Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"OPEN WITH" problem following infection


  • Please log in to reply
5 replies to this topic

#1 abeus

abeus

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 09 July 2011 - 08:21 PM

The following data references my regular computer which, in it's present state, is unusable:

I am running Windows XP Home edition on my regular computer. My virus protection is the Avast free version. A few days ago Avast indicated with the familiar red pop up that a virus had been detected. I immediately initiated a full scan with Avast. The scan was interrupted by Avast before it was completed, with a notation that some files could not be scanned. Avast then recommended I run a full boot scan, which I did. The boot scan revealed 41 new viruses of various kinds, many of which were duplicates of the others. All items found were put into the Avast virus chest (quarantined). Since the scan, whenever I attempt to open a program, I get the familiar "OPEN WITH" pop up window requesting that I indicate, from a list given, the program I wish to use to open the file. I would appreciate any instructions offered which might return my computer to it's normal state. Thank you. Abeus

Pasted below is the scan report of the scan referenced above.
-----------------------------------------------------------------------
07/01/2011 18:59
Scan of all local drives

File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\25\38f0d8d9-643f195c|>bpac\a$1.class is infected by Java:Agent-BJ [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\25\38f0d8d9-643f195c|>bpac\a.class is infected by Java:Agent-BW [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\25\38f0d8d9-643f195c|>bpac\KAVS.class is infected by Java:Agent-BM [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\31\7bc8ae5f-5affdab0|>workpack\decoder.class is infected by Java:Jade-AB [Heur], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\31\7bc8ae5f-5affdab0|>workpack\parse.class is infected by Java:Agent-DU [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\31\7bc8ae5f-5affdab0|>xmleditor\peers.class is infected by Java:Agent-DJ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\4955ba33-740d2d86|>lort\border.class is infected by Java:Agent-GJ [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\4955ba33-740d2d86|>lort\cooter.class is infected by Java:Agent-DR [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\4955ba33-740d2d86|>lort\object2.class is infected by Java:Agent-GL [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\4955ba33-740d2d86|>menu\edit.class is infected by Java:Agent-GO [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\4955ba33-740d2d86|>menu\file.class is infected by Java:Agent-GM [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\4955ba33-740d2d86|>menu\help.class is infected by Java:Agent-GN [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\4955ba33-740d2d86|>menu\property.class is infected by Java:Agent-DU [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\bju.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\dtg.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\etl.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\gnn.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\lpa.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\mdl.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\pks.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\trz8.tmp is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\vak.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\vgi.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\xgo.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\hp\bin\KillIt.exe is infected by Win32:KillApp-W [PUP], Moved to chest
File C:\Program Files\BellSouth\HelpCenter\ATT_SST_Installer.exe|>$_OUTDIR\Setup\MotiveClient\MotiveClient.exe|>$INSTDIR\$TEMP\OCB.exe Error 42145 {Installer archive is corrupted.}
File C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cab|>ESETSmartInstaller.exe Error 42127 {CAB archive is corrupted.}
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432054.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432059.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432060.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432061.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432062.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432063.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432064.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432065.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432066.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432067.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432068.exe is infected by Win32:FakeAlert-ASQ [Trj], Moved to chest
File C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP1952\A0432069.exe is infected by Win32:KillApp-W [PUP], Moved to chest
File C:\WINDOWS\$NtUninstallKB890047$\shell32.dll Error 0xC000003E {Data Error}
File C:\WINDOWS\Internet Logs\tvDebug.zip Error 42110 {The file is a decompression bomb.}
File C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20101112-235323-00.hdmp is infected by Win32:Alureon-LU [Trj], Moved to chest
File C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20101114-044555-00.hdmp is infected by Win32:Alureon-LU [Trj], Moved to chest
File C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20101115-052945-00.hdmp is infected by Win32:Alureon-LU [Trj], Move to chest: Error 0xC000007F {An operation failed because the disk was full.}, Deleted
File D:\PRELOAD\BASE_09.INP is infected by Win32:QHost-CCK [Trj], Deleted
Number of searched folders: 12379
Number of tested files: 778755
Number of infected files: 41

BC AdBot (Login to Remove)

 


#2 dirtdog900

dirtdog900

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:22 AM

Posted 10 July 2011 - 01:12 AM

This happens quite a lot after a malware/virus cleanup. Have a look at this site http://www.dougknox.com/xp/file_assoc.htm you will most likely need to run the 'exe file association fix'. As always, if you can, back up your registry first before making any changes.

