I recently discovered a trojan virus on my computer. The file primary file was called run.exe, and it had associated itself as the program to run whenever file type Application was used. Norton deleted that file, therefore causing errors whenever i try to run anything. I've tried going to File Associations under Folder Options, but file type Application is uneditable. I'm not sure what to do now.

Start Windows in MS-DOS mode (press the Ctrl key as soon as your PC starts. This will get you the Bootup menu. Once the menu is up, choose Command prompt only) Type Scanreg /restore at the prompt You will get a screen where you can select which registry backup to use Choose your backup (prior to the virus problem) and press Restore When ready you'll be prompted to Restart your computer

I don't think that will work because the previous setting for it was using that run.exe file.

From the Mcafee virus library: Removal Instructions (for sub7 or BackdoorG trojan) The order to remove this trojan is complicated by the depth to which the trojan hooks the operating system. One trick that AVERT has discovered is to rename the registry editing programs from their original .exe to a .COM extension. This will by pass the limitations created by removing the trojan prior to editing the registry. For example, in Windows 95/98, the registry can be loaded and edited using the program named REGEDIT.exe while in Windows NT, you use REGEDT32.exe. Rename these to a .COM extension and they will still execute and allow you remove references of trojans and Internet worms. 1) Identify and note the files associated with this trojan as detected by the scanner - do not remove the trojan at this time. If you have already removed the trojan, you will not be able to run REGEDIT steps below on the affected system. Proceed instead to step 11 listed below. 2) Open an MS-DOS prompt via the menu or click on START|RUN and type COMMAND and then press enter. 3) Start Regedit in Windows 95/98 by typing REGEDIT or in Windows NT type REGEDT32 and press enter. 4) Remove references to the trojan from these keys of the registry HKEY_CLASSES_ROOT\exefile\shell\open\command\ HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command They should contain only the value not including brackets ["%1" %*]. 5) If applicable, remove any keys that run the main trojan under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ And HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ 6) If applicable, delete the registry key if it exists HKEY_CLASSES_ROOT\.dl and exit Regedit 7) If applicable, edit WIN.INI and remove the reference to the trojan from the run= line in the [windows] section. 8) If applicable, edit SYSTEM.INI and remove the reference to the trojan from the shell= line in the [boot] section. It should just contain the file EXPLORER.exe. 9) Restart the system. 10) Delete the trojan program(s). If all is well the files should be deleted OK. If you get an error message saying that windows is unable to delete the file because it is in use, then you have made an error in the above procedure. Repeat steps 1 to 9 and try again. 11) In the event that the trojan was deleted before making the registry changes, it is still possible to repair the registry. You will need access to another computer, or at a minimum, access to MS-DOS on the affected system. Using MS-DOS edit, create a file called UNDO.REG with the following content (you can cut and paste): REGEDIT4 [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @="\"%1\" %*" 12) Save this file to the Windows folder of the affected system as the file "UNDO.REG". 13) Click on START|RUN and type in UNDO.REG and press ENTER. The contents of UNDO.REG should be now imported to the registry.

Complete info on this trojan: Mcafee, http://vil.nai.com/vil/RAT10566.asp Norton (Symantec), http://www.symantec.com/avcenter/venc/data/sub.seven.20.html

I'm glad to here you think it won't work, so it's best that you don't try.According to A.C.'s post you will be editing the registry, but then that probably won't work either, right. You didn't state when this occurred, but if it was 3 days ago for example & you replaced the registry with a copy from 4 day's ago, do you think you would have to be entering into a lot of registry editing. You think about that...

If you can successfully manage steps 11-13 of the above post, that will give you back your .exe functions and you can then use the registry editor to complete the rest of the steps. An alternate method of restoring the use of the registry editor is rename the regedit.exe file in the windows folder to regedit.com Click on My Computer/drive c/windows and scroll to the regedit file and right click to rename make sure the keys shown in the regedit4 show the right values. Check and edit win.ini and system.ini as necessary. Change your passwords.