Virus block my registry, and changes inf file type... (T.T)
Most Indonesian virus change the registry setting. Then it does everything to stay alive by blocking access to many programs including registry editor. Usually you can just write your registry modification to an .inf file. But in some case, the virus changes the inf file type from Setup Information to Text Document. This effectively blocks the install command when you press the right mouse button on an inf file. If this happen, you can use this command from the run menu or command prompt:
Rundll32 setupapi,InstallHinfSection DefaultInstall 128 [filepath]
in case the virus also hide run menu and block *.exe file from registry debugger, then you need to first kill the virus, then open command prompt manually from c:\windows\system32\cmd.exe. If the virus does block *.exe file using debugger, this action will prompt a question on what program you want to use to open cmd.exe. Choose cmd.exe (if it’s not there in the choice, then browse it in c:\windows\system32\cmd.exe). And a command prompt will pop up. After that you just need to enter the command above.
No comments:
Post a Comment