New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online.
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 20)
· Marcia's (QA2)
· Bill G's (CO8)
· Paul's (AR 5)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· Recommend Us
· RegChat
· Reviews
· Search (Topics)
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 369
Comments: 9
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

Removing C:\_Restore\Temp files messed stuff up..oops..help!

 
Post new topic   Reply to topic       Computer Cops Forum Index -> Virus - Prevention
View previous topic :: View next topic  
Author Message
freakboy00769

Cadet
Cadet



Joined: Mar 27, 2004
Posts: 1
Location: USA
PostPosted: Sat Mar 27, 2004 6:17 pm    Post subject: Removing C:\_Restore\Temp files messed stuff up..oops..help!
Reply with quote
Hello there!

I just read a thread about how to fix the Troj_Istbar.k virus. Although what I had was the Yaha virus, all the steps were the same...talking about the C:\_Restore\Temp folder and it's contents. I have Windows ME on this particular computer and I downloaded the free trial for norton. After following the steps to disable system restore and reboot, the files were gone and all was well. I re-ran norton and the second time around there were only 7 infected files (as opposed to the 202 the first time). I figured this was fine so for grins, I rebooted the computer one more time before actually installing norton. After install it asked for a reboot and before the desktop came up, a window in colored dos format (hope this makes sense) came up telling me that the yaha worm had been removed. When the desktop came up, a norton window popped up stating the same thing, that the yaha worm had been removed. The problem now is that NONE of the executable files that I have on my comptuer are accesible. I'm unable to right click on my computer and click on properties cuz it says I have no permission to do so. I can't open users to find out what possible user I may be logging in under as it's set up for just me. I tried to do a screenshot of some of the windows that are popping up but like I said, no exe files are able to open

Any ideas as to what may have gone awry?

Please help! If you need more info, please let me know! Thank you!
_________________
Beckett

To what ends of the world shall we go to stamp out stupidity?
Back to top
View users profile Send private message Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Bulldog

Site Moderator
Site Moderator



Joined: Nov 16, 2003
Posts: 3467
Location: Canada
PostPosted: Mon Mar 29, 2004 12:16 am    Post subject:
Reply with quote
Hi.

http://www.trendmicro.com/vinfo/virusen...ORM_YAHA.E
Quote:
Solution:

Click Start > Run, type Regedit then Enter.
In the left panel, search for and double-click the following registry keys:
HKEY_LOCAL_MACHINE > Software > Classes >
Exefile > shell > open > command
In the right panel, double-click the Default Value.
In the Edit String Window that pops up, delete the old value in the "Value Data" field and type the following:
“%1” %*
Close the registry.

_________________
Cheers
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       Computer Cops Forum Index -> Virus - Prevention All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 663 pages served in previous 5 minutes. Page Generation: 0.843 seconds.