Atlast! Got rid of that damn warning.
msconfig did not show up this thing. No amount of standard registry scans helped me find this. I looked at the standard Run, RunOnce & Shell hives under HKLM/Software/Microsoft/Windows/CurrentVersion/. Just no use. No entries that were tell-tale traces of this VirusRemoval.vbs.
But done at last! Took some patient Google-searching though. Some kind soul had provided the entire code of the VirusRemoval.vbs script file at:
http://www.thinkdigit.com/forum/showthread.php?t=71097. Looking at the code was enough to tell me where the virus had made entries in the registry.
Goto: HKLM/Software/Microsoft/WindowsNT/CurrentVersion/Winlogon. Under that, you will find a key called Userinit. Double click that key. A dialog box will open up with a string parameter. Edit that to remove just the offending entry. Warning: If you are not sure what the offending entry is, DONOT modify the key. Please post back the contents of the key here, and we could work out something!
After cleaning up my registry, the value of Userinit for me is: C:\WINDOWS\system32\userinit.exe
Good Luck!<div class="blogger-post-footer">My experiments with Computers, Computing, Programming & Software.</div>
|
Original design for Tumblr crafted by Prashanth Kamalakanthan. Adapted for Tumblr & Jekyll by Sai Charan. Customized theme available on Github. Sai Charan's blog by Sai Charan is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. |
|