How to troubleshoot this malware


  1. Posts : 587
    Windows 7 x64
       #1

    How to troubleshoot this malware


    I have a customer running XP who apparently was hit with malware. It was intercepted by the AV, but something went wrong. Now the system boots to the desktop, however almost all EXE files will not run - clicking an EXE produces an error where Windows asks what application is associated with the extension. There is no way to access the registry and F8 boot key options are disabled blocking access to SAFE mode and Hidden Admin account. I'm not sure how to troubleshoot. Task Manager runs but doesn't show an obvious malware process. All the usual malware load points, such as Startup folders and App Data folders for current user and All Users are clean. I've prepared the customer for a backup and complete reinstall, but if there's a way to get antimalware running on the system I'd like to try and check it. TIA
      My Computer


  2. Posts : 6,668
    Windows 7 x64
       #2

    had the exact same problem with a machine recently, the fix on this page got everything working again
    Unable to Start a Program with an .exe File Extension
      My Computer


  3. Posts : 6,305
    Windows 7 Ultimate x64
       #3

    Hi,

    You can use the following registry key to reset the .exe association in XP
    xp_exe_fix.reg

    If you have access to external media (USB, HDD) then you can do the following...
    1. Copy the reg key and MalwareBytes install file to the drive.
    2. Plug into the XP machine and copy both files to the HDD
    3. Double click the .reg file and accept any messages
    4. Run the MalwareBytes install and perform a full system scan
    This should sort the issue out.


    OS
      My Computer


  4. Posts : 587
    Windows 7 x64
    Thread Starter
       #4

    Thanks for these responses. I will try them tomorrow and post the results. Meanwhile if anyone else has an idea please chime in
      My Computer


  5. Posts : 587
    Windows 7 x64
    Thread Starter
       #5

    Orbital Shark said:
    Hi,

    You can use the following registry key to reset the .exe association in XP
    xp_exe_fix.reg

    If you have access to external media (USB, HDD) then you can do the following...
    1. Copy the reg key and MalwareBytes install file to the drive.
    2. Plug into the XP machine and copy both files to the HDD
    3. Double click the .reg file and accept any messages
    4. Run the MalwareBytes install and perform a full system scan

    This should sort the issue out.


    OS
    I'm happy to say that this did sort it out. Thanks for the .REG file - it was the most convenient solution
      My Computer


  6. Posts : 6,668
    Windows 7 x64
       #6

    my link had the same reg file in it. I just didn't directly link it, I was told that's against the rules here.
      My Computer


  7. Posts : 587
    Windows 7 x64
    Thread Starter
       #7

    Maguscreed said:
    my link had the same reg file in it. I just didn't directly link it, I was told that's against the rules here.
    Sorry, I didn't mean to leave you out. I've added to your REP along with Orbital Shark as you both pointed me in the right direction. Thanks for linking to the tutorial.
      My Computer


  8. Posts : 6,305
    Windows 7 Ultimate x64
       #8

    Victek said:
    I'm happy to say that this did sort it out. Thanks for the .REG file - it was the most convenient solution
    You're welcome, I'm glad it worked :)

    Maguscreed said:
    my link had the same reg file in it. I just didn't directly link it, I was told that's against the rules here.
    You'll find that I uploaded the actual .reg file rather than linking to a site. However, a link to a site giving assistance would not be against the rules as it would be for .reg files which are not against forum policy or illegal in any way :)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:35.
Find Us