.exe

Discussion in 'malware problems & news' started by poison, Jun 19, 2011.

Thread Status:
Not open for further replies.
  1. poison

    poison Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    150
    Hi guys, one of my family members got caught with the XP AntiVirus 2012 fake AV. He had MSE installed but it totally missed this variant. I managed to download Eset Online Scanner and Housecall which both came back as no infections.

    A SuperAntiSpyware scan found everything and cleaned it up but since the clear up he is unable to run any .exe files.

    Now, I know about the .exe file fixes, and I installed the fix to download AVAST! but now after every reboot no .exe files will run again so AVAST etc. fail to load.

    I don't suppose any of you have had the same problem and found a fix that works and allows .exe files to run after reboot without first running the fix?

    I've tried Full scans with HitmanPro, Eset Online Scan, SAS, MBAM and Norton Security Scan as well as;

    Tools, Folder Options, File Types and making a new .exe file extension and setting it to application.
    Also I reset the lnk extension. After reboot these both disappear.

    and

    file association REG files as well as manually changing the registry fail to keep settings.

    Any ideas? Thanks
     
  2. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Try Kaspersky rescue CD. Sometimes Dr Web will catch stuff the others miss. I had an infected computer I worked on for someone one time and after MBAM and the other usual tools scanned and got rid of stuff I knew there was something still there but none of the scanners I was using could see it. I tried Dr Web and it found it and got rid of it.
     
  3. poison

    poison Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    150
    Ah yes I did try DrWeb but only a Quick Scan. Nothing was found. I will try a full scan though.

    Thanks
     
  4. poison

    poison Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    150
    I did a reinstall in the end so no further help is required. Thanks.
     
  5. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Sometimes if an infection is bad enough that is the best course of action. That is where a good backup plan comes in. :thumb:
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Once they learn disk imaging, the pains of re-installing will be gone.
     
  7. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    This is so true. In no time you can be back where you were.
     
  8. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Just a tip.. Most of the time, system restore snapshots are perfectly intact and unmodified. If you go into the System Volume information folder (hidden system folder by default), then you can get a snapshot of the registry and the ntuser.dat and usrclass.dat for each user.

    Simply restoring these files (from a clean snapshot) to their appropriate place will disable 99% of all infections. You have to do this with the system offline, like mounted in another computer or from a PE disc.

    The core registry files need to be renamed and replaced in system32\config
    s-1-5-18 goes to C:\windows\system32\config\systemprofile
    S-1-5-19 goes to Local Service user profile
    S-1-5-20 goes to Network Service user profile
    Everything else goes to the user directories

    the usrclass.dat goes in the userprofile\local settings\application data\Microsoft\Windows directory for each user

    I usually do a hitmanpro scan of the system32\drivers folder, fix the boot sector & mbr, and clear out any weird scheduled tasks before rebooting the computer back into Windows.

    For good measure you can do a virus scan of the computer as well with your favorite A/V.
     
  9. poison

    poison Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    150
    Yes I agree with you that imaging is the way to go.

    Thanks for the info that could come in handy some time.

    I will try and get him to have a simple backup program though then if he has any more problems hopefully I can explain a few easy clicks he can do rather than having to look at the computer myself. Anything other than opening Internet Explorer is a challenge to him. :doubt:
     
Loading...
Thread Status:
Not open for further replies.