Accidentally deleted .reg files

[AJ]

Hi I recently ran a virus scan and I accidentally deleted
the files that were infected. It turns out they were .reg
files. Now every minute I get a pop up message from the
Registry Editor that goes something like this..."Cannot
import c:\documen~1\admini~1\locals~1\temp\~df184.reg
Error opening the file.There may be a disk or file system
error."
Any suggestions on what to do ? It was about five files
that were deleted.
Thanks !!

Whitebox PC
1.8ghz p4
256ram
80g hd
Win 2000 o/s

 

[Oli Restorick [MVP]]

Hi there

It sounds like you were infected. What the virus/malware was doing was to
import registry settings from a file. The file is now gone, but the code
that caused it to run is still there.

Those reg files should not have been there, given their location. If you
fire up the registry editor (regedit.exe) and take a look at the following
locations, you may find the code that's launching them

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

You'll probably see a line saying "regedit.exe /s
c:\documen~1\admini~1\locals~1\temp\~df184.reg". If so, delete these
entries from the registry.

Hope this helps

Oli

 

[Oli Restorick [MVP]]

Hi there

It sounds like you were infected. What the virus/malware was doing was to
import registry settings from a file. The file is now gone, but the code
that caused it to run is still there.

Those reg files should not have been there, given their location. If you
fire up the registry editor (regedit.exe) and take a look at the following
locations, you may find the code that's launching them

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

You'll probably see a line saying "regedit.exe /s
c:\documen~1\admini~1\locals~1\temp\~df184.reg". If so, delete these
entries from the registry.

Hope this helps

Oli

 

[Guest]

Thanks for the reply Oli !
I went into the Reg and under the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio
n\Run
I found (name)ab/ sys (type) REG_EXPAND_SZ (data) regedit-
s sysdll.reg
Should I delete that ??

 

[Guest]

Thanks for the reply Oli !
I went into the Reg and under the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio
n\Run
I found (name)ab/ sys (type) REG_EXPAND_SZ (data) regedit-
s sysdll.reg
Should I delete that ??

 

[Oli Restorick [MVP]]

I've just done a quick Google search on the filename and it looks to be a
web browser hijacking file, so yes, delete that entry.

Hope this helps

Oli

 

[Oli Restorick [MVP]]

I've just done a quick Google search on the filename and it looks to be a
web browser hijacking file, so yes, delete that entry.

Hope this helps

Oli

 

[Guest]

deleted that entry and still getting the error messages.
Ran the virus scan and not picking up any viruses. Funny
thing is I can't download or run any virus scan programs
such as Housecall or Registry Mechanic.

 

[Guest]

deleted that entry and still getting the error messages.
Ran the virus scan and not picking up any viruses. Funny
thing is I can't download or run any virus scan programs
such as Housecall or Registry Mechanic.