[accedentally opened a .exe with rats in it]

13 hours ago, stackz said:

To delete the registry value open an admin command prompt and enter:

REG DELETE "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f

what will it do ?

[accedentally opened a .exe with rats in it]

10 minutes ago, Marcos said:

It is generally not a good idea to disable AV and play with malware samples on a real machine. What you can do is to check for registry changes reported by app.run on your machine and revert the necessary values.

yes ill send the changes

PID

 

2928

CMD

 

reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\admin\AppData\Local\Temp\gscmeme\gscmeme.exe.lnk" /f

Path

 

C:\Windows\system32\reg.exe

Indicators

 

 

Parent process

 

cmd.exe

User

 

admin

Integrity Level

 

MEDIUM

Exit code

 

0

Version:

Company

 

Microsoft Corporation

Description

 

Registry Console Tool

Version

 

6.1.7600.16385 (win7_rtm.090713-1255)

 

 

file.txt

[accedentally opened a .exe with rats in it]

so i accedentally opened a ratted file .exe with my stupid head i didnt know that if u dragged something onto a other file itll open it so that happend but i had my eset anti virus disable for a second but when the exe opened i turned my eset back on and it deleted a file now i ran the ratted file in any.run and it shows that it changed regedit files how do i get my pc clean cus idk if the files are deleted or that my pc is still ratted this is my school laptop and i have alot off files on it so i dont wanna reset it