Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

open with


  • Please log in to reply
25 replies to this topic

#1 bsmadi

bsmadi

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 10 March 2010 - 01:29 PM

help i had a virus on my laptop that kept sayin i had security problems buy there program to fix it. i then followed a guide on this site wich said to download super anti spyware and run in safe mode, safemode wouldnt work so i ran program any way an it removed 2 registry problems. this seemed to work but all of a sudden my taskbar changed to a vertical one and whenever i click on a program it says choose the program you want to use to open this file. the same happens when i try to run system restore and i still cant start in safe modem i cant get online with this laptop although internet explorer works my intel proset wireless program cant start. please help

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 10 March 2010 - 04:29 PM

Hello I am moving this from XP to the Am I Infected forum.

For the Safe Mode issue
SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.
Please post the last SAS scan log so I can see the infections it removed.
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


We should run these next in NOrmal mode:
TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



For the Safe Mode issue
SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

Tell we what conditions exist now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 10 March 2010 - 04:41 PM

unfortunately i cant run super anti spyware when i click on it it says choose the program you want to use to open this file file:superantispyware.exe. i also cant get on the internet with that laptop, internet explorer opens but i cant open my intel wireless program to connect to my network. same open with problem

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 10 March 2010 - 05:02 PM

Hello sorry this was to be the first instruction..

Go here to Doug KNox's Windows® XP File Association Fixes
Run 9th down on left... EXE File Association Fix ... the EXE not EML one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 10 March 2010 - 06:25 PM

thanks bear with me im a bit thick. i got the laptop thats broke online by hard wiring it. i then went to ur link tried running the fix and it just keeps opening a notepad. am i doing something wrong

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 10 March 2010 - 09:12 PM

Now this is odd, never saw that..

So now you still cannot open any .exe files?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 littlephoenix

littlephoenix

  • Banned Spammer
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 10 March 2010 - 10:03 PM

wondering if you have tried malwarebytes or spybot?
are you able to log in your PC using safemode?

#8 DBTag

DBTag

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 11 March 2010 - 01:31 AM

Did you try a different browser? I had that same problem recently where anything I downloaded with Firefox wouldn't work.

#9 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 March 2010 - 07:30 AM

Windows Registry Editor Version 5.00


when i run the file it opens up a notebook with this imformation on it but programs still go to the open with box





[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

#10 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 March 2010 - 07:32 AM

no i still cant start in safe mode i will try my aol browser.

#11 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 March 2010 - 07:36 AM

tried aol browser still the same goes to notebook and nothing happens the other programs mentioned wont run just goes to open with screen.

#12 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 March 2010 - 08:57 AM

Processes terminated by Rkill or while it was running:


C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPDOBT0Z\rkill[1].com a bit of progress after a bit of reading i downloaded rkill but not the exe file and it ran and came up with this
super anti spyware now started and im running this now

#13 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 March 2010 - 09:02 AM

im now going to try boopme guide from above

#14 bsmadi

bsmadi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 March 2010 - 10:16 AM

ok i ran super antispyware and it removed 600 items all cookies except one spybot. then i rebooted and it seemed ok but i still ran old timer and seemed to work so i rebooted. then i ran malwarebytes and that still removed 54 more items some of which seemed well dodgy two registry items mentioned open with exe or something similar any way i seem to be working great now thanks to everyone and rkill downloaded from this site. thanks

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 11 March 2010 - 11:21 AM

hello, i have another tool to fix the .exe problem.

b]FixExe.reg[/b] download and click run. Or use it from a flash drive or CD

FixExe.reg



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 11 March 2010 - 11:23 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users