Can anyone help?
AVG free has picked up & deleted a virus on my system called SCtri.exe. The only problem is, is that I keep getting a window coming up when I start my computer saying that windows cannot find C://WINDOWS\system32\drivers\SCtri.exe.
How can I get rid of this window at startup?
Any help most appreciated.
SCtri.exe virus
-
Rotten Ralph
- Captain
- Posts: 317
- Joined: 16 Jan 2007, 18:16
- Version: FS9
- Location: Farnborough, Hants
Hi David,
It sounds to me like it has left a registry entry on you pc, which is looking for the deleted file on start up. If you have a registry scanner / cleaner I would run that and see what it corrects.
Or
Follow the below link to the removal tool for that Virus you had / have.
http://www.virusremovalguru.com/?p=1196
Mark
It sounds to me like it has left a registry entry on you pc, which is looking for the deleted file on start up. If you have a registry scanner / cleaner I would run that and see what it corrects.
Or
Follow the below link to the removal tool for that Virus you had / have.
http://www.virusremovalguru.com/?p=1196
Mark
Mark
-
Blank Fang
- MAIW Veteran
- Posts: 449
- Joined: 29 Aug 2006, 16:32
- Version: FS9
- Location: LSZH
David
Go Start Run type regedit and click OK
Now Browse for
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Run
Now look for a Key with the value C://WINDOWS\system32\drivers\SCtri.exe
Now delete this entry.
Note
Be very careful when manipulating your registry as improper changes may well lead to a system that doesn't run.
The safer method is using the msconfig utility.
Go Start Run type msconfig and click OK
In the Tab register search for the entry containing SCtri.exe and deactivate it.
I usually browse Google for the virus name in this case search SCtri.exe or consult the homepage of one of the renowned antivirus companies for remowal instructions.
------
Willy
Go Start Run type regedit and click OK
Now Browse for
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Run
Now look for a Key with the value C://WINDOWS\system32\drivers\SCtri.exe
Now delete this entry.
Note
Be very careful when manipulating your registry as improper changes may well lead to a system that doesn't run.
The safer method is using the msconfig utility.
Go Start Run type msconfig and click OK
In the Tab register search for the entry containing SCtri.exe and deactivate it.
I usually browse Google for the virus name in this case search SCtri.exe or consult the homepage of one of the renowned antivirus companies for remowal instructions.
------
Willy
-
Rotten Ralph
- Captain
- Posts: 317
- Joined: 16 Jan 2007, 18:16
- Version: FS9
- Location: Farnborough, Hants
Mark & Willy
Thank you both for answering my call for help, alas none of the things you instructed me to do worked. I have also tried the registry cleaner on a program called CCleaner which got rid of a lot but not the SCtri.exe.
Willy
I did as instructed but there was nothing in the regestry called SCtri.exe, and still I get the window saying that windows could not find the SCtri.exe.
Again thanks for the help both. I suppose a total format of the computer might clear the problem but that is a last resort?
Dave
Thank you both for answering my call for help, alas none of the things you instructed me to do worked. I have also tried the registry cleaner on a program called CCleaner which got rid of a lot but not the SCtri.exe.
Willy
I did as instructed but there was nothing in the regestry called SCtri.exe, and still I get the window saying that windows could not find the SCtri.exe.
Again thanks for the help both. I suppose a total format of the computer might clear the problem but that is a last resort?
Dave
Dave,
Its sounds like you have something in the startup calling it, but not in the registry. Try using this Startup control panel http://www.mlin.net/StartupCPL.shtml.
I have had it installed for years. The beauty of it is that you can also deselect stuff rather than just plain delete it in case you are not sure about the consequences.
Installing and running this, will show you what is calling for the exe.
Its sounds like you have something in the startup calling it, but not in the registry. Try using this Startup control panel http://www.mlin.net/StartupCPL.shtml.
I have had it installed for years. The beauty of it is that you can also deselect stuff rather than just plain delete it in case you are not sure about the consequences.
Installing and running this, will show you what is calling for the exe.
Steve
_______________________________________________________
Quid Si Coelum Ruat
_______________________________________________________
_______________________________________________________
Quid Si Coelum Ruat
_______________________________________________________
-
Rotten Ralph
- Captain
- Posts: 317
- Joined: 16 Jan 2007, 18:16
- Version: FS9
- Location: Farnborough, Hants
-
Rotten Ralph
- Captain
- Posts: 317
- Joined: 16 Jan 2007, 18:16
- Version: FS9
- Location: Farnborough, Hants
Dave,
Before you try that, switch off your system restore and then try your anti virus proggy again.
The reason is that most virus progs hide in the system restore area and re-infect your pc when you reboot. I find it very strange that not one path in a tab in the startup panel points to that exe, for something to be called it either has to be in the registry or in a startup folder and that shows both.
Before you try that, switch off your system restore and then try your anti virus proggy again.
The reason is that most virus progs hide in the system restore area and re-infect your pc when you reboot. I find it very strange that not one path in a tab in the startup panel points to that exe, for something to be called it either has to be in the registry or in a startup folder and that shows both.
Steve
_______________________________________________________
Quid Si Coelum Ruat
_______________________________________________________
_______________________________________________________
Quid Si Coelum Ruat
_______________________________________________________
-
Ford Friendly
- Lieutenant Colonel
- Posts: 823
- Joined: 08 Jul 2007, 22:15
- Version: FS9
That's true.
But one of the ways that such viruses hide is that they store a "backup copy" of themselves elsewhere under a different name, part of the startup routine then being renaming the virus file and executing it. So, what happens is you MIGHT find the "x.exe" you look for but "y.exe" is actually the "virus" which respawns.
Sneaky little buggers -- this style of virus was "discovered"/created at a Romanian university which actually ran classes (and now awards degrees) in virus writing.
But one of the ways that such viruses hide is that they store a "backup copy" of themselves elsewhere under a different name, part of the startup routine then being renaming the virus file and executing it. So, what happens is you MIGHT find the "x.exe" you look for but "y.exe" is actually the "virus" which respawns.
Sneaky little buggers -- this style of virus was "discovered"/created at a Romanian university which actually ran classes (and now awards degrees) in virus writing.
Why waste 'trons for a snappy signature when I can use this?
-
Rotten Ralph
- Captain
- Posts: 317
- Joined: 16 Jan 2007, 18:16
- Version: FS9
- Location: Farnborough, Hants
Finally, after 4 formats of my hard drive it looks like I have got rid of it. Everything went well installing windows XP, but as soon as I put my virgin cable modem installer disk in and tried to load the modem drivers etc, It would load & take me to the virginmedia web site & the SCtri.exe would appear?
The last time I formatted the drive, loaded XP & went strait on the net without trying to load the cable modem, everything was fine.
Thanks to all for the suggestions anyway.
Dave
The last time I formatted the drive, loaded XP & went strait on the net without trying to load the cable modem, everything was fine.
Thanks to all for the suggestions anyway.
Dave