As soon as i inserted the USB mcAfee cribbed about a Trojan Generic.ep.
I found that this Trojan had messed up a lot of my windows n Registry settings.
The Ordeal...is as below..
If you get hit by Generic.ep virus
Install Norton / AVG / mcAfee AV programs.
This virus infects ur windows systems folders.Every directory u then browse has a directory of the same name with a .exe extension. The afore mentioned AV sw shud help u in weeding this out.
But you will find that Task Manager will be disabled.Fire "GPEDIT.msc" from Windows->RUN
Under Administrative template -> System categoryCtrl+alt+del options can be disabled. This will enable ur Task Manager to be launched.
Registry editing also can be enabled back by using this script ...
'Enable/Disable Registry Editing tools'© Doug Knox - rev 12/06/99
Option Explicit
'Declare variablesDim WSHShell, n, MyBox, p, t, mustboot, errnum, versDim enab, disab, jobfunc, itemtype
Set WSHShell = WScript.CreateObject("WScript.Shell")p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"p = p & "DisableRegistryTools"itemtype = "REG_DWORD"mustboot = "Log off and back on, or restart your pc to" & vbCR & "effect the changes"enab = "ENABLED"disab = "DISABLED"jobfunc = "Registry Editing Tools are now "
'This section tries to read the registry key value. If not present an 'error is generated. Normal error return should be 0 if value is 'presentt = "Confirmation"Err.ClearOn Error Resume Nextn = WSHShell.RegRead (p)On Error Goto 0errnum = Err.Number
if errnum <> 0 then'Create the registry key value for DisableRegistryTools with value 0 WSHShell.RegWrite p, 0, itemtypeEnd If
'If the key is present, or was created, it is toggled'Confirmations can be disabled by commenting out 'the two MyBox lines below
If n = 0 Then n = 1WSHShell.RegWrite p, n, itemtypeMybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)ElseIf n = 1 then n = 0WSHShell.RegWrite p, n, itemtypeMybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)End If
~P
No comments:
Post a Comment