win98se

msconfig and other commands will work fine from "run"

but

regedit gives an error of an "illegal operation" ---- an "unspecified exception"

[don't microsoft love this melodramatic cloak and dagger terminology] :michaelan ;)

at OE14:23DA [the error code changes each time I attempt to run it]

I can open regedit o'k by clicking on the regedit .exe


help appreciated ;)


ps what's regedit.com ? that's in the system folder

Rename regedit.com to regedit.sav (if can not be done in windows, go to dos)
Now run regedit from Start key and see if it runs.
Yes? Infected
Try all the normal (normal these days) updated virus scan, cwshredder, spybot, hijackthis (post results in cyber help forum), adaware, etc.
Let us know.:wave:

P.S Also could be Navidad Trojan (http://www.pchell.com/virus/navidad.shtml)
It the above does not work, try this link.:michaelan

Thanks very much Darth

regedit works when I rename it

I'm pretty familiar with my hijack this read out and doublechecked ones I wasn't sure about on the web - nothing odd I see in there

I'd already scanned with kaspersky. avg, nod32, adaware se, spybot, spysweeper, cws
and tauscan and they reveal nothing [I don't run 3 av's if you are wondering ]

However I recall my AV intercepting something recently so I checked the log and it was worm Alcan.A which creates regedit.com among other things, so maybe thats it ?

cmd.com
ping.com
regedit.com
taskmgr.exe
tasklist.com
taskkill.com
netstat.com
tracert.com

I'm in the process of looking and have found the above but none of the p2p related stuff mentioned on this link _http://www.k7computing.com/virusInfo/WormAlcanA.htm

I'll look into the rest later today and get back to you

rgds

That's all I found, I deleted those entries [they're still gone after reboot] everything seems o'k and regedit is still working
I also ran the Navidad fix as a precaution - thanks.

I hope that's it !

Hi Grumpyy, if you are concerned that baddies may still be on your PC, disable your antivirus program and go here (http://www.bitdefender.com/scan/licence.php) and run an online scan with BitDefender. When the ActiveX Control has loaded, under Scan Options, check all options and select the drive you want scanned. Post back the log if anything was found and you need help to remove it.

Hi AnneMarie

Thanks for the link - all clear !

But I did scan at panda's online check after I posted above and it found
and removed :

Process File: winupdate or winupdate.exe
Process Name: RADO virus

Description:
winupdate.exe is added to the system as a result of the RADO virus. It is a backdoor Trojan horse and gives remote access to your computer.

Funnily enough I'd noticed it the day before in my startup list
I have a little utility which allows me to uncheck programmes from startuo or rmove redundant entries - I remember wondering about it and unchecking it from startup
then forgot to investigate further - doh !
Still no harm done it couldn't run lol

Heh, that was good thinking. :D I am glad that all is well now Grumpyy and thanks for the update. :)