David,
I may have found a cure and trust me I know very little about computers you can tell by my questions.
Let me test it for a day or so.
OK, fingers crossed ;D
I went to regedit not from run / command . Had to download a shortcut to regedit to open it.
did a search for mshta.exe
then had to look very carefully for “%1”%* coming after mshta.exe.
if it was any different than above I had to modify it to above and then delete entry.
It was only in one place. I either restarted or not, can’ remember and did some searching.
I’ve done a lot of searching since in Firefox search bar using google and Yahoo and so far no hijacking to Advertising links. none.
Also downloaded NoScript and at first it was annoying but now I kind of think it is doing things to help me.
my CPU and internet connection are fast. So I am happy.
I will work on regedit problem from run command. thanks.
You’re welcome.
NoScript whilst a bit of a pain at first it doesn’t take long to build up permissions for your favourite sites, provided you trust the site (though it is possibly that it could be hacked, but you then have the web shield also).
You can export your noscript whitelist so you have a copy so you don’t have to start from scratch if you have to reinstall firefox or the add-on at any time; just import the saved whitelist into your new installation, etc. and no need to have to allow all those you already did.
creating a folder on desktop
going to windows folder
finding regedit.exe
copy to new desktop folder
rename it regedit.com
will not allow me to open regedit
or trying run command regedit.exe or regedit.com.
However this does works from desktop
“C:\Program Files\Safer Networking\RegAlyzer\RegAlyzer.exe”
If you place regedit.com in C:\ as in the desktop you would have to enter the full path into the run command for it to find and run regedit.com
Use the windows Start, Run and copy and paste c:\regedit.com and click OK.
If you are using Vista you are going to have to jump through some hoops first. right click on wherever you have regedit.com and select Run As now you would select administrator and you have to enter the password.
David,
I found this.
http://www.raylanddelosreyes.com/how-to-restore-regedit-taskmanager-ang-msconfig-using-vbscript/
Downloaded restore.vbs file. it ran then I went to enter regedit in run / open nothing happened.
I shut down, had lunch rebooted, tried again and it worked.
I can enter regedit in open box and regedit opens.
another question. should this file be in registry? after doing registry search for mshta
@C:\WINDOWS\system32\mshta.exe,-6412
I honestly don’t know, but it appears to be a legitimate file name, though that doesn’t mean it isn’t a) infected or b) in the wrong location (mine is in the system32 folder). I have no idea why there would be an @ character before the path.
http://www.liutilities.com/products/wintaskspro/processlibrary/mshta/
Why were you doing a search for mshta.exe in the registry anyway ?
There are many registry entries for mshta.exe in mine, none with -6412 though most end in ,1
This all started when I had a problem with clicking in google or yahoo search box in Firefox and hijacked to another site after clicking on some link and seeing URL appear in URL box and a second later be hijacked to a advertising site.
I tried to find forum I found information, so I could show you link that explained to search for mshta.exe with an ending other than “%1” %* in registry
I found one with “%1”*
so I changed it to “%1” %*
then deleted whole line.
Either I rebooted or again went to google search bar in Firefox and what do you know I was able to go to a site from results from yahoo or google without going to an advertising site.
Never mind about -6412 ending. So far my CPU and connection speeds are find and no problems.
I found link about mshta.exe
and I did delete all of them if I found them in list shown in below link and everything seems to be fine with my computer.
You have to find more than just one link you have to consider the other legitimate links for that file name or you could end up doing some serious damage.
Add to that this site is rated dangerous by WOT (web of trust), http://www.mywot.com/en/scorecard/exterminate-it.com, so you have to exercise due care in where you get your information from.