|
-
June 17th, 2002, 02:38 PM
#1
Senior Member
Kerne1 & Sub7
i was deleting my sub seven server and then i accidently ran the file. It infected my kerne1.exe file in my c:\windows\ folder so since i have never seen that file in my windows folder before i figured it was probably the sub7 server. the next day i i turned on my computer everything seemed to work fine until i logged in. a window popped up saying kerne1.exe was missing and i had to reinstall windows, i can't seem to access the c:\ drive in dos so...what should i do? oh, and i'm running windows ME (i know i know...it's not my fault!)
-thanks
-
June 17th, 2002, 02:49 PM
#2
i have never been one to flame. usually, if i have nothing nice to say, i say nothing at all, and limit my posts to ao for only educational posts with some real purpose. but for you i will make an exception.
you sir, are a dumbass.
-
June 17th, 2002, 02:54 PM
#3
Reinstall windows....from scratch. As in format the harddrive and then install. Use a boot disk to get to the c drive in dos. You want to make sure that the reinstall doesn't keep any old settings, which does happen sometims. And if at all possible, get rid of ME. Go back to 98 if you can. Preferably Win2k.
Good luck....
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
June 17th, 2002, 03:14 PM
#4
haha
LOL @ VanEck. Short, sweet and simple flame.
But anyway...didn't the guy say he couldn't access his c: drive from dos? Well in that case check your bios settings, see if the primary and secondary drives are in the right order...and off you go. After that, don't ever touch that SK subseven crap, that MS m.e crap, and get a linux distro.
script language=\"M$cript\";
function beginError(bsod) {
return true; }
onLoad.windows = beginError;
-
June 17th, 2002, 03:29 PM
#5
Or, if you have a friend running the same OS.
get a copy of the file from him (and make a
bootable floppy while you're at it)
Boot from floppy, replace file.
I came in to the world with nothing. I still have most of it.
-
June 18th, 2002, 02:33 PM
#6
Senior Member
didn't i say i was deleting sub 7?....why are you guys flaming me?
-
June 18th, 2002, 03:20 PM
#7
Only VanEck flamed you, and he was just saying it was stupid to play with a trojan. The rest of us were trying to help you....
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
June 18th, 2002, 03:47 PM
#8
Well..deleting subseven sounds alot like, "i used subseven and was trying to flip my friends cursor when i accidently clicked on server.exe. now i wanna get rid of subseven"
Get the drift? And that my friend...was not a flame. VanEck was not a flame. You have obviously not seen Negative's posts.
script language=\"M$cript\";
function beginError(bsod) {
return true; }
onLoad.windows = beginError;
-
June 18th, 2002, 04:50 PM
#9
Junior Member
You dont have to reinstall your windows all you have to do is this-
The order to remove this trojan is complicated by the depth to which the trojan hooks the operating system.
One trick that I discovered is to rename the registry editing program from their original .EXE to a .COM extension (as in REGEDIT.COM). This will by pass the limitations created by removing the trojan prior to editing the registry. This will allow you to remove references of trojans and Internet worms.
--- Manual Removal Instructions ---
1) Identify and note the files associated with this trojan as detected by the scanner.
2) Click START|RUN, type
COMMAND /C COPY %WINDIR%\REGEDIT.EXE %WINDIR%\REGEDIT.COM
and hit ENTER
3) Click START|RUN, type REGEDIT.COM and hit ENTER
4) Remove references to the trojan from these keys of the registry
HKCR\exefile\shell\open\command\
HKLM\Software\CLASSES\exefile\
shell\open\command
They should contain only the value not including brackets
[''%1'' %*].
5) If applicable, remove any keys that run the main trojan under
HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices\
HKLM\Software\Microsoft\Windows\
CurrentVersion\Run\
HKLM\Software\Microsoft\Active Setup\Installed Components\KeyName\
6) If applicable, delete the registry key if it exists
HKEY_CLASSES_ROOT\.dl
and exit Regedit
7) If applicable, edit WIN.INI and remove the reference to the trojan from the run= line in the [windows] section.
8) If applicable, edit SYSTEM.INI and remove the reference to the trojan from the shell= line in the [boot] section. It should just contain the file EXPLORER.EXE.
9) Restart the system.
10) Delete the trojan program(s). If all is well the files should be deleted OK. If you get an error message saying that windows is unable to delete the file because it is in use, then you have made an error in the above procedure. Repeat steps 1 to 9 and try again.
-
June 18th, 2002, 05:06 PM
#10
I would install linux on the box and then try to run your sub7 server again, oh and while your at it why dont you write some visual basic viruses on the linux box.....:P
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
