enkai.exe

Here we have a Rootkit.0Access.XGen Virus/Malware attack, which kept sending out requests to websites (most likely to continue the malicious attacks on the host computer). We made a change in the TrendMicro settings to now block automatic access of certain websites, so we are being notified of Unauthorized URL’s.

Virus/Malware: enkai.exe

Hard Drive Location:
C:\Documents and Settings\%username%\Application Data\Yvqouw
Remember to always look for bogus folders in the Application Data directory. Yvgouw is definitely bogus.

There was also a variant bogus folder with the files xono.oco and xono.tmp:
C:\Documents and Settings\%username%\Application Data\Ungue

Also remember to take this time to clean out:
C:\Documents and Settings\%username%\Local Settings\Temp

Registry Location:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The blocked websites:
http://nahwisohch.ru/bin/xxl.bin
http://munaeghohz.ru/bin/xxl.bin
http://jupaizeuph.ru/bin/xxl.bin

Microsoft Update Error 0×80070424

Found this little tidbit if you are receving an error message when trying to update Windows XP via Microsoft Update.

Error: 0×80070424

Fix: (thanks to here)

· Click Start
· Click Run
· Type/Paste the following:
%SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL
· Click OK

By this, you will be reregistering the WUAUENG.DLL file.

Other errors causing similiar Microsoft Update issues can be referenced in this Microsoft article.

How to view/hide hidden files in Windows XP and Windows 7

How to view/hide hidden files in Windows XP and Windows 7:

· Open Windows Explorer
· Alt+F to display menu (if not already present)
· Click Tools
· Click Folder Options
· Click View
· Click Show hidden files, folders, and drives
· Click OK

kb00045929.exe

Today we came across another Trojan.Agent according to Malwarebytes Anti-Malware.

Filename: kb00045929.exe

The filename and entry were located in the following of a Windows 7 computer.

Hard drive: C:\Users\%username%\AppData\Roaming\

Registry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Please note that although we are posting these by filename, the filename may be merely variants and randomly generated by the actual Virus/Malware. For this reason, when you do detect Virus/Malware on your computer, you should also take a moment to look in the same locations for other oddly named files/folders such as those named with only a few numbers or mixed numbers/characters.

While you are viewing the C:\Users\%username%\AppData\Roaming\ you should also check:
· C:\Users\%username%\AppData\Local\
· C:\Users\%username%\AppData\Local\Temp (delete items you can in here)
· C:\Users\%username%\AppData\Roaming\LocalLow

** %username% ** replace with the actual username(s) folders within the C:\Users directory on the specific computer you are working on, as this will change with each computer by user.

To do the above, you must first enable the option to view hidden files, if not already enabled. Click here to see how to do that.

Here are the similar folders to check in Windows XP.
· C:\Documents and Settings\%username%\Application Data
· C:\Documents and Settings\%username%\Local Settings
· C:\Documents and Settings\%username%\Local Settings\Temp (delete items you can in here)

How to perform a search of your Registry in Windows XP and Windows 7

How to perform a search of your registry for a particular file/entry you believe may be infected or suspected Virus/Malware:

Windows XP
· Click Start
· Click Run
· Type Regedit
· Press Enter

Windows 7
· Click Start
· Type Regedit
· Press Enter

Regedit
· Click Edit on the menu
· Click Find
· Enter file name
· Click Find Next
· You can press F3 to find the next entry

WARNING: The Registry is an important component of Windows and any incorrect changes could affect your entire system in a negative way; from causing applications to fail to work properly or even keep Windows from being able to load.

If you know for sure a particular file is infected by Virus/Malware, you can find its location and where it has infiltrated your registry and remove it from here. But this is just a pointer to the actual file(s), which must also be removed from within the file structure of your hard drive. You can see the steps to perform a search of your hard drive here.

How to perform a search of your hard drive in Windows XP and Windows 7

How to perform a search of your hard drive for a particular file you believe may be infected or suspected Virus/Malware:

Windows XP (Microsoft Documentation)
· Click Start
· Click Search
· Click All files and folders
· Click More advanced options
· Check Search system folders and Search hidden files and folders
· Type the file you are looking for in the Search box
· Click Search

Windows 7 (Microsoft Documentation)
· Open Windows Explorer
· Type the file you are looking for in the Search box to the top right
· Click Computer directly under the Search Again In options

You can right click the file(s) and choose delete, but make sure to ensure it is infected or a virus and not a necessary file for your system or application software to run correctly.

If the system will not allow you to delete the file, please read here for possible solutions.

21D.tmp

We recently had a Virus/Malware attack on our network by the names of TROJ_GEN.R28C7KB and TROJ_KAZY.SMO which were infecting the bogus files named 018.exe and 21D.tmp within C:\Program Files\LP\E650\ on a Windows XP machine.

TrendMicro found and cleaned three (3) in which these same files were located on the hard drive. Malwarebytes Anti-Malware also removed five (5) which TrendMicro did not find. Malwarebytes is free, but TrendMicro also has a free antivirus (here) which can be run from a web browser.

Even so, we had to manual search the registry and hard drive to find and delete a few more instances of similar files with number and mixed number/character names elsewhere on the hard drive. Sorry, did not manage to note these before they were removed.

Click here: to see how to run a full search of your hard drive
Click here: to see how to run a full search of your registry

018.exe

We recently had a Virus/Malware attack on our network by the names of TROJ_GEN.R28C7KB and TROJ_KAZY.SMO which were infecting the bogus files named 018.exe and 21D.tmp within C:\Program Files\LP\E650\ on a Windows XP machine.

TrendMicro found and cleaned three (3) in which these same files were located on the hard drive. Malwarebytes Anti-Malware also removed five (5) which TrendMicro did not find. Malwarebytes is free, but TrendMicro also has a free antivirus (here) which can be run from a web browser.

Even so, we had to manual search the registry and hard drive to find and delete a few more instances of similar files with number and mixed number/character names elsewhere on the hard drive. Sorry, did not manage to note these before they were removed.

Click here: to see how to run a full search of your hard drive
Click here: to see how to run a full search of your registry

Welcome!

Welcome to PC Regeneration.

By definition, regeneration means the state of being made over into a better form, or revived. In theology it is considered a spiritual rebirth. It is not the discarding or destroying of the old and replacing or creating of a new, but rather a quickening or revitalizing of something which has been corrupt or useless to make it into something that is cleansed and useful.

Just as those who repent of sin and put faith in Jesus Christ for salvation are not destroyed and recreated through regeneration – but are made new through Him unto good works – so can your computer quite often be cleansed of its Virus/Malware issues and put back into productivity without having to be replaced before it’s time. Of course, as with man, we are appointed once to die, but after this the judgment.

With this site, we hope to simply give people some information and links to tools that will hopefully help you perform the needed cures on your own computer, while saving you money from having to bring it into a computer shop or purchase a new system before you really need to.

Thanks for the visit.