virus/trojan attacks HKEY_CLASSES_ROOT ?

Toggle sidebar Toggle sidebar
D

dynamox

Junior Member
Jun 20, 2002
12
0
0
Hello guys/girls. I have this problem. We are in a small network of about 50pc. Many of my pc's experience this problem. Something deletes HKEY_CLASSES_ROOT keys, the ones that contain file associations. Basically i have a system where regular shortcuts turn into windows icons and when double clicked do not know which application to use to open the file. Even when i double click on an exe file it's asking me which application to use to open this file. When i look in the registry HKEY_CLASSES_ROOT , file assications are gone. This happens on systems that have the Latest Norton Antivirus 7.6 with the latest virus defs. I search the net, but could not find anything that mentions this kind of problem. Does anybody know/heard of this virus/trojan? I can have a brand new system connect to the network and without anybody using it ..it will be affected in a few days.

Any ideas guys?

Thanks
 
S

Storm

Diamond Member
Nov 5, 1999
3,952
0
76
I have a couple questions...

Are you the network admin of these 50 pcs?
Is full access to everything given on these pcs?
Lastly I hope no one is doing anything malicious to the puters.
 
E

everman

Lifer
Nov 5, 2002
11,288
1
0
I hope you have it set up there so users have proper privelages and are not able to modify things like that? (besides admins of course)
 
S

speed01

Golden Member
Jan 23, 2001
1,167
0
0
I have seen this, don't know what causes it and was never able to find out any info. I've run into it on NT4 and W2K machines but never saw it on XP. The only way I could fix the NT machines was by reloading the OS but with the W2K machines I was able to import the Classes_Root from a working machine and it stuck about 75% of the time. Alternatively, you could remotely access the registry of each affected machine and manually recreate the .bat .com and .exe keys to get them to work but you will still be missing a bunch.

Speed
 
S

speed01

Golden Member
Jan 23, 2001
1,167
0
0
I looked up the virus listed in the link on the Symantec site and although it is similiar, it's not the same as what I had seen. That virus changes the registry entries to point to another location where the one I encountered simply removed most of the top half of the Classes_Root key. I'm sure it is a virus of some sort but Norton A/V never picked anything up.

Here is the page from Symantec..

Speed
 
R

redbeard1

Diamond Member
Dec 12, 2001
3,006
0
0
We had a problem at work with what we suspected was a virus. Tried three different programs and could not find anything. It was suggested that we try etrust EZ anti-virus. It found three different viruses that the others had missed. Deleted those virus files and the problems went away.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom