Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The notorious AV.EXE virus. Cannot run programs.


  • Please log in to reply
10 replies to this topic

#1 groovydoobiedoo

groovydoobiedoo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 05 March 2010 - 05:36 PM

Hello. I appreciate what you fellas do on here.

This is about a Windows XP SP2 computer.


At around 6:30-7:00 this morning, I got a pop up from an anti-virus program claiming that my PC was infected (how ironic). I immediately knew it was fake, but it was eerily almost convincing. It was the pseudo "Anti-Virus XP 2010" program.

- Symantec did not prevent it from entering into my PC.
- I could not open Malwarebytes.
- When starting up Firefox/IE, a pop-up from AV would display,
- and would constantly show pop-up bubbles from the taskbar.



It was obviously a scam to get you to pay to remove it.

I eventually turned off av.exe from the task manager, updated Malwarebytes, removed a few infected files (I'm sorry i do not know what they were), but still would get the pop-up when starting an internet browser.

I then found the prefetch for av, and deleted that. I could not find the actual .exe until I went under folder options and made hidden files visible, as well as system files that windows was keeping safe. The file path was: D:\Documents and Settings\User\Local Settings\Application Data\av.exe (D is my main hard-drive).

I deleted the av.exe file, but I was not able to find any relatable infected registry or start up files, and thus, now I am having problems running my programs. When I click on any .exe, it will prompt a "open with..." window, to which some will work, some will not. Other times, I will get an "Application not found" box.

I've run quick scans and full scans with the updated Malwarebytes, but they do not detect anything. IE will not open at all, and Firefox seems to be barely hanging on there (I am keeping this browser on as safety).


I'm aware a lot of people have had this same unfortunate problem happen to them, but so far, all I have seen are fixes for vista, and ones that involve the registry, which I am not qualified to be handling myself.

I thank any help in advance.
S

BC AdBot (Login to Remove)

 


#2 edw987

edw987

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 March 2010 - 11:24 PM

See my thread from today Friday at 4:16PM for more information. I am running XP SP2, was using Norton Symantec too, and also had a problem with the exe's not linked and also Windows Installer not working so could not remove programs (you may have the problem too). Fix is described there including the exe linker. :thumbsup:

#3 Guest_Selene88_*

Guest_Selene88_*

  • Guests
  • OFFLINE
  •  

Posted 06 March 2010 - 06:41 AM

I had this virus pop up last night and have managed to remove it this morning.
Because the virus edits the registry (thus stopping you being able to load anything properly), you need to manually edit the registry and put it back to normal. I used these instructions, don't worry they're fairly straight forward.




1. Type command in the RUN dialog box to open Command Prompt

2. When Command Prompt is up, type cd \windows

3. Type regedit to open up the Registries.

4. Expand HKEY_CLASSES_ROOT and find the folder of .exe

5. Without expanding it, on the main .exe folder, Right-click (Default) and Modify. Change the Value Data to exefile

6. Now in the same HKEY_CLASSES_ROOT find the folder of exefile and Right-click (Default) and Modify. Change the Value Data to "%1" %*

7. Lastly expand exefile, expand shell, expand open, click on the command folder, Right-click (Default) and Modify. Change the Value Data to "%1" %*

8. Close Regedit and Restart the computer. When restarted, EXE files should not prompt you to choose a program to run it now and load correctly.



Worked fine for me, make sure you do a full system scan after restart just to make sure everything is gone.

Edited by Selene88, 06 March 2010 - 06:43 AM.


#4 mangacharo

mangacharo

  • Members
  • 44 posts
  • OFFLINE
  •  

Posted 06 March 2010 - 09:39 AM

I did everything as you said above, but when I closed the regedit, the black screen stays open and I get a message : Windows cannot end this program, it may need more time to complete an operation. What do I do? END NOW or CANCEL?

#5 Guest_Selene88_*

Guest_Selene88_*

  • Guests
  • OFFLINE
  •  

Posted 07 March 2010 - 10:05 AM

Just try clicking End Now until the message goes away

#6 groovydoobiedoo

groovydoobiedoo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 07 March 2010 - 03:01 PM

Posted Image
Good news, everybody!

I was able to fix the problem with fix.reg. My programs are now running, and I have since updated Malwarebytes and Symantec to run scans.

I'll let you know if anything happens.


#7 mangacharo

mangacharo

  • Members
  • 44 posts
  • OFFLINE
  •  

Posted 07 March 2010 - 09:08 PM

Thank you, Selena, it did it!!!!!! But now something is back, I can not open almost anything in Control PAnel, when I try opening Malwarebytes it asks me to choose a program to open it with!! as it does with just about anything on my desktop such as IE. I do not know what to do, I did a system restore and I think it made it worse, I can not run regedit, I can not run chkdsk..............aaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhrrrrrrrrrrrrggggggggggggggggggghhhhhhhhhhhh

#8 groovydoobiedoo

groovydoobiedoo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 08 March 2010 - 02:27 AM

I don't mind you basically stealing my thread mangra, but perhaps you should take your head out of the.. ahem, sand, and actually try reading this post. You will notice that not only have I already solved it, but I describe the exact same symptoms you repeat. Your miserly redundancy is quite offensive.

#9 Guest_Selene88_*

Guest_Selene88_*

  • Guests
  • OFFLINE
  •  

Posted 08 March 2010 - 05:27 AM

Thank you, Selena, it did it!!!!!! But now something is back, I can not open almost anything in Control PAnel, when I try opening Malwarebytes it asks me to choose a program to open it with!! as it does with just about anything on my desktop such as IE. I do not know what to do, I did a system restore and I think it made it worse, I can not run regedit, I can not run chkdsk..............aaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhrrrrrrrrrrrrggggggggggggggggggghhhhhhhhhhhh



In order to run Malwarebytes, the virus is still not letting you run your programs simply by double clicking on them. To solve this, you just need to right-click the icon and click 'run as' and then 'run as administrator' type in your password and it'll let you run the program. Scan with Malwarebytes and it should find the infected files and registry entries.

If it still doesn't work, download and run a program called 'rkill' before scanning with Malwarebytes, this will end any malicious processes so that the scan can find them.

Edited by Selene88, 08 March 2010 - 05:30 AM.


#10 mangacharo

mangacharo

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 08 March 2010 - 06:33 AM

run rkill and nothing, I can not run Malwarebytes as administrator because I do not know the password.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:32 AM

Posted 08 March 2010 - 06:52 AM

@ groovydoobiedoo, happy to hear you got this fixed :thumbsup: My apologies for the confusion in this topic. Since you mentioned your issue is resolved, I am keeping things together, splitting off half of the post might make everything even more confusing.

@ mangacharo, you posted about your problem in someone elses topic, this is considered rude by forum policy. Its a lot easier for yourself and others to post a new topic about your problems.
However since you already got replies that obviously only made matters worse, I will keep this here and continue with you to see if we can get this fixed.

To attempt to fix the file associatons, please download fixexe.reg
Doubleclick on the file and click OK when asked if you want to merge the file in the registry. You should receive a message the information was merged succesfully.

Afterwards, let me know if the programs will run now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users