Another programme using Regedit?

  San Alwigi 14:27 05 May 06
Locked

Recently found I had a virus called b.exe so followed some instructions to remove it. It now doesn't show up when I scan for adware using Adaware or Blueyonder's PC Guard Spyware search.
BUT...
I cannot launch Windows task manager when I hit CTRL/ALT/DELETE and if I try to run regedit, I get a dialogue box saying "Another Programme is curremtly using this file". Finally, everytime I start up I get an error message (which I can easily close) saying there has been a problem launching b.exe.

Suggestions? I'm running Windows XP.
Thanks, San Alwigi

  Graham ® 14:44 05 May 06

Turn off System Restore and scan again using AVG
click here. Update it before scanning.

Don't forget to turn System Restore back on.

  San Alwigi 14:57 05 May 06

My PC says that if I turn off System Restore, all previous restore points will be deleted. Bit nervous about that as one of my solutions was to use system restore to go back to my settings three days ago to before this b.exe thing first appeared. Could that also solve it?

Thanks for the quick response btw..

  Graham ® 14:58 05 May 06

Didn't realise - b.exe is a Trojan, not a virus. Someone should recommend a removal process, but in the meantime turn off System Restore and scan again.

You really should have more defences against such attacks, start with Windows Defender
click here

  Graham ® 15:00 05 May 06

Crossed in the post...
You will have to bite the bullet, nasties hide in System Restore.

  beynac 15:19 05 May 06

I'm afraid that I disagree with you Graham ®. It is not a good idea to turn off System Restore if you are having problems. If things go wrong, you have no alternative but a reinstall. It is best to clean the sytem and then turn off System Restore to create a new, clean restore point and remove any bad ones.

San Alwigi: If you haven't disabled it, I strongly recommend that you leave System Restore alone and get advice on getting rid of any malware on your system. I suggest that you download HijackThis from click here
Double-click on this to extract it and then do a scan and post the log at MalWare Removal click here . An expert will then help you to solve your problem.

  Graham ® 16:50 05 May 06

Have a read click here

  San Alwigi 17:03 05 May 06

Had already turned off system restore by the time I saw beynac's post. So I downloaded the AVG programme, ran it and it seems to have sorted the problem. All the symptoms I mentioned earlier have disappeared, and the Run/regedit works again together with Task manager launching successfully. Thank you!

  beynac 17:23 05 May 06

I don't see that the article you refer to contradicts what I am saying. However, your advice is similar to that given by a number of AV product vendors (Trend Micro, Norton, etc.) in that they specifically tell you to disable system restore before scanning. Their AV products are incapable of accessing and removing malware that resides in system restore, and that's why they tell you to do this. Their reasoning is probably that they want to make sure every bit of the malware is removed from the system so that, in the future, a user doesn't inadvertently restore their system to an infected restore point. I totally agree with this aim. The point is that if you disable System Restore, you get rid of all restore points - good and bad. If you clean the system first and then disable, reboot, then re-enable system restore after the malware has been removed, this will eliminate infected restore points and create a clean restore point to which the user can return in the future if needed. As long as the user doesn't do a system restore before this process is fully completed, any "nasties" lurking in System Restore can do no harm. Their presence will not interfere with any of the scans.

With either of the above methods, the user will end up with a clean restore point on their system. However, with the first method, if something really nasty happens during the attempted removal of the existing malware, the user has no restore point to which they can return.

Given that the results of either method are the same, i.e. a clean restore point, I believe the more conservative approach of clearing out the infected restore points after the infection is removed is the safer option of the two. OK, at the end of the day it's just a matter of opinion.

  San Alwigi 17:30 05 May 06

...I really appreciate your concern over this and the trouble you have gone to to explain your advice. Thank you. Thankfully, one way or the other it got sorted out. Have a good weekend,

  beynac 17:34 05 May 06

I'm pleased that you've got it sorted out. BTW, don't forget to re-enable System Restore!

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

The Pantone Colour of the Year 2017 is Green

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…