If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
HKEY_CLASSES problem
My AdAware has been repeatedly sending me this bug message:
HKEY_CLASSES_ROOT:regfile\shell\open\command It activates on startup. I"ve gone thru my start up menu, have deleted = just about everything, but have to run the ad aware every morning before = I go on line, since this one particular file keeps coming up as a = possible trojan. For the life of me I can't find it. I've looked for = the file, I've sent the registry file finder to search for it, and it = can't find it. SpyBot misses it, Spyware blaster misses it, WinCleaner = misses it, my virus protection misses it, and my firewall has no record = of it. All of my programs are up to date, and I check daily if there are = updates before I log off for the evening) My AdAware is on the newest regfile. It says this file is a = vulnerability, possible trojan, and low threat, but none the less, I = can't even find it to get rid of it, much less know what it is. =20 Would anybody have any idea what this file is, where I can find it and = what I can do about it ? Thank you in advance Bev |
#3
|
|||
|
|||
HKEY_CLASSES problem
Thank you for your suggestion. I did follow your directions exactly, =
rebooted, ran ad aware at start up again and the same message comes up = over the quarantine window..... 1 object recognized...1 registry value defined, and then the quarantine = notice says: WINDOWS =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=A F=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF obj[0]=3DRegData : regfile\shell\open\command I'm not looking for a file, I'm trying to get the continual quarantine, = possible virus found message to stop. Haven't a clue what this thing is = doing when I go on line. It gets contained if I run the AdAware before = connecting. Bev "Mike M" wrote in message = ... Bev, What file are you looking for? I suspect the problem is not due to any = file=20 but that AdAware is informing you that the default action for a regfile = is=20 Open. IMO this is particularly dangerous and should be changed to Edit. = You=20 can do this using Control Panel | Folder Options | File Types, browse to = filetype REG, click Advanced, highlight edit and then click "Set = Default". Ok=20 and Apply out. --=20 Mike Maltby caroskos caroskos wrote: My AdAware has been repeatedly sending me this bug message: HKEY_CLASSES_ROOT:regfile\shell\open\command It activates on startup. I"ve gone thru my start up menu, have deleted just about everything, but have to run the ad aware every morning before I go on line, since this one particular file keeps coming up as a possible trojan. For the life of me I can't find it. I've looked for the file, I've sent the registry file finder to search for it, and it can't find it. SpyBot misses it, Spyware blaster misses it, WinCleaner misses it, my virus protection misses it, and my firewall has no record of it. All of my programs are up to date, and I check daily if there are updates before I log off for the evening) My AdAware is on the newest regfile. It says this file is a vulnerability, possible trojan, and low threat, but none the less, I can't even find it to get rid of it, much less know what it is. Would anybody have any idea what this file is, where I can find it and what I can do about it ? Thank you in advance Bev=20 |
#4
|
|||
|
|||
HKEY_CLASSES problem
Bewv,
Haven't a clue what this thing is doing when I go on line. I've tried to explain what this report is referring to and it has nothing to do with going on line but rather the default action for reg files. If you have modified the default action to Edit from Merge you can now safely ignore or exclude the AdAware warning. You can check this for yourself by right clicking on a reg file and seeing which of the various actions is highlighted. -- Mike Maltby caroskos caroskos wrote: Thank you for your suggestion. I did follow your directions exactly, rebooted, ran ad aware at start up again and the same message comes up over the quarantine window..... 1 object recognized...1 registry value defined, and then the quarantine notice says: WINDOWS ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[0]=RegData : regfile\shell\open\command I'm not looking for a file, I'm trying to get the continual quarantine, possible virus found message to stop. Haven't a clue what this thing is doing when I go on line. It gets contained if I run the AdAware before connecting. |
#5
|
|||
|
|||
HKEY_CLASSES problem
Thank you for your help in this matter. I've made sure that Edit is in =
the default, and have now put the file into Ignore on my AdAware = program. I'm breathing easier ) This has been driving me wild for = nearly a week and I couldn't figure out what had happened. You've been = most kind helping me to understand and solve this problem.=20 Thank you again Bev "Mike M" wrote in message = ... Bewv, Haven't a clue what this thing is doing when I go on line. I've tried to explain what this report is referring to and it has = nothing to=20 do with going on line but rather the default action for reg files. If = you=20 have modified the default action to Edit from Merge you can now safely = ignore=20 or exclude the AdAware warning. You can check this for yourself by right = clicking on a reg file and seeing which of the various actions is = highlighted. --=20 Mike Maltby caroskos caroskos wrote: Thank you for your suggestion. I did follow your directions exactly, rebooted, ran ad aware at start up again and the same message comes up over the quarantine window..... 1 object recognized...1 registry value defined, and then the quarantine notice says: WINDOWS = =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=A F=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF obj[0]=3DRegData : regfile\shell\open\command I'm not looking for a file, I'm trying to get the continual quarantine, possible virus found message to stop. Haven't a clue what this thing is doing when I go on line. It gets contained if I run the AdAware before connecting. |
#6
|
|||
|
|||
HKEY_CLASSES problem
Bev,
No problem. I just hope that my analysis is correct (I believe that to be the case). Cheers, -- Mike Maltby caroskos caroskos wrote: Thank you for your help in this matter. I've made sure that Edit is in the default, and have now put the file into Ignore on my AdAware program. I'm breathing easier ) This has been driving me wild for nearly a week and I couldn't figure out what had happened. You've been most kind helping me to understand and solve this problem. Thank you again |
#7
|
|||
|
|||
On Mon, 9 Aug 2004 13:37:23 -0700, caroskos wrote:
I've made sure that Edit is in the default, and have now put the file into Ignore on my AdAware program. Yes, I think AdAware is prone to false positives here, in that it sees any changes from duhfaults as possibly hostile - e.g. - any use of about:Blank as IE home page - any non-standard associations for .reg etc. So when you change from risky duhfaults to something smarter, AdAware may highlight this as an "intrusion". Such is life, when one lives in a room without walls... we lost that game when the industry decided it was fine and proper to allow web sites programming rights on visitor's PCs, and trying to push even the genie's toes back into the bottle (as XP SP2 sets out to do) causes "you broke our app!" pain. ------------ ----- --- -- - - - - Drugs are usually safe. Inject? (Y/n) ------------ ----- --- -- - - - - |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Continued problem with Slow System | bgaard | General | 9 | January 13th 05 11:08 PM |
strange vid problem, strange error | heynow | General | 2 | July 2nd 04 02:37 PM |
restore problem | nbp3665 | New Users | 0 | June 20th 04 04:09 AM |
E-mail Password problem | Benny | Networking | 0 | June 5th 04 03:32 AM |
identities problem | PA Bear | General | 6 | May 22nd 04 09:24 PM |