Winampw.exe and Symantec - PROBLEMS 1

[chrispl]

Windows XP Pro SP1. I upgraded Symantec Norton Antivirus 2003 signature filesand restarted the computer.

Norton showed a message that BACKDOOR.OPTIXPRO.12 virus was found and it deleted C:\WINDOWS\WINAMPW.EXE file.
None of the startup programs started.

When I try to start ANY program, I get a message:

"Windows cannot find 'FILENAME'. Make sure you typed the name correctly and then try again."

I guess it's the same as Windows 2000 "file or one of its components could not be found".

I did some research on the backdoor found on my system and it should not cause the problems described above, especially that I'm behind a firewall (Sonicwall) and I doubt that someone could connect to my computer.

My question is: why can't I run any problems? The virus (according to its description) shouldn't cause that issue, could Norton AntiVirus delete some registry entries/path/variable?
Any hints for troubleshooting?

Thanks

 

[AVChap]

Probably because the "virus" changed the registry key for opening executable files. Check the value of the following reg key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

Make sure that it has <&quot;%1&quot; %*> as the value to get everything back to normal.

BTW, copy REGEDIT.EXE to REGEDIT.COM first so you can change this

HTH, AVChap
... take my advice, I don't use it anyway!

 

[chrispl]

That was it !!! It put winampw.exe in front of the usual value.

I tried opening the registry before but I didn't think of renaming it

Thanks

 

[LOUNA]

i was unable to open my start up progrmas after getting rid of a virus, u mentioned in the above article to check the reg. key? which key do u mean? so i can be able to use my start up programs again. and i'm also unable to install any programs at the same time unable to use them. pls. tell how to solve this prob. regards.

 

[AVChap]

HKEY_CLASSES_ROOT\exefile\shell\open\command

Check the value. It should only read <&quot;%1&quot; %*> without the brackets.

HTH, AVChap
... my $1 worth of advise, 2cents isn't enough due to inflation

 

[RajuAbju]

Hi, I also had the same problem with the winampw thing in the registry. I followed your instructions on changing the value to only <&quot;%1&quot; %*>

My question now is, is it safe to delete the winampw.exe file from my c:\windows directory? My other programs are all working fine now, but I am not sure what this file is, and if erasing it could somehow mess something else up?

Also, the same BACKDOOR.OPTIXPRO.12 provirus has also been found in my regsrv.exe file in the c:\windows\system32 directory. Any help for removal of that problem as well? Thanks

 

[Warr]

I also have this virus (attached to winampa.exe and regsrv.exe) I editted the regkey, but I want to know what to do about regsvr.exe. Thanks

 

[VILenin]

Sorry for posting so late, but I really need to know. Norton Antivirus deleted winampw.exe and I dont know how to fix that, I looked in the registry and everything was like it should be. But the file is gone.... Help please.

 

[AVChap]

What's the problem? Do you really need the winampw.exe file? I'm pretty sure you don't want a trojan running on your machine now, would you?


AVChap
... WARNING: The Surgeon General says to take my advise at your own risk.