Windows32 file opens on log in
Hey-oh fellow magicians and other computer users:
During the last few days I have been fighting an evil spell, on that tried to make me go to a website that I neither needed nor wanted. It all began with a 'codec' for Windows Media player that was actually a 'Trojan Horse". I had a file that was supposedly a standard windows media file, but that wouldn't open. A message popped up announcing that I 'needed a new codec' to view this file. I, being credulous, immediately downloaded the file in question and installed it. Well, imagine my surprise when I found the "Zlob" trojan on my system. I quickly removed it, (in about an hour) and then began to remove all the little "extra's" that the codec had installed. After removing some registry errors, 'http://support.microsoft.com/?kbid=170086' and several files that were in odd places, not to mention one in the System32 folder of windows, I thought I had the problem fixed. I didn't.
As soon as I restarted the computer, the System32 folder appeared, open, on my desktop. I began cleaning the registry of invalid entries, making the (accurate) assumption that the problem was there. 150 entries later, I was begining to dispair of ever learing the truth about the source of the problem. I had removed every invalid entry and more than a few entries that were just old, outdated, or led nowhere. Still I didn't stop the problem. I started looking on the web for an answer, and someone suggested that a registry entry with a path to the system32 folder might be the answer. I realized that the path would have to end with system32\ and started searching. Today I found one, which was a kernel32 entry in the HKLM section of the registry, specifically in the Explorer\run area, and which had a path to the System32 folder. I backed up the registry and deleted the entry. Luckily it was the right entry and no problems developed. I was able to reboot without a problem and the system32 folder stayed in windows, closed, where it belonged. The experience was one of growth and learning. I grew angry, and learned that no matter how much you may learn about computers, you can still be caught by a smooth operator and forced to hack the registry to escape.
I'm once again prowling the internet, learning what's new and how to avoid it. since eternal vigilance is the price of freedom. If you find you have the problem I had, just drop me a line and I'll try to help you break the spell.
The Ancient Magician
During the last few days I have been fighting an evil spell, on that tried to make me go to a website that I neither needed nor wanted. It all began with a 'codec' for Windows Media player that was actually a 'Trojan Horse". I had a file that was supposedly a standard windows media file, but that wouldn't open. A message popped up announcing that I 'needed a new codec' to view this file. I, being credulous, immediately downloaded the file in question and installed it. Well, imagine my surprise when I found the "Zlob" trojan on my system. I quickly removed it, (in about an hour) and then began to remove all the little "extra's" that the codec had installed. After removing some registry errors, 'http://support.microsoft.com/?kbid=170086' and several files that were in odd places, not to mention one in the System32 folder of windows, I thought I had the problem fixed. I didn't.
As soon as I restarted the computer, the System32 folder appeared, open, on my desktop. I began cleaning the registry of invalid entries, making the (accurate) assumption that the problem was there. 150 entries later, I was begining to dispair of ever learing the truth about the source of the problem. I had removed every invalid entry and more than a few entries that were just old, outdated, or led nowhere. Still I didn't stop the problem. I started looking on the web for an answer, and someone suggested that a registry entry with a path to the system32 folder might be the answer. I realized that the path would have to end with system32\ and started searching. Today I found one, which was a kernel32 entry in the HKLM section of the registry, specifically in the Explorer\run area, and which had a path to the System32 folder. I backed up the registry and deleted the entry. Luckily it was the right entry and no problems developed. I was able to reboot without a problem and the system32 folder stayed in windows, closed, where it belonged. The experience was one of growth and learning. I grew angry, and learned that no matter how much you may learn about computers, you can still be caught by a smooth operator and forced to hack the registry to escape.
I'm once again prowling the internet, learning what's new and how to avoid it. since eternal vigilance is the price of freedom. If you find you have the problem I had, just drop me a line and I'll try to help you break the spell.
The Ancient Magician
posted by VRay | 11:27 AM
0 Comments:
Post a Comment
<< Home