Why this thing appears after infections deleted?

After my pc was infected by several worms, trojans, and viruses (32 files were infected and I chose to delete them when antivirus detected them) ...got from portable flash drive this exe with nos. then appeared.

What can you say on this thing, coz I am worried that it may destabilized my pc if I delete this or make it not to run on start up coz it is on the windows log on.

One thing was that, it always annoys me....it always pops up everytime I log in.

 

Your antivirus software deleted the malware, but not the registry/system.ini entries that tells Windows to automatically run the malware on startup. Windows tries to do so, and subsequently tells you it cannot find the malware (which was already removed by your AV).

Just delete the autostart entries by hand, and you'll be fine.

 

Sweater , Using Autoruns , you can uncheck the o4181027.exe entrie , restart and the messages will disapper.

 

And next time , when you plug in a flash drive , simply hold down the Shift key from the keyboard . This will make the flash not start automatically .

Open My Computer , right click the flash drive , choose to scan with your AV . Then open the flash

 

No, you should NOT do that, as it will disable that launch point altogether; as a consequence the Windows shell will not load at boot, and you'll have no desktop...

It can be fixed manually by editing the Registry and removing *only* the "o4181027.exe" part of the value data, or by running the HijackThis diagnostic application and having it "fix" the line in question. the latter will restore the Windows default for that reg value.

Both should be done under expert supervision, unless you know what you're doing.

So I suggest you post at one of the forums specializing in malware removal

Here are a few good ones:

http://www.bleepingcomputer.com/forums/index.php?
http://www.geekstogo.com/forum/forums.html
http://www.spywareinfoforum.com/index.php?act=idx
http://www.techsupportforum.com/
http://forums.whatthetech.com/forums.html
http://forums.techguy.org/

Launch a forum topic in the appropriate section of the board detailing your problem, and one of the analysts will be happy to help.

Good luck!

 

OK, I guess I can offer you this quick fix:

Copy the text inside the 'Quote' box to Notepad, and save in a location of your choice as Fix.reg (make sure you save as type: 'all files')

Doubleclick Fix.reg, and answer yes when prompted to add its contents to the Registry. Restart your computer, and you should no longer get that message.

 

Many tnx for that quick warning notice.... ...I just nearly disable this thing but then hesitate to do so coz of some techno limitations.

You really is a techno expert.

 

Pls, can u elaborate this thing in details....step by step...in a more simple manner coz I am not good that yet in understanding a more complicated computer terms...specially the registry part. Also, this can be only be done in the administrator acct?

Tnx..

 

Copy the contents of the quote box and paste it in a notepad. Save it as "Fix.reg" in the desktop. Right-click Fix.reg and choose "merge". Allow it. If you cannot do it in normal mode, do it in safe mode.

thanatos

 

It is not hard to do.Copy the three lines inside the Quote box. Now open Notepad (You can do that easily by going to Start > Run > type notepad then press Enter.

Now paste the three copied lines into Notepad.

In the Notepad Menu bar click File > Save as.

In the Save As dialogue, be sure to change "Save As file type" from "text documents" to "all files".

Now save as (file name) fix.reg, for example on your Desktop.

Now find and double-click the fix.reg file you've just created, and answer yes to the prompt (alternatively you can right-click and choose 'merge', no difference.)

 

SUCCESS!!!

It does work as expected, many tnx...Tony. Those pop-ups are now gone. Can I now delete the notepad that turns into registry icons or is it safe to delete now that it already merge into registry?

I have some question on this.

1. Why it happens that way? Are those viruses or worms that infected my pc "changes" the registry settings and when deleted by antivirus it now produces error? are this really causes by that infections?

2. Regarding bout registry. In your own personal opinion. Is there really a need to use a Registry Cleaner/s? Can we consider it a must for a pc...or we can live for life with our pc without a registry cleaner?

 

That's good to hear.

Yes, you can delete the registry file now; it has served its purpose.

Yes, Viruses, worms and trojans will install files and folders, then modify the registry in order to make sure the malware is activated at boottime. It is common for an antivirus to delete the files, but leave the registry keys/values intact, thus creating the kind of error message you experienced.

I have mixed feelings about registry cleaners. In the majority of cases orphaned registry keys and values are relatively harmless, and will not cause problems or impact performance..

If I had to recommend one that is relatively benign, while still doing a good job, it is the one incorporated into CCleaner

Just make sure you answer yes when asked whether you want to back up before changes are made to the Registry.

And I also recommend you use software to compact the Registry every now and then; that generally has a favorable effect.

You can use NTRegopt for that.


Finally, I still think you ought to pay a visit to one of the forums I listed, as there could conceivably still be some malware left on your machine.

 

yep, it was a poor removal of the threat.

i think you should also consider the purchase of Rollback RX Pro, to avoid such thing happening again

to quote a very wise man, "The Anti-Virus Software Market Is A Big Bubble"

 

Personally, I couldn't.
.

 

Right indeed, any ISR-software would have solved this problem with a simple reboot.