#3 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:22 PM

Posted 10 July 2011 - 05:56 PM

Hello abeus,

Avast found infections in your JAVA cache, a rogue antivirus program, and some infected system restore points. I would advise you to NOT clear your system restore points at this time and to NOT run any file cleaning utilities (i.e ccleaner, ATF cleaner, etc.) until you are sure that your system is back to normal.

If you followed dirtdog900's advice and can now run programs, then skip to Step 2; otherwise, proceed with Step 1.

Step 1,
Download exehelper from either here or here.. Save the file to your desktop. Double click exehelper to start the program. Exehelper.exe will terminate some background processes and correct some file associations. Please copy the contents of exehelperlog.txt with your next post.

Step 2,
Create a System Restore Point (if possible):
  • Click "Start," "All Programs," "Accessories," "System Tools," "System Restore."
  • Click "Create a restore point," click "Next," in the description box, give the point a name, click "Create" and then "Close."

Step 3,
Delete Java Cache
Click "Start," "Control Panel," double click on "Java," and under the General Tab, Temporary Internet Files, click "Settings," then "Delete Files," make sure Applications and Log Files are checked, then click "OK." Close the Control Panel.


Step 4,
Posted Image Download Malwarebytes Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform a Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If Malwarebytes encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let Malwarebytes proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


Step 5,
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 6,
Please include:
Malwarebytes.log and checkup.txt in your next post.
What issues are you still having?





Regards,
Brooks



 


#4 abeus

abeus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 12 July 2011 - 12:09 AM

Hi Artrooks. Since I posted my message on the forum a couple of days ago I have been away from my home. I was pleased when I came in earlier tonight to see that I had gotten your reply and the one from DirtDog900. Because I am fortunate enough to have access to another computer than my own for a few weeks, I'm not under any great pressure to get my own back in service. At the same time, I look forward to working with you to hopefully bring it back to it's normal state as early as possible. I plan to begin following up on your previous instructions tomorrow afternoon. I will keep you posted as to the results. Thank you very much for your offer to help. abeus

#5 abeus

abeus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 12 July 2011 - 10:36 AM

Artrooks, I had previously discovered that, whenever the “OPEN WITH” box popped up, I could open some files using the following procedure: I first would click the “Browse” button located in the “OPEN WITH” box, then search out on my computer the location of the file I was attempting to open. Then, by double clicking on that file it would appear in the list of files shown on the “OPEN WITH” box. By highlighting that file in the list and clicking the “OK” button, the file would open.

Today, in preparation for downloading the “exehelper” program you recommended, I attempted to open my browser (Firefox, version 5) using the method I described above. The result was, the Firefox home page opened but with this message: “You have chosen to open Firefox.exe. Would you like to save this file? The two options given were to “save” or “cancel”. I tried both options and got the same result from each. The browser remained open with no additional messages. With the browser on the screen, I inserted “www.Raktor.net” (“exehelper” download site) in the address box and clicked the go button. The following message popped up: “The proxy server is refusing connections. Firefox is configured to use a proxy server that is refusing connection. Check the proxy settings to make sure they are correct. Check your network administrator to make sure the proxy server is working.”

As you might have realized, my computer savvy is limited. I hope you can interpret the data I have provided above. Please reply with your assessment of what is going on and your suggestions as to how I might get Firefox back to normal enough operation that I can download the programs necessary to continue working on the problems. Thanks much. abeus

#6 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:22 PM

Posted 12 July 2011 - 10:54 AM

Hello abeus,

Since your computer has serious malware issues and this forum is not indended to deal with these problems:

Please go to the link below, follow all procedures and post a new malware removal request:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Be patient as this forum is busy; however, at this point you need a malware expert.

Regards,
Brooks



 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users