Jump to content

tetsuo000

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. This workaround did the trick for me as well, but not the way i expected. After executing each command, nothing happened. Typically when something is registered with regsvr32 a popup box indicating success or failure pops up, unless the /s switch is applied (i work with COM). I was like "uh oh," and i opened the task manager and sure enough, 3 different regsvr32.exe processes were jumping all over the place. They were being created and destroyed so quickly that any attempts to kill them resulted in an error, saying the process didn't exist. I did a search for regsvr32.exe and found at least 5 copies of various sizes in various folders (in addition to the C:\windows\system32 where the real one lives). i deleted all except the one in C:\windows\system32, then tried it again, it did the same thing as before. I compared the file size to the one on my other computer and it was significantly different (real was 12K, malware was 68k). i copied the 12K known good version of regsvr32.exe to the infected computer in the C:\windows\system32 folder. I ran regsvr32 /? at the command line and i received the usage popup that i was expecting. i then repeated the workaround suggested by halladayrules and was able to update and run malwarebytes anti-malware. That was the beginning of the "purification" thanks for making the culprit show itself!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.