| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 72669 | 2006-09-21 13:14:00 | syschost *** is it | powertron (9655) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 486475 | 2006-09-24 15:42:00 | Going by Autechre's advice, I've just looked in the Registry for: HKEY_LOCAL_MACHINE entry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Modulo 00FE0F01 Host Internet <Windows>\syschost.exe But the Key seems to not exist. I'm all out of ideas, I'll leave it in your capable hands:thumbs: |
powertron (9655) | ||
| 486476 | 2006-09-26 11:57:00 | Helllllo anyone there? :) |
powertron (9655) | ||
| 486477 | 2006-09-27 01:03:00 | Make sure you remove c:\WINDOWS\system32\syschost.exe and c:\WINDOWS\sysver.exe. you need to clean your registry these 3 entries. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System "DisableTaskMgr" Type: REG_DWORD Data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" Type: REG_SZ Data: Explorer.exe syschost.exe s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{402518Q5F0-YAC2OL-O4KGD-S16T4-MOIS89D1O702} "StubPath" Type: REG_SZ Data: sysver.exe The first entry As you can see depending on whether or not the virus disabled Task Manger or not on your pc. The second entry adds syschost.exe s and Explorer.exe The third entry adds {402518Q5F0-YAC2OL-O4KGD-S16T4-MOIS89D1O702} Which runs sysver.exe Also delete your temp folder it drops two files there. |
Pancake (6359) | ||
| 486478 | 2006-09-27 15:32:00 | Issue resolved, no further assistance needed, thank you Pancake for all your help....Powertron. | powertron (9655) | ||
| 1 2 | |||||