Results 1 to 10 of 20

Thread: Trojan attaches to regedit.> many post about the regedit at Kaspersky

Hybrid View

  1. #1
    morey Guest

    Default Trojan attaches to regedit.> many post about the regedit at Kaspersky

    When I did my daily scan for virusses an hour ago, I received the following notice at the end:
    Then, Zone Alarm stopped during the repair process and Trojan.Win32.Pakes.x3 was NOT in my Quarantine pane.
    Is this another false positive?
    I am going to run the virus scan again and will forward the regedit.exe file to newvirus at kapersky.com.
    Thanks for any help you lads can offer.

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    morey Guest

    Default Re: Trojan attaches to regedit.

    It did not pick up in the second scan since Kaspersky fixed the database while I was doing it.
    That is FAST work.
    Here is their reply:


    Hello.




    We are sorry for this false alarm.

    It already fixed, please update your bases.

    --

    Regards, Alexey Malyshev

    Virus analyst, Kaspersky Lab.

    The second copy of regedit.exe is now not there under \Windows\system32\dllcache\.
    In fact the directory dllcache is not there.
    I presume it was a ghost directory since the main copy is there under \Windows.



  3. #3

    Default Re: Trojan attaches to regedit.

    Kav is usually very quick in fixing F/P. Thank you for posting back

  4. #4
    morey Guest

    Default Re: Trojan attaches to regedit.

    Greb,





    I never did recover the second copy of regedit.exe under \dllcache folder.
    I don't have a \dllcache folder at all now.
    However, the regedit.exe under \Windows folder seems to work fine when I run it.
    Do I need that other copy?
    Is it possible that the other copy was merely from a prior version of Windows and was kept there just in case I wanted to roll back?
    I use Windows XP - SP2.

  5. #5

    Default Re: Trojan attaches to regedit.

    Morey ,I honestly don't know I'll have some of the other gurus look at this thread and see if they can give you an answer.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Trojan attaches to regedit.

    Firstly and besides the point, the dll cache folder in the windows \systen32 is usually hidden by default. Just open the system 32 folderf up and under the "Tools" at the top, select the "Folder Options" and select the "View" tab and uncheck the "HIde extensions to known file types" and uncheck the "Hide protected operating systmes (recommended)". Click the "Yes" button in the popup and then "Apply" and "OK" that previous panel.Ok, try to find the registry in a differnet way. So in the WINDOWS\system32\ folder look for a file called regedt32.exe and double click on it and select the Open. If it opens up, then you are in the registry itself and have bypassed the windows dressing form the registry and gone thorough the windows OS usual doorway instead. So your access to the registry is still available.I would suggest to do system file check- the windows recovery disk or operating disk will be needed- and that should replace the lost regedit.exe in the WINDOWS folder.So do this...First disconnect the internet and disble all security scanners and close all open windows or running progams.then...left click ... the Start > Run > type in command and OK > in the command prompt type in sfc /scannow and hit the Enter key of the keyboard. Be sure to leave a space between the sfc and the /scannow. Then get ready and put put the windows recovery or OS CD or DVD into the media drive - it will ask for the disk for verifing or checking the windows OS. Do just that and insert the disk..... Then..Just ignore the big blue window and instead concentrate on the little progress bar window. And go for a break for about fifteen or twenty minutes. Once it is finished, windows says nothing and the command just stares back at you, then type in the command exit and hit the Enter key. Eject the media disk and immediately reboot or restart the PC.Upon the restart, the regedit.exe should be back in the WINDOWS folder.Hope this helps you. ...Cheers....OLdsod
    Best regards.
    oldsod

  7. #7
    tekncl_kwestyn Guest

    Default Re: Trojan attaches to regedit.

    Hmmmm. I got the same thing, but since I told ZA to delete it, what do you suppose it did with it? See my post with the same problem....

  8. #8
    morey Guest

    Default Re: Trojan attaches to regedit.

    You need regedit.exe to edit your registry.
    See if it is in the Recycle Bin.
    Also do a search by clicking Start on the Taskbar and then looking for that file somewhere else on your disk.
    You also may be able to get it back by download from the Microsoft web site but you must specify which version of Windows you are running.
    If not, look on your Windows disk.
    If all else fails, call your PC Vendor and see if they can help you get back that file.
    I have found from experience the last two weeks that one should always quarantine suspected files and NEVER delete them.
    Then send the suspect file to newvirus at Kaspersky.com in a zipped file password protected.
    Have the RE: say False Positive?
    They will get back to you super fast.
    In the last 2 weeks I had 2 False Positives.
    I also lost some files.
    One wasn't necessary and a guru here told me how to recover from losing some others.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Kaspersky tagged zlssetup_70_470_000_en.exe as Trojan
    By xiopan in forum Malware Discussion
    Replies: 3
    Last Post: January 2nd, 2009, 09:29 PM
  2. Regedit gone - followed instructions - still doesn't work
    By netbadger in forum Malware Discussion
    Replies: 3
    Last Post: July 5th, 2007, 11:59 AM
  3. What the heck... Trojan.win32.pakes.x3 path C:\Windows\regedit.exe
    By tekncl_kwestyn in forum Malware Discussion
    Replies: 19
    Last Post: July 4th, 2007, 08:33 PM
  4. version 7.0 of PRO repeatedly alerts on login with regedit: EABUSB; how do I get rid of it?
    By ceili in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 1
    Last Post: April 8th, 2007, 03:49 AM
  5. ZAISS 7 Warning about Regedit trying to modify existing driver or service EABUSB
    By the_flying_scot in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 1
    Last Post: February 6th, 2007, 01:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •