i have a virus that wont let me open anything

May 5, 2011 at 21:12:52
Specs: Windows XP
I Have a virus on my computer i just tried to open system restore internet exp. and my avg. every time i try and open anything it says open with. i select what to open it with and it asks to run or save i selected run it looks like its starting to download stops then goes back to the open with page. can anyone help?

See More: i have a virus that wont let me open anything

Report •


#1
May 6, 2011 at 07:47:24
Give this a whirl first to fix the exe file association:

If your EXE file associations are corrupted, what you are experiencing can happen.

See if you can go to: http://www.dougknox.com/

In the left hand column, click: WinXP fixes
In the list that appears, click: File Association fixes
In the next list, click: EXE File Association Fix

Next, save the file to the Desktop
Go to the Desktop, and right-click the xp_exe_fix.zip file
Select: Extract all…

A folder: xp_exe_fix appears
Open the folder, and double click the xp_exe_fix.reg file

However it can be difficult to open REGEDIT, or to even import REG files.
To work around this, press CTRL-ALT-DEL and open Task Manager.
Once there, click File, then hold down the CTRL key and click New Task (Run).
This opens a Command Prompt window.
Enter REGEDIT.EXE and press Enter.

Go back to the Desktop, and double click xp_exe_fix.reg

Allow the reg file to merge into the Registry

Let us know how it goes, and we will take it from there. We can work this another way.


Report •

#2
May 6, 2011 at 17:59:50
i tried that but it keeps saying "tab recovered. a problem with this webpage caused internet explorer to close and recover the page." and it starts me back to the begining ive tried doing this numerous times and it doesn't work.
even if i try to download something to fix it it says open with. i cant do anything on my laptop

Report •

#3
May 6, 2011 at 19:11:05
This is essentially the Doug Knox fix in a way that should run and fix the problem.

Open Notepad: Start > All Programs > Accessories > Notepad

If you cannot open Notepad, press CTRL ALT DEL (simultaneously), and open Task Manager.
Once there, click File, then hold down the CTRL key
Click: New Task (Run)

This opens a Command Prompt window.
Enter: Notepad, and press Enter.


Now, copy and paste ALL the Registry code that appears below into Notepad, including the Windows Registry Editor Version 5.00 title:


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"


In Notepad go to File and select: Save as
Save as: XPexefix.reg
Save to the Desktop

Now, go to the Desktop
Double click on the XPexefix.reg file
When prompted, say yes to merge into Registry
Reboot to take effect.

Any progress?


Report •

Related Solutions

#4
May 7, 2011 at 22:27:26
yes it worked i can open everything again with no prob. thank you very much.. do i still need to go to that website on the first post and do all that to ensure it wont happen again?

Report •

#5
May 8, 2011 at 10:19:08
download McAfee site adviser.it will tell you if a site you are visiting has viruses on it.and also download a good antivirus!! avast free perhaps!

Report •

#6
May 8, 2011 at 12:31:01
malia,

You do not need to go to the website on Post #1. It dealt with file associations.

We do need to see where we are at, and plan any additional removal strategy, if necessary.

Please download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:
http://download.cnet.com/Malwarebyt...

Double-click mbam-setup.exe and follow the prompts to install the program. (For Vista or Windows 7, select: Run as Administrator)


Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the Remove Selected button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.


Please post the Malwarebytes log in your reply, and we will take it from there. :-)


Report •

#7
May 11, 2011 at 20:18:16
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6559

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/11/2011 10:17:24 PM
mbam-log-2011-05-11 (22-17-24).txt

Scan type: Full scan (C:\|)
Objects scanned: 221707
Time elapsed: 41 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 36
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 19
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419D-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Monta\Local Settings\Application Data\tcc.exe" -a "C:\Program Files\Intern") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\clickpotatolite\bin\10.0.668.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReports2) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0684fa02-ad9c-46db-8208-8fe90895fcd6}\RP101\A0032346.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0684fa02-ad9c-46db-8208-8fe90895fcd6}\RP102\A0032382.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0684fa02-ad9c-46db-8208-8fe90895fcd6}\RP102\A0032383.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0684fa02-ad9c-46db-8208-8fe90895fcd6}\RP102\A0032385.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\Monta\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.


Report •

#8
May 11, 2011 at 22:42:21
How is the system running now?

Report •

#9
May 11, 2011 at 22:42:22
How is the system running now?

Report •

#10
May 11, 2011 at 22:42:22
How is the system running now?

Report •

#11
May 11, 2011 at 22:44:46
Sorry for the triple posting. Something got hung up at this end.

Report •

#12
May 13, 2011 at 22:27:56
its okay. well everything is running fine now. i appreciate it alot thank you !!

Report •

#13
May 13, 2011 at 22:41:18
You're welcome. Glad to help

Have a great weekend!


Report •

#14
May 18, 2011 at 14:24:12
i tried everything above and it wont work, i cannot run avg, malware or any programs like it, not even on safe mode. What else can i do? thanks in advance

Report •

#15
May 18, 2011 at 17:39:08
irving1234,

Please start your own case/question. It gets rather confusing, otherwise.

Also, we need to know what operarting system you are using, XP, Vista, Windows 7?


Report •

Ask Question