You are right, and that is exactly what mine said to the "lsass" part rather than what our friend who solved the problem said.
I actually just changed the shell to exactly what I wrote before, did not put "explorer.exe" at the front of it. I dont know about what happens when you open explorer, but my feeling is the virus changed the path.
LSASS is apparently short for
Local Security Authority Subsystem Service
And is a windows file that can get caught up in the blitz that is viruses, can someone just let us know if it is still okay to change the shell to c:\windows\explorer.exe without putting lsass in somewhere else.
Also one reprocussion of doing this switch is that my internet explorer freezes on every start up now, so obviously something is still wrong in the register, does anyone know where in the register I can correct issues with Internet Explorer? Or will a simple re-install solve it?
Quote:
Originally Posted by Unregistered  I did what you all said and removed my trojan. Before I change the values for the Shell in the registry to what you said, I'll repeat my current values to check if they are like yours:
"Explorer.exe C:\WINDOWS\Config\lsass.exe"
I'm assuming I have to change that to
"Explorer.exe C:\WINDOWS\explorer.exe"
However, I went to the windows directory, found the file, and when I clicked on it a documents window opened up. Does that mean the trojan changed the explorer file to open up to documents? What happens when you click on the explorer.exe file in the windows directory?
Also, I'm not sure the registry items in the Norton database are correct because Vista uses a different registry setup than XP/Me/98, right? (I've noticed that for example this key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\
Policies\Explorer\Run] doesn't exist!) |