troyano cryptic.ctc

May 3, 2011 at 15:45:54
Specs: Windows XP
My AVG detects this virus, but can not delet it.
My computer got infected with a virus that came as a ttachement in a UPS delivery notification e-mail.
Now when I try to open some applications, or try to go to System Restore, it either tells me the application or file is not found, or a "Open With" dialoge box comes up, for me to choose wihich program to use.

See More: troyano cryptic.ctc

Report •

#1
May 3, 2011 at 19:46:20
Does it happen in safe mode too?

How do you know when a politician is lying? His mouth is moving.


Report •

#2
May 3, 2011 at 20:09:26

J Marin,

If you can, backup the HKEY_CURRENT_USER Registry key following these instructions:
http://pcsupport.about.com/od/windo...


Next, download RegSearch:
http://www.xs4all.nl/~fstaal01/down...

Save to your Desktop.
Then unzip, and click on the regsearch.exe to run the tool.

If you have problems opening RegSearch, open Task Manager, press CTRL + SHIFT + ESC.
Click File, and then press CTRL and click New Task (Run…) at the same time.
A command prompt opens.
At the command prompt, type regsearch.exe to run the tool, and then press ENTER.

In the display panel, copy and paste the following into the upper box:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Click Okay.

Once the scan completes a textbox opens
>>Please copy/paste the contents in your reply.<<
(The RegSearch.txt log is also found in the same lfolder as the regsearch.exe file).

If you can get into Safe Mode with Networking, you can download RegSearch and run it from there.


Report •

#3
May 3, 2011 at 21:03:07

Or, get a manual reading of what the Registry key for .exe actually shows at this point…

Open Task Manager, press CTRL + SHIFT + ESC.
Click File, and then press CTRL and click New Task (Run…) at the same time.
A run prompt opens.
Type cmd, and then press ENTER.

This opens a command prompt with a blinking bar.
In the command window, at the blinking bar, type the following and press Enter: cd\

At the C:\> prompt, copy/paste all of the following, and press Enter:

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" /v .exe

Information for this Registry key should appear in the command prompt window.

Right-click in an empty area inside the black background, and choose: Select all
Then, copy/paste the information to Notepad, to post it in your reply

Type exit, and press Enter, to go out of the command window.


Report •


#4
May 4, 2011 at 08:16:05
Hi aaflac44;
Followed your instructions and below is report, thanks for helping:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cmd,
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd\

C:\>reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explo
rer\FileExts" /v .exe

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


Error: The system was unable to find the specified registry key or value

C:\>
C:\>


Report •

#5
May 4, 2011 at 08:56:32
Hi aaflac44;
Follow your instructions to use regsearch.exe, below Notepad report:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 04/05/2011 10:47:29 for strings:
; 'hkey_current_user\software\microsoft\windows\currentversion\explorer\fileexts'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Thanks for helping!


Report •

#6
May 20, 2011 at 13:14:26
Hi, my name is Marco.
Ive got the same problem as J Marin, only i also queep geting a bluescreen and my computer doesnt go on in normal mode sometimes. coul i get some help with it?
I´ve followed the steps above and here is the resolt of my scan:
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 20-05-2011 21:10:27 for strings:
; '"hkey_current_user\software\microsoft\windows\currentversion\explorer\fileexts" /v .exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...


Report •

#7
May 21, 2011 at 10:53:53
J Marin,

Run the following and see if you are able to open files:

Open Notepad: Start > All Programs > Accessories > Notepad

If you cannot open Notepad, press CTRL ALT DEL (simultaneously), and open Task Manager.
Once there, click File, then hold down the CTRL key
Click: New Task (Run)

This opens a Command Prompt window.
Enter: Notepad, and press Enter.


Now, copy and paste ALL the Registry code that appears below into Notepad, including the Windows Registry Editor Version 5.00 title:


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

In Notepad go to File and select: Save as
Save as: XPexefix.reg
Save to the Desktop

Now, go to the Desktop
Double click on the XPexefix.reg file
When prompted, say yes to merge into Registry
Reboot to take effect.

Any progress?


Report •

#8
May 21, 2011 at 10:56:23
marcofgm,

Please start your own topic.

It gets rather confusing having two posters and their problems involved.

Thanks!


Report •

Ask Question