xp security virus...cant evenrun anything

May 9, 2011 at 10:52:02
Specs: Windows XP
hi all. i seem to have xp home security virus. i cant scan i get download malware bytes or anything even if thing arre renamed and put on my com. and in save mod and even reg mod i cant run anyprogram.. when i try it ask me what i wanna run it with and just goes in cycle asken me what i wanna run it with and it wont run. so how do i get around that to run things?... remeber i cant even rename things if i try and run anything even if was just put in my com (even named differently) it just goes ina cycle asking me what i wanna run it with.

See More: xp security virus...cant evenrun anything

Report •


#1
Report •

#2
May 9, 2011 at 11:47:01
dexter777,

Try the following:

Open Notepad: Start > All Programs > Accessories > Notepad
If you cannot open Notepad, press CTRL ALT DEL (simultaneously), and open Task Manager.
Once there, click File, then hold down the CTRL key
Click: New Task (Run)
This opens a Command Prompt window.
Enter: Notepad, and press Enter.
 
Now, copy and paste ALL the Registry code that appears below into Notepad, including the Windows Registry Editor Version 5.00 portion


Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\.exe\shell]

[-HKEY_CLASSES_ROOT\.exe\DefaultIcon]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"

[HKEY_CLASSES_ROOT\exefile]
"Content Type"=-

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"=-

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
"IsolatedCommand"=-

[HKEY_CLASSES_ROOT\.bat]
@="batfile"

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[-HKEY_CURRENT_USER\SOFTWARE\Classes\.exe]

[-HKEY_CURRENT_USER\Software\Classes\exefile]

[-HKEY_CLASSES_ROOT\secfile]

[-HKEY_CURRENT_USER\Software\Classes\secfile]

[-HKEY_CLASSES_ROOT\pezfile]

[-HKEY_CURRENT_USER\Software\Classes\pezfile]

[-HKEY_CLASSES_ROOT\sezfile]

[-HKEY_CURRENT_USER\Software\Classes\sezfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="firefox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
@="firefox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="iexplore.exe"

 
 
 
In Notepad go to File and select: Save as
Save as: xpexefix.reg
Save to the Desktop
Now, go to the Desktop
Double click on the xpexefix.reg file
When prompted, say yes to merge into Registry
Reboot to take effect.

Now, download one of these files: iExplore.exe or eXplorer.exe. They are renamed copies of RKill:
http://www.bleepingcomputer.com/dow...

Save the file selected to the Desktop, and double-click on it.

If you get a message that RKill is an infection, just ignore it. If you run into infections warnings to close RKill, leave the warning on the screen and run RKill again.

If you encounter problems running RKill, download another renamed version of RKill from its download page.

Do not reboot your computer after running Rkill!

Next, download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:
http://download.cnet.com/Malwarebyt...

Double-click mbam-setup.exe and follow the prompts to install the program.

Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click <Remove Selected

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.


Please post the Malwarebytes log in your reply, and we will determine any further action necessary.


Report •

#3
May 9, 2011 at 11:58:36
ive tryed that..even with that a mesage comes up. what do you want to run program with.. eather pic notepad or windows exe. and at that when i try and pic somethen it just goes back to asken me what i want to run program with.

Report •

Related Solutions

#4
May 9, 2011 at 12:01:25
please ignore what i just replyd...that work for getten notepad open :)

Report •

#5
May 9, 2011 at 12:13:07
ok so no wwhen i download iExplore.exe or eXplorer.exe to desk top and double click it i twont run ..it ask me again what do i wanna run program with

Report •

#6
May 9, 2011 at 19:41:41
Let's see if this gets you going...

Open Notepad: Start > All Programs > Accessories > Notepad
If you cannot open Notepad, press CTRL ALT DEL (simultaneously), and open Task Manager.
Once there, click File, then hold down the CTRL key
Click: New Task (Run)
This opens a Command Prompt window.
Enter: Notepad, and press Enter.
 
Now, copy and paste ALL the Registry code that appears below into Notepad, including the Windows Registry Editor Version 5.00 portion

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

 
 
 
In Notepad go to File and select: Save as
Save as: xpexefix.reg
Save to the Desktop
Now, go to the Desktop
Double click on the xpexefix.reg file
When prompted, say yes to merge into Registry
Reboot to take effect.


Let us know if it works so we can press on with getting rid of the malware.


Report •

#7
May 9, 2011 at 19:49:29
first try changing the name of iexplore.exe to iexplore.bat or .com. see if this runs first.

second did you try downloading the fix file from the previous link, my guess is that your file associations are changed and are pointing to the wrong link. if this is the case changing the name may fix this and malwarebytes will run as a .com or .bat if these havent been messed with

mike


Report •

Ask Question