Lappy got ‘viral’ fever
Jan 17th, 2008 Posted in General | no comment »“Lappy” is our laptop. Lappy is helping me with all my experiments including this site. Poor fellow was affected by the Brontok.I worm for the last few days.
Symptoms
Main symptoms of this disease are:
- When the system starts, windows explorer is not starting. So I had to run the task manager by pressing CTRL+ALT+DEL and run ”explorer” task to get the desktop.
- Folders can’t be open. Windows explorer is restarting every time
- If I try to search the net for a solution, the system restarts!!!
- Somehow I managed t gather some information regarding the worm and understood that the above things happen because of change in some registry entries by the worm. So when I tried to edit the registry, I got a message saying “Registry editing has been disabled by your administrator”!!! I wondered who the hell is this “administrator”!!! Then I read that the registry editing is also disabled by Brontok by changing another registry key.
Treatment
- Performed a full system scan with Moon anti virus. It detected the worm and cleaned.
- But the changes made to registry by the worm were still there. To change them, first thing is to get the registry editable. I got this reg_enable.vbs script from WinHelpOnline.com. Open a command prompt by clicking Start-> All Programs-> Accessories, right-click Command Prompt, and then click Run as administrator.
Switch to your Desktop directory and type the following command and press ENTER
wscript.exe reg_enable.vbs
This will revive the registry editing permission.
- Now run “regedit” and go to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. See the value of the key ”Shell”. It was ”Explorer.exe KanjiSosial.exe”. change it to ”Explorer.exe”
- Other changes made by Brontok in registry are explained in WikiAnswers.
Thus now lappy seems healthy and that is why I’m able to post this now!!!
