give any hints?
do you have a c:\windws directory? if not , try c:\winnt instead (basically on win 2000 or on XP which has been installed as an upgrade from NT or 2K)

actually, scratch that. You probably just need to switch the / for \

ren c:\windows\regedit.exe regedit.com

Author: Stu WileyLocation: Wakefield,Ma. PostPosted: Thu Oct 06, 2005 2:40 pm    Post subject:
    ----
hi AdamV
My OS is windows XP and I'm not sure of the exact wording on the error message. Unfortunatly I'm at work right now and my problem is at home so I can't try anything just yet.I believe I tried changing the / to \ but i'm not sure.I got tired of messing around and decided to consult with the forum first.

Author: AdamVLocation: Leeds, UK PostPosted: Thu Oct 06, 2005 2:44 pm    Post subject:
    ----
If that is the answer, I guess Tom can alter the original post and delete this stuff. Alternatively (and if your problem persists) this should be moved to a thread of it's own so we can fix it outside of a tutorial thread...

Author: Stu WileyLocation: Wakefield,Ma. PostPosted: Thu Oct 06, 2005 3:24 pm    Post subject:
    ----
OK Thanks...

Author: Stu WileyLocation: Wakefield,Ma. PostPosted: Thu Oct 06, 2005 11:49 pm    Post subject:
    ----
I was able to get to rename regedit.exe,but not msconfig.The problem still persists.Everytime I try any kind of cleaner it stops mid scan. eccept CCcleaner that is runs to completion.

Author: Ltangelic PostPosted: Fri Dec 28, 2007 10:10 am    Post subject:
    ----
I typed in ren c:/windows/regedit.exe regedit.com but it says the syntax of the command is incorrect. Why is that so?

Author: bockee PostPosted: Wed Mar 10, 2010 9:42 am    Post subject:
    ----
if u want a shortcut just go to Start>>Run>> type regedit and hit Enter Smile

the procedure that i follow is simple..

first check your taskmanager and disable all the process which are not windows and then go to Msconfig ( type Msconfig in RUn) then Go to Startup untick the Applications other than your Display driver and sound driver if there are any.. if ur usin a laptop then don untick your laptop other drivers.. then save it and close it. Restart the comp and you may notice in the Process manager that the virus is not loaded (Depends on the Level of infection) Next u may go to regedit and in the find button u may search the particular virus name which u noticed in the startup o process that was running. U can use som registry editor software to delete that particular files .. Well ur almost done removin the virus .

If it stil comes then

Take a linux Cd which is available freely.. Just boot it from cd and get into all ur drives the search for the virus.. if u cant.. jus backup all the Cd drive data from it wen un linux and reinstall Xp Smile

Have fun guys.. Smile

Author: computersecurity PostPosted: Tue Apr 13, 2010 8:07 am    Post subject:
    ----
you are correct.



Networking/Security Forums -> Viruses // Worms


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group