AndyManchesta Posted March 23, 2007 Share Posted March 23, 2007 Hi Steve, Excuse the delay, Ive just got back from work so have abit of catching up to do Your best leaving the file is system32 for now until we can get some scanners run on your system to see what the infection is, you can get a list of the Image File Execution Options key if needed by going to start > run > then copy and paste cmd /c reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s>%systemdrive%\Result.txt && notepad %systemdrive%\Result.txt Press OK and it will export the key details to a text file named Result.txt then open it with notepad (it also saves to C:\Drive), the only entry that should show a debugger value is this example entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger REG_SZ ntsd -d GlobalFlag REG_SZ 0x000010F0 I need to go back out for a while but I'll check on the HijackThis subforum for any updates when I get back and we can continue on there Cheers Andy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now