Hi, I have a very complicated problem that has rendered my computer almost useless. I got this virus called the "verona.b worm" that totally messed up my registry. The anti-virus program that I used, InnoculateIT, was outdated and it handled the problem by deleting all files that were infected. The registry, however, was not repaired. Certain file associations were changed by the virus and I'm having problems restoring it. The files that were affected are:
EXE, .JPG, .JPEG, .JPE .GIF, .BMP, .DOC, .MP2, .MP3, .MPG .RAR, .REF, MPEG, .VQF .WMF, .WMA, .WMV, .XLS, .ZIP.

If I try to run any of these file types, the OS tries to access the file called "sysrnj.exe". That file was deleted by the anti-virus program. I can't even run regedit to fix it. What can I do to fix my registry? I am running Windows 98 SE. Any help would be much appreciated.

You'll find manuall removal instructions here:

<a target="_blank" href=http://rescomp.wustl.edu/doc/romeo.html>http://rescomp.wustl.edu/doc/romeo.html</a>

reghakr

You can copy regedit.exe to a new file called regedit.com and execute regedit.com.

Good luck!

hi there

I have a similar problem....

all my exe's call notepad, instead of starting....

I have w2k.... any hint's on that ?!?

please ;-)

.Ralph

As for 'Verona', it's also called the W32.BleBla.b. Worm: http://www.helpdesk.umd.edu/alerts/virus/blebla/files.shtml (http://www.sarc.com/avcenter/venc/data/w32.blebla.worm.html>http://www.sarc.com/avcenter/venc/data/w32.blebla.worm.html</a>

Download)

Additionally, download and install <a target="_blank" href=http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-032.asp>this patch from Microsoft </a>to prevent future infection.

However, this constitutes no defence against viruses itself.
Be sure you run a regularly updated antivirus.

Good luck, Tony

As for the Exe-file problem, download Exefix.zip from this site: <a target="_blank" href=http://home.earthlink.net/~rmbox/Reticulated/Toys.html>http://home.earthlink.net/~rmbox/Reticulated/Toys.html</a>

It restores the Windows file associations for exefiles, allowing you to execute them normally again.

Good luck, Tony

Great advice as always, Tony.
I have only one thing to add. If no exe can be run on the machine, using the exefix.exe is going to pose a problem. The exefix.com is an alternative.
To repair the exe associtaions in the registry. Download exefix08.com from HERE:
<a target="_blank" href=http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html>http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html</a>

Hi Mo,

Thanks for the compliment!

However, 'my' Exefix is a *.com file as well, once unzipped, , and it should run without a problem.

he guys...

thnks for the fast answer....

will this work as well for w2k ?!?

can you give me some more information about what exactly has to be changed in the registry ?!?

thnks...

.Ralph

Tony,
Thanks. I haven't used it myself. That's logical, though. I should think next time. DUH.

MO

Exefix is for Win95/98.
I'm not familiar with Win2000, but I don't think this will work.

You would need an inf file to restore the entries. I have one which restore both exe and regfile entries. I am hesitant to post it because I am not sure it is the same for Win2000.
Reghakr or someone else will be along, I'm sure and be able to help you.

I guess Mo's right.

But I'm sure there are people around here who're running Win2K, and who can assist you in restoring the correct reg keys and values.

Good luck, Tony

hi there....

I finally found it....
(it was much easier after the hint with the renaming of the exe's to com's.... this way I was able to run regedit and stuff under my screwed up w2k profile (other profiles on the machine were still ok))

the entry, in the registry, I found who caused windows to open all exe's with notepad was found in:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.exe\{Application Notepad.EXE}

I just had to delete this key, and everything just run's fine again....

thnks again for your help !

.Ralph

That is strictly a Windows 2000 thing, I gather.

It's done differently in Win98.

Glad to hear you got it cornered.

Cheers, Tony