| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56715 | 2005-04-13 09:19:00 | No explorer! | Cryhavoc (6776) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 344441 | 2005-04-15 05:38:00 | Manual method from Symantec... o 1. Click Start, and then click Run. 2. Type command, and then press Enter. (A DOS window opens.) 3. Type the following: cd\ cd \windows Press Enter after typing each one. 4. Proceed to step a of this section. 1. Type copy regedit.exe regedit.com and then press Enter. 2. Type start regedit.com and then press Enter. (The Registry Editor opens in front of the DOS window.) After you finish editing the registry, exit the Registry Editor, and then exit the DOS window as well. 3. Before continuing, Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. For instructions, read the document, "How to make a backup of the Windows registry." 4. Navigate to and select the key: HKEY_CLASSES_ROOT\exefile\shell\open\command Note: The HKEY_CLASSES_ROOT key contains many subkey entries that refer to other file extensions. One of these file extensions is .exe. Changing this extension can prevent any files ending with a .exe extension from running. Make sure that you completely browse through this path until you reach the \command subkey. Modify the HKEY_CLASSES_ROOT\exefile\shell\open\command subkey, shown in the following figure: <<=== NOTE: Modify this key. 5. In the right pane, double-click the (Default) value. 6. Delete the current value data, and then type: "%1" %* That is, type the characters: quote-percent-one-quote-space-percent-asterisk. Notes: * Under Windows 95/98/Me/NT, the Registry Editor automatically encloses the value within quotation marks. When you click OK, the (Default) value should look exactly like this: " "%1" %*" * Under Windows 2000/XP, the additional quotation marks will not appear. When you click OK, the (Default) value should look exactly like this: "%1" %* * Make sure that you completely delete all the value data in the command key before typing the correct data. If you leave a space at the beginning of the entry, any attempt to run the program files will result in the error message, "Windows cannot find .exe." If this occurs, restart the entire process from the beginning of this section and make sure that you completely remove the current value data. 7. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run 8. In the right pane, delete the value: "GLSetilT32" = "%System%\msiexec16.exe" 9. Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ RunServices 10. In the right pane, delete the value: "GLSetilT32" = "%System%\msiexec16.exe" 11. Exit the Registry Editor. |
pheonix (36) | ||
| 344442 | 2005-04-15 05:45:00 | I think u have the optix pro trojan. Thats what that Mpldfg.exe is part of according to Google. And other sites. And there's quite a few variants of this trojan, depending on which one u have. It'll be better if u can boot into safe mode, and remove registry entries manually to kill this thing. Have u tried doing an online scan?? |
Speedy Gonzales (78) | ||
| 344443 | 2005-04-15 06:03:00 | [Edit: post removed] Meh! I should have refreshed before posting. :rolleyes: |
FoxyMX (5) | ||
| 344444 | 2005-04-20 08:46:00 | Thanks pheonix, that got rid of mpldfg! You rock! However, my lack of explorer is still there. Even when I try and run it, it doesn't run... Here's a screenshot of the processes that are running, hope it helps. img.photobucket.com |
Cryhavoc (6776) | ||
| 344445 | 2005-04-20 12:12:00 | the 12th one down looks like a worry | Prescott (11) | ||
| 1 2 | |||||