[dba-Tech] How do I unlock the Registry (was RunDLL32)

MartyConnelly martyconnelly at shaw.ca
Mon Jan 5 22:22:57 CST 2004 

Maybe this is your problem. It might be another worm and not Swen..
double clicking on undo.reg from Mcaffee for this worm will start 
regedit or maybe even a dummy text file created in notepad with a .reg 
extension will start your regedit.

W32/Swen at MM modifies various registry keys and disables the execution of 
REGEDIT.EXE on the victim's machine. Additionally, the worm terminates 
various processes on the victim's machine. You may have removed the worm 
but not all the side affects.

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen&cid=9060

 the undo.reg file from mcafee may help if this virus was there.
Ensure that your virus definition DAT files are current. Detection is 
included in the Daily DAT files (beta). W32/Swen at MM disables the 
execution of REGEDIT.EXE. The UNDO.REG tool will reverse the changes 
made by the virus and allow the user to execute REGEDIT.EXE as normal. 
double clicking on undo.reg will start regedit. or maybe even a dummy 
file created in notepad with a .reg extension.


There are also a number of driveby or hijack trojans from activex 
downloads that turnoff regedit and/or msconfig in addition to grabbing
and modifying IE. Some of these are not tracked by Virus manufacturers. 
The site below lists a lot of them and clearance methods.
generally they are contained in the 'Downloaded Program Files' folder in 
the Windows folder. See if anything odd there and delete
and note the name completely or move file to another directory to 
quarantine.

I just helped someone clear up the ILookup downloaded ActiveX version.
see
http://doxdesk.com/parasite/

Kathryn Bassett wrote:

>OK gang, now that I've narrowed this down to it being a problem of the Registry being locked up, how do I unlock it? You all have given several nifty tools, but none will work until I get the Registry unlocked.
>
>Win2000
>I'm the admin, no users, no passwords have ever been applied
>
>I remember seeing on "some" list just within the last few days, a url for a website where you pay $30 or $40 for help and they give you your money back if they don't solve the problem. But I can't remember what list to do any archive searching. Could have been any of half dozen I'm subbed to. So, if you have no clue on unlocking the Registry, maybe you have that URL?
>
>--
>Kathryn Rhinehart Bassett (Pasadena CA)
>"Genealogy is my bag" "GH is my soap"
>kathryn at bassett.net
>http://bassett.net  
>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the dba-Tech mailing list