New Topic/Question
This topic is locked
However, you can ignore explorer, and use your computer without explorer.. just load the program you want from the task manager 
If you start from SafeMode, you can close the three programs that restart your machine using taskman, and load explorer safely. But in Normal mode, there's another program that does this job if you close the other three programs. So, I used the safe mode to run the explorer, and try to install Kaspersky and AVG Antivirus, but failed to do so because Windows Installer cannot start in safemode :S and since I cannot run explorer in Normal mode, I thought it is impossible to install any antiviral software to remove this worm. I decided to hunt for it my self. I started from MsConfig, disabled the unwanted applications such as lsass.exe, smss.exe and winlogon.exe. The files that I disabled should be run as part of windows startup components, and not as a part of the user components. In addition to that their path was not in system32 where they normally should be, it was in my user profile folder. I found another file that is called Empty.pif, an MS-DOS shortcut which I failed to know where it points to. I simply deleted all these files from my hard drive, but when I restarted my machine, they were recreated!!! Here I knew there are still some other files that create these files and add them to startup. I must find these files! Anyway, I was able to find all files, and delete them, and now the machine starts up normally. But my problem now is that this worm has its files hidden, and for you to find these files you have to go through programs that run through taskmgr. Why? because the worm makes the OS not to show hidden files and folders. You will tell me, ok.. enable them from folder options.. , uh uh.. the worm disables folder options from control panel, and windows explorer view menu. Ok.. enable it from the registry.. again.. the worm disables regedit. so I cannot enable folder options.I tried to search for solutions for this virus, but all what I found is pages that tell me that the virus does the following:
- It disables regedit by adding the following key to the registry. blablabla
and then in the solution it says: To enable registry editing open regedit.exe, and remove the key that the worm added.. what the f**k!!! How would I delete it if I cannot open regedit!!! and the worse thing is that they continue telling the solution based on regedit.exe you will have to do all the fixing through regedit!!
Now that my Windows loads peacefully, i cannot make it show hidden files or folders, however, I can access them if I know their names. And the regedit is disabled.
Today, I installed Kaspersky, updated its database, and scanned my computer. It found 7334 instances of Win32.Rontokbro.A hidden in my folders. OMG, if I run any of these files by mistake, the movie will start form the beginning.
Can anyone tell me how to enable regedit, ie remove the key that the worm added??
MultiQuote
| 