Virus and disinfection related issues
The Windows Registry is a set of data files used to help Windows control hardware, software and the user's environment. Some viruses insert new registry values or edit existing ones to gain better control of the infected computer. For instance, Windows executes all instructions in the "Run" section of the Windows Registry. If a virus inserts its value in the "Run" section of the Windows Registry, it will execute each time the infected computer is booted up. For information on how to edit and delete values from the registry, see below: Locating a Key, Subkey, or Value To start the registry editor, click on Start -> Run and type regedit in the field. Press "Ok" to confirm. Now the registry editor opens. There are five different top-level registry keys (or hives). They each start with "HKEY", for example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft The keys and subkeys are listed in a folder tree in the left pane of Registry Editor. If you click a key or subkey in the left pane, information about that key appears in the right pane. To locate the registry key listed in this section, follow these steps: Click Start, click Run, type regedit, and then click OK. Expand HKEY_LOCAL_MACHINE. Expand SOFTWARE. Click Microsoft. Note: When you click the Microsoft subkey, the different values (but not subkeys) that it contains appear in the right pane. To view the subkeys, expand Microsoft. To locate a value, click the subkey that contains the value, and then view the contents of the right pane. Changing a Value To change the value data for the TestDWORD DWORD Value to 0 in the TestSubkey key, follow these steps: Expand HKEY_LOCAL_MACHINE. Expand SOFTWARE. Expand Microsoft. Click the TestSubkey subkey. Right-click the TestDWORD DWORD Value, and then click Modify. Type 0, and then click OK.
Deleting a Key or Value To delete the TestDWORD DWORD Value in the TestSubkey key, follow these steps: Expand HKEY_LOCAL_MACHINE. Expand SOFTWARE. Expand Microsoft. Click the TestSubkey subkey. Right-click the TestDWORD DWORD Value, and then click Delete. Click Yes to confirm that you want to delete the value.
For more information on how to backup, edit and restore the registry in Windows, please click on the appropriate link below:
HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Windows Server 2003
HOW TO: Backup, Edit, and Restore the Registry in Windows 2000
HOW TO: Backup, Edit, and Restore the Registry in Windows 95, Windows 98, and Windows Me
The RealTime Protector scans all files that you access on your computer, including e-mail attachments.
The RealTime Protector's method of scanning e-mail attachments varies according to the e-mail program you are using.
Outlook and similar e-mail programs:
Attachments are scanned when an attempt is made to run/open them.
Qualcomm’s Eudora and similar programs:
Because attachments are immediately saved to a folder they are scanned as the mail is downloaded. The result is that if you attempt to run an infected attachment the RealTime Protector will detect it, as long as the virus signature files are up to date.
Msearch.A is adware which we recommend you remove.
Open Add/Remove Programs in the Control Panel. Select the My Search Bar (MySearch variant), MyWay Speed Bar (MyWay) or My Web Search Bat (Myweb) entry and click Remove. If the MyWeb variant is listed, make sure you also remove Fun Web Products Easy Installer.
Then go to C:\Program Files and delete the MySearch folder.
You might have to disable the RealTime Protector before you can open the Control Panel. Right click the RTP icon on the Task Bar and select 'Disable'.
The RealTime Protector only detects, it does not disinfect. If the OnDemand Scanner is unable to disinfect it is likely that the reason is one of the following:
The infection is located in the system volume information folder and is therefore locked in the system restore. For further information, please browse : http://www.f-prot.com/support/windows/fpwin_faq/24.html
The infection is located in a system file in Windows and Windows has locked the file and so the OnDemand Scanner does not have write access to disinfect the file. In that case you will have to use the DOS/CMD scanner to disinfect your computer. For further information on DOS/CMD scanning, please browse the this webpage and select the appropriate operating system
The infection is located within an archive and F-Prot Antivirus does not support disinfecting within archives. When dealing with files inside archives, you can safely open the archive to see whether it contains any other files than the one that was detected by F-Prot Antivirus. If there are no other files, the archive is likely to have been created by some virus dropper and therefore the archive can be safely deleted.
Viruses and other malicious software infect computers by either modifying pre-existing files or by creating new files on the infected computer.
When set to disinfect F-Prot Antivirus automatically deletes files that have been created by viruses or other malicious software. This is an essential part of the disinfection process. On the other hand, if a pre-existent file has been modified, F-Prot Antivirus restores the file to its original state by removing all malicious code.
Both of these files are locked by the operating system and neither F-Prot Antivirus nor any other programs are allowed access to it and there is no security issue involved.
Pagefile.sys is part of the Virtual memory management in the operating system.
Hiberfil.sys stores information on running processes if the computer is hibernated (Stand by) instead of shut down. Thus on “wake up” the system is as before hibernating the computer.
This message is generated from Outlook Express, not F-Prot Antivirus. The reason is that a security option in Outlook Express (OE) 6.0 has been enabled. How to uncheck this security option in OE: 1. Open OE 6.0. 2. Click Tools, point to Options, and then click the Security tab. 3. Uncheck "Do not allow attachments to be saved or opened that could potentially be a virus." 4. Click OK. NOTE: The security option in OE is designed to increase the safety of e-mail usage. Although you have F-Prot Antivirus installed and update regularly, we recommend that you keep this safety option enabled.
Jdbgmgr.exe is a virus hoax. It is not harmful to your computer and is thus not detected by F-Prot Antivirus. The Jdbgmgr.exe file is a standard Windows component that is found in almost every Windows installation. It is used as Java debugger manager in Microsoft Java runtime engine. The icon of the original Jdbgmgr.exe file looks like a teddy bear and is therefore easily perceived as suspicious. However, it is NOT a virus. If you receive this hoax, please do not forward it.
The reason for this has mainly to do with long filenames and non-ASCII characters in file names. DOS only "understands" 8 character long filenames.
Therefore use the OnDemandScanner scanner to scan Windows NT 4.0 / 2000 / 2003 / XP systems. You can also use the command line scanner:
You use the same command lines as for the DOS scanner
The problem is that the system restore component of your Windows ME or XP has backed up your system while it was infected. System Restore is a component of Windows that you can use to restore your computer to a previous state, if a problem occurs, without losing your personal data files (such as Microsoft Word documents, browsing history, drawings, favourites, or e-mail). System Restore monitors changes to the system and some application files, and it automatically creates easily identified restore points. These restore points allow you to revert the system to a previous time. They are created daily and at the time of significant system events (such as when an application or driver is installed). You can also create and name your own restore points at any time. Follow the steps that apply to your operating system: Windows Me: 1. Close all open programs. 2. Right-click My Computer on the Windows desktop, and then click Properties. 3. Click the Performance tab. 4. Click File System. 5. Click the Troubleshooting tab. 6. Check Disable System Restore, click OK, and then click Close. 7. Click Yes to restart. This disables the System Restore feature and will purge the contents of the _RESTORE folder when the system is restarted. 8. Make sure you have up to date virus signature files for F-Prot and scan to disinfect. 9. Scan all files and all drives. 10. After cleaning the infected files, repeat steps 1 through 7, except in step 6, uncheck Disable System Restore. Windows XP: 1. Click Start, and then right-click My Computer. 2. Click Properties. 3. Click the System Restore tab. 4. Check Turn off System Restore. 5. Click Apply, and then click OK. 6. Restart the computer. 7. Make sure you have up to date virus signature files for F-Prot and scan to disinfect. 8. Scan all files and all drives. 9. After cleaning the infected files, repeat steps 1 through 6, except in step 4, uncheck Turn Off System Restore.
The RealTime Protector pops up because it has detected an infected file on the computer. In order to stop it from appearing the computer must be disinfected.