Expert: Carolyn Meinel - 3/27/2007

Question
hi,

I use Windows XP SP2.
My computer has started rebooting on it's own.
Recently a spyware was detected and deleted. Presently there are no viruses.

[ Spyware>  <System>=>HKEY_CLASSES_ROOT\MAGNET   Detected: magne2t ]

How to restore the deleted registry key and what should be done about the auto rebooting ?


Thanks,
Zedd  

Answer
It sounds like you have two problems here, as deleting this Registry key would not normally cause rebooting.

This Registry key is required for the operation of many P2P (peer-to-peer) programs used for downloading files from other people's home computers. Examples include Kazaa Media Desktop, Limewire, Morpheus, Shareaza, Bearshare, and Xolox. These P2P programs typically are used to obtain copyrighted music and video files for free. If you wish to use any P2P programs, you can get this Registry key back by either using System Restore at date before the Registry key was removed, or by reinstalling any of these P2P programs.

However, there is a good reason why your antispyware program deleted this key. Many evil programs exploit your P2P programs and this associated Registry key to commit computer crime against you. Furthermore, using P2P programs to download files from the computers of strangers is extremely dangerous because many home users, either by accident because of an infection with some sort of crime program, or out of malicious mischief or a desire to break into your home computer, end up sending dangerous programs to your computer, disguised as files you want.

Next, your rebooting problem. Even if you have never downloaded files from other home computers, your computer still might be infected with a virus or worm that is causing the rebooting. For example, the Blaster worm has an error in its programming (an effect not intended by its creator, Jeffrey Lee Parson, who went to prison for creating this worm) that makes Windows reboot. If your computer is infected with Blaster, it might give this message just before rebooting: "Windows must now restart because the Remote Procedure Call (RPC) Service terminated unexpectedly."

If indeed a worm or virus is causing the rebooting, this means your antivirus has been unable to delete it. Some of these evil programs even take over your antivirus program and damage it enough that it can't protect your computer any more.

Here are some ways to fix the reboot problem.

1) Use System Restore.

2) If this doesn't work, try uninstalling your antivirus and install a new one to see if it can discover and remove hidden infections. For example, you could install the free trial version of F-secure Internet Security at http://www.f-secure.com/home_user/support_and_downloads/evaluations/

This program is a complete Internet security suite so it has a good chance of eradicating whatever is attacking your computer.

3) If this doesn't work, you will have to reformat the hard drive and reinstall everything. This is what most computer repair places do (they call it "nuking"), so you may as well save money and do it yourself. Be sure to back up all your data first! If you are lucky, your computer came with a set of CDs that will reset it automatically to the factory default. Some computers even have the factory default setup files on a hidden partition on your hard drive that you can activate upon booting to reinstall it. Either of these options will reinstall all your programs that came with the computer, but you may have to reinstall everything else, including your peripheral devices such as printers, scanners, etc.

If you don't have either of these reinstallation options, you will have to start with your operating system disk. Boot with it in your CD drive and it will offer options. If you choose the option that warns it will delete all your data, this is the right one because it will reformat the hard drive, making it clean of all the errors caused by power-outs.

This also will remove any malware lurking on your hard drive. Be sure to reinstall your antivirus and antispyware programs -- to be safe, install them from CDs that came with the original packaged software, not from files that you had downloaded and originally saved on your hard drive. Any program saved from your hard drive might have become infected by viruses. If you originally bought them from an Internet download, it is safer to download new copies. Next, get their online updates before putting your data on the hard drive or installing any programs. This will ensure that these programs can clean out any malware lurking on your backups. Don't trust any programs you stored on a backup CD as these could be infected -- either install them from the original CD they came on.

4) To prevent future infections, don't use Internet Explorer, as it is susceptible to introducing viruses, worms, Trojans, adware and spyware etc. into your computer. Instead you could use Firefox, free from Mozilla.org . If you use Outlook for email, you could become safer by using Thunderbird, free from Mozilla.org, or Eudora, free from Eudora.com .