none
Fixing malware issues related to shell extensions RRS feed

  • Question

  • Hello,

    I have win xp home edition and am trying to clean up a big mess.  To make a long story short, a ton of malware invaded my computer and I'm in the process of cleaning it up.  Next, the malware messed up my registry so that the c & drives were not visible in win explorer, along with the search function, run command, etc.  I got those fixed myself after a little bit of research.  What I found on the c drive is 3 folders, each with a random id assigned to it.  Each folder has an update subfolder inside and if I try to open it, it says "access denied".  Next, I looked in the shell extensions and found a folder in the approved section with the id of "bdeadfoo..." on it.  Pardon the pun, but that is a dead give away.  Obviously, the malware attacker's program put itself on the approved list.  How do I safely remove the malware from the "approved list" and hopefully be able to access the folders?  I want to see what's inside to learn what it is doing to my computer, then I will delete it.

    What freeware or low cost programs can I use to make changes or get additional information on these registry changes?  I'm using regedit and process monitor so far.

    Regards,

    Mark
    Wednesday, July 16, 2008 3:12 PM

Answers