Can you open Regedit?
Press Start > ’R’ and in the Open box type: regedit
If not, press Start > ’R’ and in the Open box type: cmd
At the command prompt type (or copy/paste) the following commands, one at a time, and press ‘Enter’ after each:
copy regedit.exe regedit.com
You should now be in the registry editor.
On the menu bar click ‘File’ and select: Export
Save the Registry as registry.bak.
If Registry Editor opened successfully, navigate to the following key:
Double-click the (Default) value in the right hand pane
Delete the current value data, and then type the following, exactly as shown, including the quotes and asterisk:
Next, navigate to HKEY_CLASSES_ROOT\.exe
In the right-hand pane, Double-click the (Default) value in the right hand pane
Change the value to: exefile
Exit the Registry Editor.
Now, can you open explorer?
And, if not, one last option:
Use a clean computer and download FixNCR.reg:
(NCR = Name Changing Rouge)
Save the .reg file to a removable USB flash drive, external drive, or CD/DVD.
Insert the removable device into the infected computer
Open the drive letter associated with the removable device.
You should now see the FixNCR.reg file that you had downloaded.
Double-click on the FixNCR.reg file to fix the Registry on your infected computer.
Agree to the Registry changes, if prompted.
Retired - Doin' Dis, Dat, and slapping malware.