Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi, I downloaded a trojan called Lamer's Death 2.7 I wanted to know how it works so I tried it on my computer. The trojan server was a file in c:\windows\fonts\win.exe.
Now every time windows starts it asks for that file. Anyone knows how to make it stop?
I deleted the trojan I think :/
All the references I found were in Russian so I can't tell you specifically how to remove it. But since a message is coming up about the file missing the following generic instructions for removal of startup items will probably work.
Run regedit and go to the following locations:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\and open any folders starting with 'Run' (Run, RunOnce, RunServices, RunServicesOnce). The items in those folders run on startup. If the minus (-) symbol follows the folder name then those items are disabled (unchecked in msconfig). You can right click and choose 'delete' to permanently remove any of the references. When you're done, close regedit.
Other items load from the start menu in the windows folder. To remove those items go to START--SETTINGS--TASKBAR AND START MENU--STAR MENU PROGRAMS--ADVANCED. Expand the 'programs' folder in either column. There should be a 'startup' folder and possibly a 'disabled startup items' folder. Those items are also listed in msconfig and can be removed with 'delete' after right clicking on them.
There may also be an 'allusers' folder with it's own 'startup' folder. Items in there can be deleted in the same way.
Next check the win.ini file. In the [Windows] section check for anything in the 'load=' and 'run=' lines. You can edit that file using sysedit, notepad or in dos by using the EDIT command.
Occassionally there will be a winstart.bat file in the windows folder. Those items run on startup also. You can edit it with notepad or from dos also.
0 
I checked everything but couldnt find anything. I attached that trojan server file to internat.exe that is used to load the language changer thingy. But I dont load it...
0
have a look in c:\windows\win.ini
the trojan probably added a line in there so that it tries to load on startup
dannyboy
0
Found out that it put a line to system.ini file, deleted the line now everything works fine. Thx for help!
0
if you still have the problem go and reinstall windows. how to do that is verey simple all what you have to do is to put WIN98 Cd and run install or setup then you will notice by the window ( DO YOU WANT TO REPLACE THE ORAGNALL FILE ) say YES and that is all
good luck
0
It was like this...
[boot]
oemfonts.fon=vgaoem.fon
shell=explorer.exe C:\windows\fonts\server.exe
system.drv=system.drv
drivers=mmsystem.dll power.drv
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
mouse.drv=mouse.drv
keyboard.drv=keyboard.drv
*DisplayFallback=0
fonts.fon=vgasys.fon
fixedfon.fon=vgafix.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv
0
The 'C:\windows\fonts\server.exe' addition to the 'shell=explorer.exe' line is associated with a virus. I guess that's the correction you made.
Thanks for posting back.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
