how do I remove .exe from Registry? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 12-03-2004, 04:31 PM   #1 (permalink)
Newb Techie
 
Join Date: Dec 2004
Posts: 9
Default how do I remove .exe from Registry?

Hi everyone! I'm new to working with the behind the scenes stuff on the PC, but I'm trying to learn so any advice would be helpful. I recently hooked broadband to my pc and downloaded Zonealarm as a firewall. The first thing it poped up was that Kazaalite was trying to access the internet. I don't use p2p on my pc and am not sure how kazaa got on my comnputer. It does not show up in the add/remove section. With a utility program I have I can see that there is a Kazaalite.exe in the system32 area but I don't know enough how to get to it and get it totally off my pc. Any suggestions?
Thanks
__________________

JATO is offline  
Old 12-03-2004, 04:42 PM   #2 (permalink)
Monster Techie
 
Join Date: Nov 2004
Posts: 1,343
Send a message via AIM to southernlady Send a message via Yahoo to southernlady
Default

Yes, go here http://www.richardthelionhearted.com...downloads.html and download KazaaBegone. If that link doesn't work, use this one: http://www.spyware911.net/downloads.htm Liz
__________________

__________________
<font size=\"1\"><a href=\"http://www.prioritycomputers.net/\" target=\"_blank\">Priority Computers</a> | <a href=\"http://www.majorgeeks.com/download506.html\" target=\"_blank\">AdAware SE</a> | <a href=\"http://www.majorgeeks.com/download2471.html\" target=\"_blank\">SpyBot-Search & Destroy</a> | <a href=\"http://www.majorgeeks.com/download2859.html\" target=\"_blank\">SpywareBlaster</a> | <a href=\"http://www.majorgeeks.com/download3045.html\" target=\"_blank\">SpywareGuard</a> | <a href=\"http://www.majorgeeks.com/download3155.html\" target=\"_blank\">HijackThis</a> | <font color=\"red\"> <a href=\"http://www.stealingisillegal.com/\" target=\"_blank\">Stealing is illegal</font></a> <form action=\"http://www.theriddlehouse.com/random/tfsearch.php\" method=\"get\"><br />
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search Tech-Forums!\"></form><font size=\"1\"><i>Powered by Emily!</i></font><br />
<br />
southernlady is offline  
Old 12-03-2004, 04:58 PM   #3 (permalink)
Monster Techie
 
Join Date: Nov 2004
Posts: 1,343
Send a message via AIM to southernlady Send a message via Yahoo to southernlady
Default

Oh, and then you will need to do some other things cause KaZaa leaves some nasty stuff in your computer.

Do you have AdAware and/or Spybot istalled and have you run
them? And have you run a virus scan today? If so, what did it tell you?

If not, do a virus scan with your A/V and let us know what it says.

Then go here:

http://www.majorgeeks.com/download3155.html

Create a folder on your hard drive somewhere like in "My Documents" or in My Programs but NOT on the desktop or in a temporary folder. That creates problems if you do. and name it Hijackthis unzip'Hijack This to that folder. Doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, load it in Notepad, and copy its contents in the HiJack Logs (analyze) Forums. Most of what it lists will be harmless or even essential, DO NOT fix anything yet.


Then Please download Adaware from the link below first http://www.majorgeeks.com/download506.html Scan it with your A/V first, then Install it and & update it B4 scanning. In settings under 'scanning,' have it set to

'scan within archives,'

'scan active processes,'

'scan registry,'

'deepscan registry'

'scan my IE Favorites for banned URL's,'

'scan my host's file.'

In 'tweaks' under 'scanning engine' set it to 'unload recognized processes

during scanning.' Also in 'tweaks' under 'cleaning engine' set it to

'Automatically try to unregister objects prior to deletion' & 'let Windows

remove files in use at next reboot.'

Select 'activate in-depth scan' before starting scan.

When the scan is finished select 'next.'

Remove what it finds by placing a check in the box to the left of the object.

Reboot

Download Spybot Search & Destroy.

http://www.majorgeeks.com/download2471.html

Scan it with your A/V program before installing it. Install the program and launch it. Before scanning press Online and Search for Updates. Put a check mark at and install all updates. Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer, post another Hijack This log. Liz
__________________
<font size=\"1\"><a href=\"http://www.prioritycomputers.net/\" target=\"_blank\">Priority Computers</a> | <a href=\"http://www.majorgeeks.com/download506.html\" target=\"_blank\">AdAware SE</a> | <a href=\"http://www.majorgeeks.com/download2471.html\" target=\"_blank\">SpyBot-Search & Destroy</a> | <a href=\"http://www.majorgeeks.com/download2859.html\" target=\"_blank\">SpywareBlaster</a> | <a href=\"http://www.majorgeeks.com/download3045.html\" target=\"_blank\">SpywareGuard</a> | <a href=\"http://www.majorgeeks.com/download3155.html\" target=\"_blank\">HijackThis</a> | <font color=\"red\"> <a href=\"http://www.stealingisillegal.com/\" target=\"_blank\">Stealing is illegal</font></a> <form action=\"http://www.theriddlehouse.com/random/tfsearch.php\" method=\"get\"><br />
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search Tech-Forums!\"></form><font size=\"1\"><i>Powered by Emily!</i></font><br />
<br />
southernlady is offline  
Old 12-03-2004, 05:44 PM   #4 (permalink)
Newb Techie
 
