• Welcome to Valhalla Legends Archive.
 

major ugh

Started by Noodlez, January 27, 2003, 09:57 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

Noodlez

January 27, 2003, 09:57 PM
i decided to do a trojan scan today because my computer was running sluggish, and i found one. to sum it up, i deleted it and removed every file that has anything to do with it.

the problem?

now, *every* program gives me "<name> is not a valid win32 application" for some reason the programs that are built into windows (IE, for example) are running.

*PLEASE* help :(

edit-
i cant even access regedit

Noodlez

#1
January 27, 2003, 10:10 PM Last Edit: December 31, 1969, 06:00 PM by 1048312800
ok, so i found out all exe's launch unwise.exe. i put notepad there and notepad will launch.

i need to find a way to make exe's launch them self...or make a program to launch whatever its told

but, seeing as i cant open vb right now thats kind of hard :(

l)ragon

#2
January 28, 2003, 12:24 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
what os 8\
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

n00blar

#3
January 28, 2003, 02:01 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Quotehttp://www.lib.utk.edu:90/files/polsci/311/plaas

Are you referring to the Shell() function in visual basic?

Grok

#4
January 28, 2003, 03:42 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
I dont know what operating system you have, but if you have Windows 2000, save this as a .reg file and run it.


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]
"Extended"=""

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\View Dependencies]

[HKEY_CLASSES_ROOT\exefile\shell\View Dependencies\command]
@="C:\\VSTUDIO\\Common\\Tools\\DEPENDS.EXE /dde"

[HKEY_CLASSES_ROOT\exefile\shell\View Dependencies\ddeexec]
@="[open(\"%1\")]"

[HKEY_CLASSES_ROOT\exefile\shell\View Dependencies\ddeexec\Application]
@="DEPENDS"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]
@=""

Grok

#5
January 28, 2003, 03:44 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Oh, you can remove the lines that reference "View Dependencies" unless you have Visual Studio.  Even then you'll need to correct the path.

Someone has hijacked Exefile in your HKCR.  It's a pretty common way to install a trojan.  Guarantees that their program gets run every time you run an exe.

Noodlez

#6
January 28, 2003, 04:44 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
/me gives grok a huge hug

it worked! thanks so much

iago

#7
January 28, 2003, 06:03 AM Last Edit: December 31, 1969, 06:00 PM by 1048312800
Damn, you got here faster :-P

The same thing happened to me a long time ago, and it fixed it the same way.  Windows really ought to provide a built-in way to fix .exe's :(
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Print
|
Go Up Pages1
User actions