Fix Command Prompt & Regedit Problem

On a Windows XP SP2 machine I have had, both the command prompt (cmd.exe) and regedit (regedit32.exe) failed to load and just restarted explorer.exe which closed all open windows and brought you back to the desktop. This also brought up the Restore Active Desktop message on the desktop and the Restore button failed with a script error.

On most start ups, explorer didn’t load at all, but could be manually by bringing up the task manager (Ctrl + Alt + Delete) and going to File –> Run and typing ‘explorer.exe’ (without the quotes).

I don’t know where the malware came from, but there were traces from Limewire, so one could hazard a guess that this was likely the cause.

Fixing
To fix the problem, you will need some knowledge of the registry and navigating around Windows explorer. As well as the following tools:
HijackThis – Download (mirror)
ComboFix – Download (Read all the documentation of Combofix before you proceed with this)

Step 1
- Navigate to C:\Windows\system32 in explorer
- Copy the file called regedit32 (regedit32.exe if you have extensions shown)
- Paste a copy of this file on your desktop
- Rename this file to anything you want other than cmd.exe or regedit32.exe, something like somerandomfile.exe
- Double click the file to open it. You should now have full access to the registry

Step 2
- In the registry navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
- Under aux2 (maybe another entry) you will see a path like C:\DOCUME~1\USERNAME\LOCALS~1\Temp\..\esanx.igg
- Copy the whole path excluding the file and open it in Explorer. You should see the file in the folder.
- If so, open up HijackThis, and click the button for Misc Tools.
- Chose Delete a file on reboot.
- Navigate to the path of the file and select the file.
- When you have selected it you will be asked to restart. Say Yes and restart.

Step 3
- After you have restarted, disable any Antivirus scanners and run Combofix following the instructions.
- Let Combofix do it’s thing and when finished, everything should be as good as it was beforehand.

Step 4
- Either download CCleaner or ATF-Cleaner (Only for Windows XP and Windows 2000)
- Clean out all your temporary files

Source : http://jamestombs.co.uk/

1:50 AM | Labels: |

This entry was posted on 1:50 AM and is filed under Articles . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

 

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)