A pc with Win98 and PC-Cillin antivirus started playing up last week. Whenever an executable file was run a pop-up window with following error "Could not locate ndnjqbo.exe to run Application file". Then it gives me the option of trying to locate this file. I did a search of the entire C: drive but found nothing. A search on a working Pc with Win 98 didn't find this file either. Does anyone know of a virus that can do this sort of damage?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ndnjqbo.exe
- Thread starter Kaicolo
- Start date
mmm...it sounds like an infection by the swen.a worm,
though it could be an aftermath of another malware.
You can refer to the manual cleaning for swen.a:
Everytime windows starts an application it queries a special registry entries. For .exe files, it queries the HKEY_CLASSES_ROOT\exefile\shell\open\command\{default} in the registry. viruses modifies this entry to hijack the execution, thereby executing the virus, then the virus will execute the .exe file requested (or sometimes infects them). I think a virus did this to your system, but the virus is no loneger existing thus the system gives you that error.
But be careful in tweaking the registry, one miss and the system dies....
though it could be an aftermath of another malware.
You can refer to the manual cleaning for swen.a:
Everytime windows starts an application it queries a special registry entries. For .exe files, it queries the HKEY_CLASSES_ROOT\exefile\shell\open\command\{default} in the registry. viruses modifies this entry to hijack the execution, thereby executing the virus, then the virus will execute the .exe file requested (or sometimes infects them). I think a virus did this to your system, but the virus is no loneger existing thus the system gives you that error.
But be careful in tweaking the registry, one miss and the system dies....
- Thread starter
- #3
Thanks for your help enkie!
What I didn't mention in my first note is that I'd gone ahead and deleted the windows directory on the PC and reinstalled windows. When I ran the scanning utility for Swen it found two files in the backup of the windows directory. But even now with the reinstall it still doesn't feel right. Now when I try to get into the registry it says that it's locked by the Administrator.
What I didn't mention in my first note is that I'd gone ahead and deleted the windows directory on the PC and reinstalled windows. When I ran the scanning utility for Swen it found two files in the backup of the windows directory. But even now with the reinstall it still doesn't feel right. Now when I try to get into the registry it says that it's locked by the Administrator.
Sounds like virus (again) has disabled regedit
try to make a tekst file with this and save it to your
as regini.reg
and double click it.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
try to make a tekst file with this and save it to your
as regini.reg
and double click it.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
- Thread starter
- #5
Soaplover,
Just to clarify, you want me to create a file with the following entry -
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
and save it as regini.reg. Where did you want me to save it to? I'm guessing c:\windows\system32
Just to clarify, you want me to create a file with the following entry -
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
and save it as regini.reg. Where did you want me to save it to? I'm guessing c:\windows\system32
save it on the desktop with the name regfix.reg
double click it makes it be read into registry fixing
the key that locks down regedit
vurrent value im sure is DisableRegistryTools"=dword:00000001
It should be a blank line between windows... blablaa and the hkey
like this:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
double click it makes it be read into registry fixing
the key that locks down regedit
vurrent value im sure is DisableRegistryTools"=dword:00000001
It should be a blank line between windows... blablaa and the hkey
like this:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
- Thread starter
- #9
try booting in safe mode and run hijackthis.
safemode (hold down "ctrl" key while booting).
regedit shuold also be availible from safe mode
Hijackthis download it from here:
Post the results of hijack this (don't delete anything you are not sure about)
safemode (hold down "ctrl" key while booting).
regedit shuold also be availible from safe mode
Hijackthis download it from here:
Post the results of hijack this (don't delete anything you are not sure about)
Hi Kaicolo,
Download McAfee's fixswen.inf to your desktop, (or floppy) then right click on it and choose 'Install'.
Download McAfee's fixswen.inf to your desktop, (or floppy) then right click on it and choose 'Install'.
- Thread starter
- #12
- Status