Hi,

I followed Norton Antivius' instruction to rid Trojan.Vundo. It said I had
to remove the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Since I had a doubt, I simply changed the key's name from Explorer to
Explorer__. Then my start->programs where I run applications became empty.
I tried to change Explorer__ back to Explorer. But regedit always said
Explorer has been existent, even after I delete Explorer first. Is there a
way to recover my old Explorer? Or, can I copy/paste subkeys from
Explorer__ to Explorer? But I didn't find the paste command in regedit.
Please help me out. I'm kind of stuck. I should have backed up the
registry first. Any help is appreciated.

Tony

Run regedit, navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer_
then File|Export and save the key, then open the *.reg file with notepad.exe
and edit all instances of "Explorer_" to "Explorer", then merge the file
back into the registry.

Always do make a backup before editing the registry.

Programs|Accessories|System Tools|Backup, then choose ERD, then if you check
the box for "Also backup....", then the reg will also be backed up to
%windir%\repair\RegBack
leaving the
%windir%\repair\
directory files intact as original installation.


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"Tony Young" wrote:
| Hi,
|
| I followed Norton Antivius' instruction to rid Trojan.Vundo. It said I
had
| to remove the following registry key:
|
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
|
| Since I had a doubt, I simply changed the key's name from Explorer to
| Explorer__. Then my start->programs where I run applications became
empty.
| I tried to change Explorer__ back to Explorer. But regedit always said
| Explorer has been existent, even after I delete Explorer first. Is there
a
| way to recover my old Explorer? Or, can I copy/paste subkeys from
| Explorer__ to Explorer? But I didn't find the paste command in regedit.
| Please help me out. I'm kind of stuck. I should have backed up the
| registry first. Any help is appreciated.
|
| Tony
|
|

In addition to Dave's instructions, you should be aware that either you
didn't read the Norton directions carefully, or Norton tech support has
degenerated to a level of incompetence that I had not thought possible.
Deleteing that entire key could not possibly make anything better. If
your system wasn't broken before you did that, it was bound to be broken
afterward.


Tony Young <jdt_young@yahoo.com> wrote:
> I followed Norton Antivius' instruction to rid Trojan.Vundo. It said I had
> to remove the following registry key:

> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

> Since I had a doubt, I simply changed the key's name from Explorer to
> Explorer__. Then my start->programs where I run applications became empty.
> I tried to change Explorer__ back to Explorer. But regedit always said
> Explorer has been existent, even after I delete Explorer first. Is there a
> way to recover my old Explorer? Or, can I copy/paste subkeys from
> Explorer__ to Explorer? But I didn't find the paste command in regedit.
> Please help me out. I'm kind of stuck. I should have backed up the
> registry first. Any help is appreciated.

> Tony



--
Gary L. Smith
Columbus, Ohio

Symantec instructions on this web page:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.html

include the following:

k. Navigate to and delete the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ActiveState

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}

Note that the last entry should be read as one long line, so it was not
meant to delete the whole key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

I hope this clears up the doubts about Norton tech support.

"Gary Smith" wrote:

> In addition to Dave's instructions, you should be aware that either you
> didn't read the Norton directions carefully, or Norton tech support has
> degenerated to a level of incompetence that I had not thought possible.
> Deleteing that entire key could not possibly make anything better. If
> your system wasn't broken before you did that, it was bound to be broken
> afterward.
>
>
> Tony Young <jdt_young@yahoo.com> wrote:
> > I followed Norton Antivius' instruction to rid Trojan.Vundo. It said I had
> > to remove the following registry key:
>
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
>
> > Since I had a doubt, I simply changed the key's name from Explorer to
> > Explorer__. Then my start->programs where I run applications became empty.
> > I tried to change Explorer__ back to Explorer. But regedit always said
> > Explorer has been existent, even after I delete Explorer first. Is there a
> > way to recover my old Explorer? Or, can I copy/paste subkeys from
> > Explorer__ to Explorer? But I didn't find the paste command in regedit.
> > Please help me out. I'm kind of stuck. I should have backed up the
> > registry first. Any help is appreciated.
>
> > Tony
>
>
>
> --
> Gary L. Smith
> Columbus, Ohio
>

Dave,

I understand all you said except for "... merge the file back into the
registry". Did you mean to run regedit and then file/import the *.reg?
Or should I notepad-edit the system's .reg file and paste my
modification? Then where is the system's .reg file? Please advise.
Thanks for your previous email. It helps a lot and gives me some
confidence the system can be recovered.

Tony

Dave Patrick wrote:
> Run regedit, navigate to
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer_
> then File|Export and save the key, then open the *.reg file with notepad.exe
> and edit all instances of "Explorer_" to "Explorer", then merge the file
> back into the registry.
>
> Always do make a backup before editing the registry.
>
> Programs|Accessories|System Tools|Backup, then choose ERD, then if you check
> the box for "Also backup....", then the reg will also be backed up to
> %windir%\repair\RegBack
> leaving the
> %windir%\repair\
> directory files intact as original installation.
>
>

Double-click the REG file or right-click on it and choose 'Merge'

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"Tony Young" wrote:
| Dave,
|
| I understand all you said except for "... merge the file back into the
| registry". Did you mean to run regedit and then file/import the *.reg?
| Or should I notepad-edit the system's .reg file and paste my
| modification? Then where is the system's .reg file? Please advise.
| Thanks for your previous email. It helps a lot and gives me some
| confidence the system can be recovered.
|
| Tony