These are not windows files. I would suspect
they were the virus files. What was the name
of the virus?
--
Regards,
Bert Kinney [MS-MVP DTS]
http://members.home.com/dts-l/
"Jim" wrote
> I ran a virsus scan and it deleted the follwing three
> files. How can I get them back without reloading the
> software?
>
> qgtil.exe
> win98vxd.exe
> dihguddpjs.exe
Read this standard post but ignore the names, as this trojan creates
random names.
It is part of a virus or trojan.
How you fix it at this point depends on what variety you have.
It looks like a Backdoor variety so you may have a reference to
seblcbfoswjq.exe in system.ini and seblcbfoswjq.exe in the Registry.
If you can edit system.ini, then look for the "Shell=explorer.exe"
line and remove anything following that.
The line must read:
shell=Explorer.exe
but yours probably reads:
shell=Explorer.exe biyafhstnv.exe
Just remove the space and the biyafhstnv.exe
The next is a Registry edit. You will see some details in the urls
below, but it depends on whether you can run Regedit.exe
You may be able to rename Regedit.exe to Regedit.com to alter the
Registry or you can import the attached exefix.reg (emailed to you
only)
This is what exefix.reg is like:
-----
REGEDIT4
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
-----
You can try this:
The Cleaner-for Trojans: http://www.moosoft.com/cleaner.html
There are a few Trojans about, but try these for an idea.
Check this page for details on the SubSeven trojan
http://www.hackfix.org/
SubSeven 2.0 Server
Aliases: Backdoor.Trojan, Pinkworm
http://www.symantec.com/avcenter/venc/data/sub.seven.20.html
Aliases Multidropper.c, Passport.exe, Passport, Backdoor-G, DUNpws.w
http://vil.mcafee.com/vil/tro10393.asp
http://www.datafellows.com/v-descs/subseven.htm
--
"Do not Panic! Your password is correct. It just looks wrong!" - MS-MVP Kelly
--------------------------------
Doug Knox, MS-MVP Windows 9x/XP
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Associate Expert
ExpertZone - http://www.microsoft.com/windowsxp/expertzone
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
"Jim" <heyj...@aol.com> wrote in message news:12c9701c1b282$f9782de0$3def2ecf@TKMSFTNGXA14...
a. Most likely your system will have lost the ability to open .exe
files so reboot with your Windows emergency floppy disk in. When you
get to an A: prompt, type: C: and hit enter. When you get to a C:
prompt, type: CD windows and hit enter. When you get to a Windows:
prompt, type: copy regedit.exe regedit.com and hit enter. This
should give you the ability to use the registry editor. Remove the
floppy and reboot the PC.
b. Open the registry editor (start menu, run and type:
regedit.com) to this key: HKEY_CLASSES_ROOT\exefile\shell\open\command
In the right pane, right click default and select modify. Cut and paste
this information to the value data: "%1" %* and click OK. This
should allow you to use .exe files so open the Explorer to the Windows
folder.
c. Double-click the system.ini file and look for a line like this
in the boot section:
shell=explorer.exe "random.exe" or shell="random.exe" Remove
"random.exe" so the line reads:
shell=explorer.exe and then save the file.
d. Double-click the win.ini file and see if "random.exe" is listed
after the load= or run= lines. If so, delete it and save the file.
Note: there could be a legitimate entry listed along with "random.exe"
but I would delete it also. If you do, write down the name that you
delete and figure out if it is needed after your PC is functioning
properly.
e. Do a find on your hard drive for "random.exe" and if found,
delete it. (Note: for steps e and f, if you noticed more than one name,
search on both of them.)
f. Open regedit.exe and do a find on "random.exe" and if found,
delete it.
2. Here are other sources to check out if you need them:
F-Secure Virus library: http://ftp.datafellows.com/virus-info/
NAI Virus library: http://vil.nai.com/vil/default.asp
Symantec Virus library: http://www.symantec.com/avcenter/vinfodb.html
The Cleaner (Trojan remover software):
http://www.moosoft.com/cleaner.html
--
Regards
Ron Badour, MS MVP W95/98 Systems
Tips: http://badour.freewebsites.com/index.html
Knowledge Base Info:
http://support.microsoft.com/default.aspx?pr=kbinfo&