"David H. Lipman" wrote:

> From: "ph23vo" <ph23vo@discussions.microsoft.com>
>
> | i was told to modify a file in [regedit] but i accidentally deleted it...
> | and to top it off i had disabled system restore and it dumped all my previous
> | restore points.. the file i think i deleted is..."shell"= Explorer.exe out of
> | HKEY_LOCAL_MACHINE\ software\microsoft\windows\current version\winlogon can
> | anyone tell me if that file should be in there [ what it does ] and can i
> | somehow replace it? i get a ACCESS IS DENIED when i try and download XP home
> | pack 2...my memory is hazy as i have been working on this all day..appr it
> | dan
>
> Next time ask anti malware questios in the *RIGHT* locations and you'll get the correct
> advice.
>
> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
> alt.privacy.spyware
>
>
>
> Two part reply..
>
> Perform Part 1 then perform Part 2.
>
> If the first two parts don't work, perform the alternate utility.
>
> It is suggested that you execute each tool in Normal Mode then in Safe Mode.
>
> If you are using any version of Sun Java that is prior to JRE Version 5.0,
> then you are strongly urged to remove any/all versions that are prior to JRE
> Version 5.0. There are vulnerabilities in them and they are actively being exploited.
> It is possible that is how you got infected with malware.
>
> Therefore, it is highly suggested that if there are any prior versions of Sun Java
> to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
> be installed ASAP.
>
> http://www.java.com/en/download/manual.jsp
>
>
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click...click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before performing another scan.
>
> ALTERNATE:
>
> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
>
> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>
> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>
>
> Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
> reply.
>
> * * * Please report back your results * * *

dave thanks the above is what i finally found and it removed the spy axe
and zlob .. however when i tried to update at microsoft.com the update pack
2 loads halfway and then goes to "access is denied" theres still something
wrong as my computer is slow and acts sluggish [maybe due simply to a half
installed pack 2 dont know] unfortunately the original info i had got was
where i screwed up this deal is there a tool for repairing/replacing missing
files in regedit ? thanks for the help dan
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>