• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

[Tutorial] Protection-Disabling Viruses

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Thu Sep 22, 2005 6:13 am    Post subject: [Tutorial] Protection-Disabling Viruses Reply with quote

I’ve been dealing with a breed of virus lately which likes to disable the installed antivirus software and blocking the PC from accessing every antivirus Web site on the Internet. Further research shows that some of these viruses will also block certain tools including Msconfig (Windows System Configuration Utility) and regedit (Registry Editor).

I have heard of many people performing an outright format and reinstall of Windows to rid themselves of these nasty but clever viruses. Yet the fix is really simple, and you need not delete anything other than one single file on your hard drive.

These viruses will block your antivirus Web sites by altering your HOSTS file. This is a simple text file with no extension that programs on your system use to assign a specific IP address to a Web page. You can find this file in the following locations:

Windows 98/ME – C:/Windows
Windows 2000 – C:/WINNT/system32/drivers/etc
Windows XP – C:/Windows/system32/drivers/etc

To correct the problem, simply delete the HOSTS file; Windows recreates it automatically with zero entries. Now you can log on to an online virus scanner and check your hard drive and remove the virus.

To unblock your defense tools such as Msconfig and regedit, change the extension of these files from .exe to .com.

1. Click on the Start button.
2. Click on Run.
3. Type Command and press the Enter key.
4. Type ren c:/windows/regedit.exe regedit.com and press the Enter key.

Now you will be able to run your Registry Editor. Do the same steps above for changing msconfig.exe to msconfig.com. Windows 2000 does not have this file, but 98/ME and XP does. See below for the location.

Windows 98/ME – C:/windows/system
Windows XP – C:/windows/pchealth/helpctr/binaries

Hopefully this information will save many of you from having to format your hard drives and losing your valuable data.
Back to top
View user's profile Send private message Visit poster's website
slavezer0
Just Arrived
Just Arrived


Joined: 25 Aug 2005
Posts: 0
Location: philippines

Offline

PostPosted: Thu Sep 22, 2005 7:41 am    Post subject: Reply with quote

thanks, sir tom.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Fri Sep 23, 2005 2:51 am    Post subject: Reply with quote

Just 'sharing the knowledge' Smile
Back to top
View user's profile Send private message Visit poster's website
Stu Wiley
Just Arrived
Just Arrived


Joined: 30 Jun 2004
Posts: 0
Location: Wakefield,Ma.

Offline

PostPosted: Thu Oct 06, 2005 2:05 pm    Post subject: Reply with quote

I believe I have this particular problem. I've followed your instruction but keep getting a syntax error message.I've retyped the commands numerous times but continue to get the error message.I'm running adaware,spybot and registry mechanic and all three seem to stop dead about halfway through.I'm using XP as well.Any more tricks up your sleeve? I was able to remove the hosts file BTW...
Thanks,
Stu Wiley
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Thu Oct 06, 2005 2:13 pm    Post subject: Reply with quote

stu, what's your OS? does the error message give any hints?
do you have a c:\windws directory? if not , try c:\winnt instead (basically on win 2000 or on XP which has been installed as an upgrade from NT or 2K)

actually, scratch that. You probably just need to switch the / for \

ren c:\windows\regedit.exe regedit.com
Back to top
View user's profile Send private message Visit poster's website
Stu Wiley
Just Arrived
Just Arrived


Joined: 30 Jun 2004
Posts: 0
Location: Wakefield,Ma.

Offline

PostPosted: Thu Oct 06, 2005 2:40 pm    Post subject: Reply with quote

hi AdamV
My OS is windows XP and I'm not sure of the exact wording on the error message. Unfortunatly I'm at work right now and my problem is at home so I can't try anything just yet.I believe I tried changing the / to \ but i'm not sure.I got tired of messing around and decided to consult with the forum first.
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Thu Oct 06, 2005 2:44 pm    Post subject: Reply with quote

If that is the answer, I guess Tom can alter the original post and delete this stuff. Alternatively (and if your problem persists) this should be moved to a thread of it's own so we can fix it outside of a tutorial thread...
Back to top
View user's profile Send private message Visit poster's website
Stu Wiley
Just Arrived
Just Arrived


Joined: 30 Jun 2004
Posts: 0
Location: Wakefield,Ma.

Offline

PostPosted: Thu Oct 06, 2005 3:24 pm    Post subject: Reply with quote

OK Thanks...
Back to top
View user's profile Send private message
Stu Wiley
Just Arrived
Just Arrived


Joined: 30 Jun 2004
Posts: 0
Location: Wakefield,Ma.

Offline

PostPosted: Thu Oct 06, 2005 11:49 pm    Post subject: Reply with quote

I was able to get to rename regedit.exe,but not msconfig.The problem still persists.Everytime I try any kind of cleaner it stops mid scan. eccept CCcleaner that is runs to completion.
Back to top
View user's profile Send private message
Ltangelic
Just Arrived
Just Arrived


Joined: 28 Dec 2007
Posts: 0


Offline

PostPosted: Fri Dec 28, 2007 10:10 am    Post subject: Reply with quote

I typed in ren c:/windows/regedit.exe regedit.com but it says the syntax of the command is incorrect. Why is that so?
Back to top
View user's profile Send private message
bockee
Just Arrived
Just Arrived


Joined: 09 Mar 2010
Posts: 0


Offline

PostPosted: Wed Mar 10, 2010 9:42 am    Post subject: Reply with quote

if u want a shortcut just go to Start>>Run>> type regedit and hit Enter Smile

the procedure that i follow is simple..

first check your taskmanager and disable all the process which are not windows and then go to Msconfig ( type Msconfig in RUn) then Go to Startup untick the Applications other than your Display driver and sound driver if there are any.. if ur usin a laptop then don untick your laptop other drivers.. then save it and close it. Restart the comp and you may notice in the Process manager that the virus is not loaded (Depends on the Level of infection) Next u may go to regedit and in the find button u may search the particular virus name which u noticed in the startup o process that was running. U can use som registry editor software to delete that particular files .. Well ur almost done removin the virus .

If it stil comes then

Take a linux Cd which is available freely.. Just boot it from cd and get into all ur drives the search for the virus.. if u cant.. jus backup all the Cd drive data from it wen un linux and reinstall Xp Smile

Have fun guys.. Smile
Back to top
View user's profile Send private message
computersecurity
Just Arrived
Just Arrived


Joined: 13 Apr 2010
Posts: 0


Offline

PostPosted: Tue Apr 13, 2010 8:07 am    Post subject: Reply with quote

you are correct.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register