HowTo: Repair Registry after Virus Attack
One of the most frustrating things about being infected by a virus is they mess with your registry so much, there wasn’t much you can recognize from what remains in your PC even after you totally exterminate the virus either using antivirus or manually.
And on top of it, antivirus company seems reluctant to really clean up the damage, at least without extra money to buy an extra functionality from their software.
This is a collection of registry fix I compiled from most of Indonesian made virus since brontok to amburadul.
This registry fix can repair virus symptoms such as
- · Disabled task manager
- · Disabled regedit
- · Virus hook to explorer, safemode, and winlogon
- · Missing or disabled options regarding file extension, hidden files, and super hidden
- · Internet explorer caption
- · No run
- · No find
- · No control panel
- · And some more
Some of the entry I put in the repair file was credited to an Indonesian antivirus website I fond long-long time ago… I forgot the URL. Some was taken from a friend of mine which in turn take it from his friend mine which in turn take it from his friend… I simply don’t know who I should give credit to. I also created some of the entry.
Download Repair.inf here
To use the file simply right click and install it
Note:
Please be sure that there is no active virus in your computer when executing repair.inf. You can do this by using an antivirus or manually using process explorer tools such as ProcessXP from Sysinternals.
Some entry mark with “Your Product ID“,”Your Product Name“,”Your Organization“, and “Your Registered Owner” are meant to be change according to each person preference.
In some case, the virus registers an inf file with other file, for example a jpg file. In this case, the install option doesn’t appear when you right click on the file. If this happen, pray that run or command prompt not blocked.
If it’s not blocked, download repair.inf, put it somewhere on your hard disk, for example put it in your C: drive. Then just run “rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 C:\repair.inf” command either from command prompt or run menu.
If it’s blocked, you’re screwed… 
[...] Health Technologies Sharemulek.pl P2P , emule , linki download edonkey | !# Registry Repair v4 .. HowTo: Repair Registry after Virus Attack « My Crappy Mind What is the Windows Registry? | Windows Help | Slow Pc Tips Registry Error Repair – A How To [...]
Pingback by Registry Easy Review | PC Registry Repair — July 12, 2008 @ 4:48 am |
Your repair.inf unblocked my task manager. Control panel is still not showing up from Start > Settings. Start + E is still blocked (cant use short cut to open explorer and my time (bottom right) has VIRUS ALERT! apended to it.
Thanks for your help anyway, I’m one step closer to cleansing my pc.
Comment by Juergen — August 14, 2008 @ 4:33 pm |
@Juergen
I didn’t get time to reply sooner.. sorry :p
First
Second
I hope by this time the alert problem is gone (one problem off your hair
)
If it’s not, things get really complicated since those kind of alert can be caused by a malicious driver that have a tendencies to damage windows if you mess with it.
Third
Comment by MindCrap — August 20, 2008 @ 3:36 pm |
ok..
i had a virus that made my time say VIRUS ALERT..
go to control panel,regional and lanuage options,customize,click the time tab,and under the time format,make it say h:mm:ss tt, or try the other ones if thats inn military..
another one was it disabled task manager.. i fixed this buy going to run and typing in REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
the virus also made some webpages not load but i dont know how to fix that one yet :[
anyone know?
Comment by Robert — October 26, 2008 @ 6:05 am |
I was told it was easy to change things in the registry. I really didn’t understand it could crash and possible totally ruin the operating system. Long story short, I had to reinstall windows because of what I did. Now, I don’t touch the registry anymore and just use one of the many windows registry repair programs out there.
Comment by Windows Registry Repair Cleaner — November 24, 2008 @ 11:37 am |
It is a mess being screwed up by a virus. Many times you will have to re-install Windows to wipe every single error out and it is a pain in your butt.
Comment by Scan Windows Registry — February 12, 2009 @ 5:19 am |
Hi,
My laptop was infexted by xp police antivirus. I have tried to remove the malwre by running antimalware. the program founds savral torjan virus which it fixed. After restarting the system, now the issue is its not showing any desktop icon or start menu or even quick launch.
I have tried all the option of booting in safe mode, using previous best known configuration but the issue is still the same. Even it playes the windows starting sound.
Your help will be highly appericiated.
Thanks,
Nick
Comment by Nick — February 19, 2009 @ 9:36 am |
Hi Nick
It seems that your antimalware program leave some broken line in your registry
I recommend u to seek prof help
If you want to do it yourself (at your own risk), Ill try to help you out…
Mind though you’ll be searching needles in a haystack
The needles leave clue though, so if your carefull enough you’ll find it
But first you have to somehow open explorer or command prompt
Since task bar and desktop icon gone (which indicate something preventing the main explorer to open),
does ctrl-alt-del work?
Comment by MindCrap — February 19, 2009 @ 3:22 pm |
Thank you for your solution. Now, I can see file extensions & hiddden files again after being infected.
Many thanks,
Edo
Comment by Edo — April 24, 2009 @ 8:04 am |
You’re very much welcome…
Comment by MindCrap — May 15, 2009 @ 2:27 pm |
When I tried to log on to ours dekstop, a box saying “there are not sufficient resources to load” my account with the default something-or-other came up. The box had a timer that was going to close the message, and then when it closed it would not log me on. I could not turn it off normally so I cut the power. When I turned it back on I logged on fine?
I read here PC Repair but couldnt make sense?
Comment by ClearlyPro — July 8, 2009 @ 2:31 am |
seems like what would happen if you run out of HD/RAM space… did you leave your PC on for some time before you tried to log? if its already on when tried to log, perhaps theres a process that eating all of your memory running in the background… anti virus scan or a virus can cause something like that… you might also want to check your C (assuming youre running windows), you should have at least 200 MB if you don’t want windows to start acting weird… :p
Comment by MindCrap — July 16, 2009 @ 8:38 am |
have you try this:?
http://gist.github.com/146062
Comment by rex — July 15, 2009 @ 12:18 pm |
nop… i havent… by the look of it its seems usefull…
look like a more tuned version of repair.inf
Comment by MindCrap — July 16, 2009 @ 8:54 am |
I found a repair tool in http://www.emopia.com. I used it and it was kinda cool.
Comment by HG — August 31, 2009 @ 4:33 pm |
hi.. thanks this is very nice info. everything back to normal.. thanks so much
Comment by sunjoto — November 24, 2009 @ 10:43 am |