I am not in the business of virus removal, but this one is just a total time waster. Not sure why the ‘major’ names of Anti Spyware dont get rid of this better, but even when you do pull it out, it has a field day with the registry and defeats all kinds of options, like Regedit, TaskMan, Directory , Clock, ect… So here is a real quick run through of getting control of your PC back.
Preperations: You will need to download Malwarebytes Anti-Malware Note that this example uses command line enviroment approach to clean the system at times. Many things are missing visualy, but system wise you are able to manipulate or execute commands just fine.
Step1: Access the Malwarebytes setup from the infected computer using a USB Drive, CD, network if you can or by what ever means possible for you.
- You can do this by using a key combination: The Window Key and R
- We are going to assume that a CD is installed as the D drive. Start install by entering D:\mbam-setup.exe and clicking ok.
Step 2: Install the application
- Press the Next button.
- Check the agree Radio Button then press the Next button.
- Press the Next button.
- Check the filename and then press the Next button.
- Check the name and then press the Next button.
- Press the Next button.
- Press the Next button.
- The application installs.
- Make sure the update and launch check box is checked then press the Finish button.
- Click the OK button.
Step 3: Do a full scan and reboot.
- Perform a Full scan and click the Scan button. Sit back this takes a long while, when complete have the application remove all.
Step 4: Get the Reg back: Press the ‘Window’ Key (flag key next to ‘Alt’ key) and ‘R’ key, same time to show the Run Window, enter cmd and click OK button, black box should appear.
- You can do this by using a key combination: The Window Key and R
- Enter CMD and click the OK button.
- Type cd \ at the prompt, press Enter. Next type, edit regback.vbs at the prompt, press Enter.
Enter into the editor the following code:
- Enter the source code for the script into the editor.
- Code Snip -
Option Explicit
Dim TheShell,regvalue
Set TheShell=WScript.CreateObject("WScript.Shell")
TheShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",0,"REG_DWORD"
MsgBox "Registry Tools back on!",4096,"confirmation"
- To Save press and hold the Alt key then press the F key. Release keys, and press the X key.
- Press the Y key to Save.
- Enter regback.vbs at the prompt, then press Enter.
- This is a good sign that you have the Registry back under control. Click the OK button.
Step 5: Use RegEdit to set things back to normal
- Type regedit at the prompt.
Drill down to: HKEY_CURRENT_USER -> SOFTWARE -> MICROSOFT ->WINDOWS -> CURRENT VERSION -> POLICIES ->EXPLORER Except for the default, remove all other entries
- Search and find these values; DisableRegistryTools DisableTaskMgr Delete the entries (You may find these together)
- Last but not least, clean up the tray
Setp 6: Get the Start Menu back. Now if things are missing from the start menu, you need to check this registry branch,
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Explorer -> Advance This area is a little diffrent for everybody, but here are some of the most common, set to 1 if you want/need them.Start_ShowControlPanel
Start_ShowMyComputer
Start_ShowMyDocs
Start_ShowNetPlaces
Start_ShowRun
Step 7: Get the Desktop Under Control.
- Type desk.cpl at the prompt and press Enter.
- Remove the web layout entry from the desktop, click the Custom button.
- Select the Web Tab, Select the Privacy entry and click the Delete Button. Click the OK button to complete.
- Select the Desktop Tab and pick your wallpaper, and finish with a click on OK button.
Step 8: Reboot, its over! I hope this sheds some light on how you can get back some functionality, even when everything seems to be turned off, hidden or access is denied.
Entries (RSS)
February 23rd, 2009 at 8:13 pm
Thank you!
July 12th, 2009 at 6:55 pm
Rather interesting. Has few times re-read for this purpose to remember. Thanks for interesting article. Waiting for trackback
June 25th, 2010 at 4:23 pm
PillSpot.org. Canadian Health&Care.Special Internet Prices.No prescription online pharmacy.PillSpot.org. Herbal-supplements@buy.online” rel=”nofollow”>.…
Categories: Antidepressants.Skin Care.Stop SmokingAntidiabetic.Stomach.Vitamins/Herbal Supplements.Weight Loss.Anxiety/Sleep Aid.Eye Care.Anti-allergic/Asthma.Blood Pressure/Heart.Pain Relief.Antibiotics.Mens Health.Womens Health.Mental HealthAnti…
July 3rd, 2010 at 11:16 pm
Buy:Tramadol.Maxaman.Propecia.Cialis Soft Tabs.Viagra Super Force.Cialis Super Active+.Viagra.Cialis.Viagra Super Active+.Viagra Soft Tabs.Viagra Professional.Zithromax.Soma.VPXL.Super Active ED Pack.Levitra.Cialis Professional….
July 21st, 2010 at 10:47 am
Buy:Viagra Soft Tabs.Tramadol.Maxaman.Viagra Super Force.VPXL.Viagra Professional.Soma.Cialis Soft Tabs.Viagra.Zithromax.Cialis Professional.Cialis Super Active+.Propecia.Viagra Super Active+.Super Active ED Pack.Levitra.Cialis….
August 30th, 2010 at 1:29 am
av http://tacresgmvtdjj.ACEHARDWAREE.INFO/tag/av+classic+slingbox/ : av…
av…
September 5th, 2010 at 6:49 am
Buy:Mega Hoodia.Human Growth Hormone.Nexium.Prednisolone.Valtrex.Petcam (Metacam) Oral Suspension.Retin-A.100% Pure Okinawan Coral Calcium.Actos.Zovirax.Accutane.Synthroid.Arimidex.Zyban.Prevacid.Lumigan….
September 6th, 2010 at 3:10 am
Buy:Arimidex.Retin-A.Accutane.Zovirax.Nexium.Zyban.100% Pure Okinawan Coral Calcium.Prednisolone.Valtrex.Actos.Petcam (Metacam) Oral Suspension.Prevacid.Mega Hoodia.Synthroid.Human Growth Hormone.Lumigan….
September 6th, 2010 at 10:00 pm
Buy:Cialis.Levitra.Cialis Professional.Viagra.Viagra Professional.Cialis Soft Tabs.Maxaman.Propecia.Viagra Super Active+.Cialis Super Active+.Soma.Zithromax.VPXL.Super Active ED Pack.Viagra Soft Tabs.Tramadol.Viagra Super Force….