Executing .REG Files

Got a question: is there any way to execute .REG files automatically, is there any application that registers a .REG file into the Registry?

There's an annoying sort of virus that i can't get rid of it, neither with my AntiVirus program nor the AdAware and SpyBot, that keeps changing my homepage to a certain address.

I decided to write a REG file so that everytime my machine starts, it regisered my desired homepage as the default, so is there any APP that does it, with the right usage, of course?

 

That application is Regedit.

You should be able to just drop your REG file in the Startup folder and have it automatically run.

BUT, you should really resolve your issue with the Home Page HiJacker.

Download and run HiJackThis and copy/paste the contents of the log file back here, for review.

You can also try CwShredder to see if that is your infestation.

 

I moved this to Security/Virus/Spyware.
You are trying to change your homepage at startup with REG file, and you have something else running at startup, changing your homepage, it really is useless to do it this way. As far as I know at this point, you already have a REG file doing this already.
WhitPhil has the advice you need to follow.

 

Thanx...

Thanx dude,
done all that, here's the log file:
_____________________________
Logfile of HijackThis v1.97.7
Scan saved at 04:12:21, on 21/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE {note: this is my SoundCard Mixer file}
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
E:\PROGRAMS\BABYLON TRANSLATOR\BABYLON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Liadsite/1homepage/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Liadsite/1homepage/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {53C41D6D-52D7-43C6-A2D4-FCACE4783A0C} - C:\WINDOWS\N8G30.DLL (file missing)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - E:\PROGRAMS\DAP\DAPBHO.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - E:\PROGRAMS\DAP\DAPIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\GRISOFT\AVG7\AVGREGCL.EXE /BOOT
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKCU\..\Run: [Babylon Translator] E:\PROGRAMS\BABYLON TRANSLATOR\babylon.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRAMS\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRAMS\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37885.8468981481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx
________________________________________________________

Hope there isn't too much junk in it (although there's a lot...).

Will restart and see what happens.

 

Hi

Take WhitPhil's advice and run coolweb schredder aka >cwsredder.

be sure to unzip it then run it , have all open windows closed, run it and click fix not just scan then restart the PC come back and post a new log from hijackthis.

 

Problem solved...

Thanks guys,
Problem solved, no more hijacking for me....

 

OK Great but we still need to see a new log

First though have hijckjthis fix these , have all windows and browsers closed.


any unwanted R's and R0's
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {53C41D6D-52D7-43C6-A2D4-FCACE4783A0C} - C:\WINDOWS\N8G30.DLL (file missing)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - (no file)
=====
then delete the incredifind folder in program files.

also along with a new log
copy and past this into IE's addressbar
javascript:navigator.userAgent
Hit enter or go
and copy paste that back here for us please

 

LLDJ has decided to go with a format and clean install, per this thread.