Registry Viruses

[Hempy]

Hey guys I'm not sure if this the right place to post this, or if there is a better venue for my inquiry but here goes anyway.
I recently picked up a backdoor Trojan and it's attached itself to me registry.exe. Can't delete that one so I'm a bit stuck here. Symantec merely tells ya to scan quarantine and delete these files, assuming you can delete them, they give no "cleaning" solutions for a registry file. Any pointers? sorry for the ignorance.

 

[minendo]

What trojan did you pick up? Doing a search on Google for that particular trojan usually will yield removal steps.

 

[Hempy]

NAV 2002 simply gives it the generic label of Backdoor.Trojan virus

That's part of my problem...if it was specific I would probably have an easier time locating the fix.

"The file C:\WINNT\Registry.exe is infected with the Backdoor.Trojan virus.
Unable to quarantine the file." is the exact message .

 

[minendo]

To edit the registry:

CAUTION: We strongly recommend that you back up the system registry before you make any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys that are specified. Please see the document How to back up the Windows registry before proceeding.
1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Select the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. Refer to the list of infected files that you created while following the instructions in the previous section. In the right pane, look at the entries in the Name and Data columns.
5. If you find an entry that refers to a file that was detected as infected, select the entry, press Delete, and then click Yes to confirm.
6. Select the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

7. Refer to the list of infected files that you created while following the instructions in the previous section. In the right pane, look at the entries in the Name and Data columns.
8. If you find an entry that refers to a file that was detected as infected, select the entry, press Delete, and then click Yes to confirm.
9. Exit the Registry Editor.

All that was extracted from here.

 

[Hempy]

Thanks bud. I also found a good cleaner here.

 

[GregANDTCH]

Is "Registry.exe" a valid Windows file, or is it one of those fake ones that
virus's load so you won't notice they're running.
I have regedit.exe but not that one.
I don't have WinNT either though.

 

[Jombo]

GregANDTCH brought up a good point.
I just searched my Win 2K and Win 98, and neither found a registry.exe file.
wonder if that is just the backdoor torjan virri.
i guess i should be glad i don't have that file huh?

jason