Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello all.
I need a responce to this question asap. I deleted a file called sys.reg because it was corrupted somehow by a virus even though I have Norton protection.
Furthermore, whenever I load my system, it gives me an error prompt because I deleted the file sys.reg, how do I get this file back on my computer so I no longer have an error conflict?? Thanks
Where did the file come from ?
Was it from an installed program ?Does your error message say what program is looking for the file ?
Krystyna
0 
It is a Register Edit file that stores the information on Internet Explorer's internet options. I deleted because each time I rebooted my computer my homepage would change to something crazy.
When I ran Norton Antivirus it showed that as being corrupted, so I deleted it. I have no idea how I could possibly get a virus, I have secruity protection and antivirus.
Anyway,
All I really want is to replace the file sys.reg so that when I start my computer it doesn't give me an error message.
Thanks.
0
I have W2K and sys.reg does not exist on my computer.
If the file was causing your homepage to change, then I suspect you have spyware or a hijacker.Have you tried running a spyware scanner like Adaware and Spybot ?
Krystyna
0
I have W2K.
Norton alerted me today sys.reg was corrupt.
Spybot did not find anything
HiJackThis did not either as far I can tell.
I have not removed sys.reg
0
I found this on another site. Has a program shredder.zip that removed my issue. Comes from the HiJackThis guys.
Since you file is gone, not sure what you should do.
http://www.spywareinfo.com/articles/cws/
0
Hello,
I recently ran an Antivirus scan on a friend's Wn98SE and it also deleted the sys.reg file as it was corrupted by a trojan. I can not find anything on how to replace this file. I am unable to extract the file off of the OS disk either. Can anyone let me know how to replace this file and remove the error.
Thanks,
Steve
0
I don't think this file is a system file -- someone has found a hole in ie6 and they are using it to copy files onto your system. In my case I saw an IE window popup and dissapear and then I got an alert from my firewall that a ".com" application was trying to access the internet, and then McAfee caught the virus and deleted it. But unfortunately not before it copied and executed sys.reg, which changes all your home/search pages, and adds an entry to your registry under "run." Everytime you boot up it'll try to execute itself again to reset your search pages.
To remove it all you need to do (other than deleting sys.reg) is to go into regedit to
"/local_computer/software/microsoft/current_version/run" and look for an entry that says: "regedit -s sys.reg". DELETE THIS ENTRY. Two caveats: I just did this myself so I don't know that this will completely solve your problem but my sense is it will, and be careful with regedit b/c you can do a bunch of harm if you're careless. Good luck.
0
Oh, and you'll need to do a find for entries that it's modified and change them back to your regular home and search pages (you can do this in IE options also).
This virus, if you can call it that, changes all your pages to this:
http://%6A%6A%6D%61%77%67%2E%74%2E%6D%75%78%61%2E%63%63/%73%2E%70%68%70?%61%69%64=420
0
Hey,
1.
As cgguy said you could modify the registry or2.
You could possible edit the sys.reg file if you want as shown below. You could set it to whatever you want. I usually set it to blank.REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
"HOMEOldSP"="about:blank"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
"HOMEOldSP"="about:blank"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sys"="regedit -s sys.reg"Take care,
tsp.
0
Saravana Perumal and cgguy are right.
The file modyfies your start page in IE and tryes to direct it to "coolweb".
I think it disables something in spyware detectors, because Spybot nor Adaware were able to chop it.
I first set my start page in "blank", cleaned cookies and history in IE,and manualy cleaned the registry finding all the entries "%6A%6A%6D%61%77%67%2E%74%2E%6D%75%78%61%2E%63%63/%73%2E%70%68%70?%61%69%64=420"
and "HOMEold" and "regedit -s sys.reg"
0
I forgot!!!
Do all this in SAFE MODE and in XP, disable the auto recovery function or you will have the bug sitting again in your PC.
Thanks and greetings from Chile.
0
Hi Oscar,
Thank GOD for your message! I have a tip that might finally get rid of my adware.raxums bug!!!
I've been doing the same steps as you iterated above for the past three days (took it from Symantec Support), but the bug and the deleted registry entries keep popping up, even with sys.reg already gone from my computer. Symantec did not mention anything about disabling the AutoRecovery function in XP.
However, how does one disable the AutoRecovery function in XP? I've searched the internet as well as microsoft support desk on how to do this, but came up empty. I found a lot on disabling Auto Reboot (in Control Panel-System), but not on AutoRecovery function.Greatly appreciate your assistance in this matter as this particular bug puts offensive links into my IE's Favorite Folders, which is used by my young children as well.
Thank you very very much!
0
G'day NiciNico
To turn off Autorecovery in XP, press "Start", right-click "My Computer", L-click "Properties", L-click tab "System Restore", un-check "Turn off System Restore on all drives", "Apply". Turn on again after making changes and re-booting.
deax
0  |
 prevent spam
|
admin network password
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
