Shorcut virus.

remoticboy · 16 Mar 2013

yesterday, my external hard disk was infected with the shortcut virus. i cleaned it after connecting to my desktop. everything went fine. and through web, i came to know that it only effected usb powered stuff and not hard drives.

but my c was infected. just documents and settings. and some important folders into that. like appdata, roaming, etc.
i went online and searched and ended up deleting something in regedit.exe also I go to task manager everytime and delete the scrip.exe, because i see hidden folders randomly named like 131b popping up from nowhere and creating java script files.

now the problem is i cant run a single exe file. no matter what i click, windows asks me "open with . . ". even if its snipping tool, brower or anything. what should I do?

i had created a thread in general discussion, please ignore it.

marsmimar · 16 Mar 2013

I'd suggest running Windows Defender Offline to check for malware.

Windows Defender Offline

Create the disk on a machine that is not infected and is running the same "bit-ness" as the infected machine. In other words, if the infected machine is running a 64-bit Windows 7 then the machine used to make the disk must also be 64-bit. Make sure your computer BIOS is set to boot from the CD/DVD drive as first option and then follow the instructions for running the scan.

I'd also check for any damaged or corrupt system files by running a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and reboot the coputer immediately after each scan.

SFC /SCANNOW Command - System File Checker

Borg 386 · 16 Mar 2013

In addition to marsmimar's excellent advice, it might be a good idea to also run the following tools, since not one AV gets everything. Rootkits generally alter Win files, some to the point that there is no option save for a repair install. If SFC is unable to correct the problem, you may wish to consider this option.

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

AdwCleaner Download

Repair Install

cottonball · 16 Mar 2013

remoticboy,

Try the following:

Default File Type Associations - Restore

Let us know how it goes.

Just in case there are any malware remnants, also, download RogueKiller:
http://www.sur-la-toile.com/RogueKiller/

When you get to the website, go to where it says:
(Download link) Lien de téléchargement

Select the version that applies to your system: x64
Click the dark-blue button that applies.
Save to the Desktop

Close all windows and browsers

Right-click RogueKiller and select: Run as Administrator
Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.
(Please do not delete anything!)

remoticboy · 17 Mar 2013

the problem is guys,I CANT RUN ANY EXE FILE.

i tried what marsmimar said, but the bios didnt recognise the pendrive in which i had installed the windows defender.
and also, sfc scannow didnt work as well. everytime i run it, it says it needs to reboot because another a system repair pending.

what borg 386 said is great, but i cant use any exe file. it just wont open up.

and cottonball, I'll let you know.

marsmimar · 17 Mar 2013

remoticboy said:

the problem is guys,I CANT RUN ANY EXE FILE.

i tried what marsmimar said, but the bios didnt recognise the pendrive in which i had installed the windows defender.
and also, sfc scannow didnt work as well. everytime i run it, it says it needs to reboot because another a system repair pending.

what borg 386 said is great, but i cant use any exe file. it just wont open up.

and cottonball, I'll let you know.

You'll probably need to create the Windows Defender Offline bootable media on a disk (my BIOS doesn't recognize pen drives either.

) And the SFC probably won't work until after the malware scan has done its thing.

remoticboy · 17 Mar 2013

cottonball, that didnt work. the reg file, everytime i try to merge, windows asks me "open with . . "
and marsmimar, i dont have a cd drive.

cottonball · 17 Mar 2013

remoticboy,

See if this works...

Can you get to a Command Prompt:

Start > All Programs > Accessories > Command Prompt

Right-click the Command Prompt and select: Run as Administrator

At the blinking cursor, type in the following inside the code box, and press Enter:

Code:

cd c:\

Now, at C:\>, type in the following inside the code box , and press Enter:

Code:

assoc .reg

This command should return the following:

.reg=regfile

If not, then, type in the following inside the code box, and press Enter:

Code:

assoc .reg=regfile

Now, try to right-click the .reg file referenced in Post #4 , and see if it works.

cottonball · 17 Mar 2013

Also, on RogueKiller, can you rename its downloaded file to RK.com and try it?

Maybe the comfile association works...