Virus disabled all .exe

November 22, 2009 at 10:43:21
Specs: Windows XP

Yesteday I apparently downloaded a virus. I use Norton anti virus, but it wont let me access it saying I havent yet accepted the license agreement =(

No programs load, with windows informing me that the files appears to be infected. Everything except firefox and explorer are disabled. IE pops up by itself, to display porn sites =/

Theres a thread posted recently about not being able to open exes but I cant download whatever was suggested, nor can I open notepad. The run feature does appear to work though.

Any help would be fantastic =)

See More: Virus disabled all .exe

Report •

November 22, 2009 at 11:25:52
Go to the following link with internet explorer (not firefox) if possible, click on .exe file association fix> click run (no need to download it.

Go to the following file association fix link:

You may need to download the to a usb drive or cd and run it on the infected computer but first try to run it from the infected computer (this means both programs).

Please download Rkill from the following link.


Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.

If nothing happens or if the tool does not run, please let me know in your next reply.

If that worked do the following:

Please save this file to your desktop.


Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.


1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.

Report •

November 23, 2009 at 05:00:49
Hi Jabuck,

As far as I'm aware, the only protection on the computer is Norton, and anything default included in the XP package.

I ran the file association fix, which brings up the containing folder in explorer.

I downloaded Rkill to the desktop and the dos box appeared briefly (I presume as you said it would, rather than disappearing straight away like the infected .exes seem to)

I ran the Win32kdiag file too (hoping Rkill was a success) and the log appears on the desktop, judging on how lengthy you said it could be, I really dont think it's what you're after:

Running from: D:\Documents and Settings\Gavin Ransom\Desktop\Win32kDiag.exe

Log file at : D:\Documents and Settings\Gavin Ransom\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

I've also used the last file, the RSIT file. I can see the disclaimer screen for half a second before it disappears, with no log or new file appearing anyway.


Report •

November 23, 2009 at 16:02:27
Try running running them in safe mode and remember that norton's av must be turned off at it could be interfering with RSIT.

I that does not work see if this tool will run:

Please download OTL from following site:


1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Click the “scan all users” checkbox.
4. Push the “run scan” button.
5. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Report •

Related Solutions

December 13, 2009 at 08:43:53
I am having the exact same problem as this poster. I have followed the instructions to no avail. I wrote the files to a cd but the infected computer says there are no files on the cd. I even tried in safe mode but it says the drive is inaccessible. Some one please help.

Report •

Ask Question