annoying Virus problem

[AlleyCat]

I got the Badtrans virus awhile ago, but norton's caught it and cleaned it up. But it left a little side effect. Everytime i start up it open my Systems 32 folder to the desktop. Does anyone know how to make that stop? Thanks <img src="confused.gif" border="0">

[jay015]

Check this removal tool from Symantec! From one cat to another!

<a href="http://securityresponse.symantec.com/avcenter/venc/data/[email protected]" target="_blank">http://securityresponse.symantec.com/avcenter/venc/data/[email protected]</a>

[AlleyCat]

I tried that, but the folder still pops up.

[orange]

Run MS System Info and check to see if the folder has been added to the startup items. Also check each shortcut in the Start Menu->Programs->Startup folder to make sure none have been messed with.

[tha 4NiK8R]

Badtrans (and magistr, etc) creates some bogus regstry entries that will cause this...Here is the fix:
Start:Run:regedit

HKEY_LOCAL_MACHINE
-SOFTWARE
--MICROSOFT
---WINDOWS
----CURRENT VERSION (at this point you may see some differences based on the OS you are running)
-----Run (this is standard and obviously where you want to start)
-----RunOnce
-----RunServices (possible location for some crap, clean this bad boy out)
-----RunServicesOnce

If you see any "Run..." keys that have and "_" or a "-" in from of them they are bogus and you can delete them (note: export them just incase you screw up and delete the wrong one).

Also clean out any crap in the legit "Run..." Keys (don't delete the actual keys, just clean out the crap that is in them). I would recommend leaving your Anti-virus, SysTray, and maybe the task scheduler. Remove everything else, since most of what is there is a by-product of the virus anyway (like the system32 opening on startup).

**Disclaimer: screwing with the registry is for people with skills only, if you are an id10t then you are on your own and I don't want to hear any whining about how you hosed your machine.