how do I remove .exe from Registry?

Status
Not open for further replies.

JATO

Solid State Member
Messages
9
Hi everyone! I'm new to working with the behind the scenes stuff on the PC, but I'm trying to learn so any advice would be helpful. I recently hooked broadband to my pc and downloaded Zonealarm as a firewall. The first thing it poped up was that Kazaalite was trying to access the internet. I don't use p2p on my pc and am not sure how kazaa got on my comnputer. It does not show up in the add/remove section. With a utility program I have I can see that there is a Kazaalite.exe in the system32 area but I don't know enough how to get to it and get it totally off my pc. Any suggestions?
Thanks
 
Oh, and then you will need to do some other things cause KaZaa leaves some nasty stuff in your computer.

Do you have AdAware and/or Spybot istalled and have you run
them? And have you run a virus scan today? If so, what did it tell you?

If not, do a virus scan with your A/V and let us know what it says.

Then go here:

http://www.majorgeeks.com/download3155.html

Create a folder on your hard drive somewhere like in "My Documents" or in My Programs but NOT on the desktop or in a temporary folder. That creates problems if you do. and name it Hijackthis unzip'Hijack This to that folder. Doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, load it in Notepad, and copy its contents in the HiJack Logs (analyze) Forums. Most of what it lists will be harmless or even essential, DO NOT fix anything yet.


Then Please download Adaware from the link below first http://www.majorgeeks.com/download506.html Scan it with your A/V first, then Install it and & update it B4 scanning. In settings under 'scanning,' have it set to

'scan within archives,'

'scan active processes,'

'scan registry,'

'deepscan registry'

'scan my IE Favorites for banned URL's,'

'scan my host's file.'

In 'tweaks' under 'scanning engine' set it to 'unload recognized processes

during scanning.' Also in 'tweaks' under 'cleaning engine' set it to

'Automatically try to unregister objects prior to deletion' & 'let Windows

remove files in use at next reboot.'

Select 'activate in-depth scan' before starting scan.

When the scan is finished select 'next.'

Remove what it finds by placing a check in the box to the left of the object.

Reboot

Download Spybot Search & Destroy.

http://www.majorgeeks.com/download2471.html

Scan it with your A/V program before installing it. Install the program and launch it. Before scanning press Online and Search for Updates. Put a check mark at and install all updates. Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer, post another Hijack This log. Liz
 
Thanks for you help Southernlady. I already have AVG antivirus, spybot and adaware on my computer. AVG did find a virus about a week ago but said it was able to heal. I guess this could have been the culprit. I ran it again last night but found nothing. I will try your suggestions later this evening and let you know how it goes.
Jato
 
AVG did find a virus about a week ago but said it was able to heal. I guess this could have been the culprit.

I used AVG and it did the same thing to me, and I managed to keep reinfecting myself with the SAME, D@MNED virus...I don't know what o/s you have but if it's XP, turn OFF System Restore NOW! http://www.spyware911.net/forum/index.php?showtopic=16

And go to one of these online scanners to see if you are still infected:
http://www.kaspersky.com/remoteviruschk.html
http://www.pandasoftware.com/activescan/
http://virusscan.jotti.dhs.org/
http://housecall.trendmicro.com/housecall/start_corp.asp

Btw, I use Avast now. Liz
 
I downloaded and ran Kazaabegone and ran it but it didn't remove the kazzalite.exe in the system32 folder. Now I also have kazaabegone on the computer and I can't delete it.
 
So here is what I did. I was able to stop the kazaalite.exe from running using a utility....then i was able to trash the kazaalite.exe from the system32 folder and the the kazza file from the prefetch folder. kazaabegone didn't remove these on it's own. I ran AV, adaware, stinger, and spybot. Hopefully I am clean now.

thanks for your help
 
well, there are several other tools to try if you are still interested.
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
http://www.sysinternals.com/ntw2k/source/filemon.shtml

these programs monitor on a very low level. All you have to do is run Procexp and look for the .exe name you are having trouble with. when you find it, you can grant permissions to it, if needed, and then kill the process and all threads tied to it. it's pretty slick.
Filemon is used to look at access requests to files, so if it's writing out or reading anything, then you can identify what, and delete that as well.

good luck
 
Status
Not open for further replies.
Back
Top Bottom