Delete a flash media device from registry

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a virus on my computer when I insert a flash drive it attempts to run
a program called sys.exe. I have removed the sys.exe virus and my virus
scanners aren't detecting anything new, neither are my spyware scans.
Originally my antivirus software stated it was Trojan.Flush.G but the
symptoms on my computer did not match the described systems and the removal
procedures i.e registry hacks the keys were not present. I cleared the usb
drive of all data and there is no autorun.inf on my drive. Therefore I assume
there is something on my computer calling this procedure. I searched the
registry for sys.exe and the following entry came up under an autorun key

C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe

I tried deleting the entire key structure, but when I insert the usb device
it recreates these keys. Any suggestions on how to remove this device
entirely from the registry, or if someone has had a similar problem it would
be greatly appreaciated if you could give me some direction.
 
Jakem said:
I have a virus on my computer when I insert a flash drive it attempts to run
a program called sys.exe. I have removed the sys.exe virus and my virus
scanners aren't detecting anything new, neither are my spyware scans.
Originally my antivirus software stated it was Trojan.Flush.G but the
symptoms on my computer did not match the described systems and the removal
procedures i.e registry hacks the keys were not present. I cleared the usb
drive of all data and there is no autorun.inf on my drive. Therefore I assume
there is something on my computer calling this procedure. I searched the
registry for sys.exe and the following entry came up under an autorun key

C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe

I tried deleting the entire key structure, but when I insert the usb device
it recreates these keys. Any suggestions on how to remove this device
entirely from the registry, or if someone has had a similar problem it would
be greatly appreaciated if you could give me some direction.
Click to expand...

If you *formatted* your usb key - which I would do in Safe Mode - then
there is nothing left on the usb key and your computer is *not* clean.
Removing registry entries related to the usb key will be useless.

Here is a link to the Sophos removal information:

http://www.sophos.com/virusinfo/analyses/w32sdbotnk.html

However, I would start by doing the preparatory work here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with Multi_AV (which includes a Sophos module) and
follow instructions to do all scans in Safe Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigStoreUSA). Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed
up before you take the machine into a shop.


Malke
 
Back
Top