Join Date: Dec 2004
Posts: 9
Default

Thanks for you help Southernlady. I already have AVG antivirus, spybot and adaware on my computer. AVG did find a virus about a week ago but said it was able to heal. I guess this could have been the culprit. I ran it again last night but found nothing. I will try your suggestions later this evening and let you know how it goes.
Jato
JATO is offline  
Old 12-03-2004, 06:05 PM   #5 (permalink)
Monster Techie
 
Join Date: Nov 2004
Posts: 1,343
Send a message via AIM to southernlady Send a message via Yahoo to southernlady
Default

Quote:
AVG did find a virus about a week ago but said it was able to heal. I guess this could have been the culprit.
I used AVG and it did the same thing to me, and I managed to keep reinfecting myself with the SAME, D@MNED virus...I don't know what o/s you have but if it's XP, turn OFF System Restore NOW! http://www.spyware911.net/forum/index.php?showtopic=16

And go to one of these online scanners to see if you are still infected:
http://www.kaspersky.com/remoteviruschk.html
http://www.pandasoftware.com/activescan/
http://virusscan.jotti.dhs.org/
http://housecall.trendmicro.com/hous...start_corp.asp

Btw, I use Avast now. Liz
__________________
<font size=\"1\"><a href=\"http://www.prioritycomputers.net/\" target=\"_blank\">Priority Computers</a> | <a href=\"http://www.majorgeeks.com/download506.html\" target=\"_blank\">AdAware SE</a> | <a href=\"http://www.majorgeeks.com/download2471.html\" target=\"_blank\">SpyBot-Search & Destroy</a> | <a href=\"http://www.majorgeeks.com/download2859.html\" target=\"_blank\">SpywareBlaster</a> | <a href=\"http://www.majorgeeks.com/download3045.html\" target=\"_blank\">SpywareGuard</a> | <a href=\"http://www.majorgeeks.com/download3155.html\" target=\"_blank\">HijackThis</a> | <font color=\"red\"> <a href=\"http://www.stealingisillegal.com/\" target=\"_blank\">Stealing is illegal</font></a> <form action=\"http://www.theriddlehouse.com/random/tfsearch.php\" method=\"get\"><br />
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search Tech-Forums!\"></form><font size=\"1\"><i>Powered by Emily!</i></font><br />
<br />
southernlady is offline  
Old 12-03-2004, 09:13 PM   #6 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

download "Stinger"
http://vil.nai.com/vil/averttools.asp
run this. it's very good at removing the most common of the viruses out there.
Inaris is offline  
Old 12-03-2004, 09:59 PM   #7 (permalink)
Newb Techie
 
Join Date: Dec 2004
Posts: 9
Default

I downloaded and ran Kazaabegone and ran it but it didn't remove the kazzalite.exe in the system32 folder. Now I also have kazaabegone on the computer and I can't delete it.
JATO is offline  
Old 12-04-2004, 12:11 AM   #8 (permalink)
Monster Techie
 
Join Date: Nov 2004
Posts: 1,343
Send a message via AIM to southernlady Send a message via Yahoo to southernlady
Default

Kazaabegone is suppose to remain...

Have you run a HiJack this yet? Liz
__________________
<font size=\"1\"><a href=\"http://www.prioritycomputers.net/\" target=\"_blank\">Priority Computers</a> | <a href=\"http://www.majorgeeks.com/download506.html\" target=\"_blank\">AdAware SE</a> | <a href=\"http://www.majorgeeks.com/download2471.html\" target=\"_blank\">SpyBot-Search & Destroy</a> | <a href=\"http://www.majorgeeks.com/download2859.html\" target=\"_blank\">SpywareBlaster</a> | <a href=\"http://www.majorgeeks.com/download3045.html\" target=\"_blank\">SpywareGuard</a> | <a href=\"http://www.majorgeeks.com/download3155.html\" target=\"_blank\">HijackThis</a> | <font color=\"red\"> <a href=\"http://www.stealingisillegal.com/\" target=\"_blank\">Stealing is illegal</font></a> <form action=\"http://www.theriddlehouse.com/random/tfsearch.php\" method=\"get\"><br />
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search Tech-Forums!\"></form><font size=\"1\"><i>Powered by Emily!</i></font><br />
<br />
southernlady is offline  
Old 12-04-2004, 02:23 PM   #9 (permalink)
Newb Techie
 
Join Date: Dec 2004
Posts: 9
Default

So here is what I did. I was able to stop the kazaalite.exe from running using a utility....then i was able to trash the kazaalite.exe from the system32 folder and the the kazza file from the prefetch folder. kazaabegone didn't remove these on it's own. I ran AV, adaware, stinger, and spybot. Hopefully I am clean now.

thanks for your help
JATO is offline  
Old 12-04-2004, 02:36 PM   #10 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

well, there are several other tools to try if you are still interested.
http://www.sysinternals.com/ntw2k/fr.../procexp.shtml
http://www.sysinternals.com/ntw2k/source/filemon.shtml

these programs monitor on a very low level. All you have to do is run Procexp and look for the .exe name you are having trouble with. when you find it, you can grant permissions to it, if needed, and then kill the process and all threads tied to it. it's pretty slick.
Filemon is used to look at access requests to files, so if it's writing out or reading anything, then you can identify what, and delete that as well.

good luck
__________________

Inaris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 01:32 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.