INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!

Talk With Other Members
Be Notified Of Responses
To Your Posts
Keyword Search
One-Click Access To Your
Favorite Forums
Automated Signatures
On Your Posts
Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Tek-Tips LinkedIn^® Group

Join our
LinkedIn^® Group!

Hook up with past and present colleagues and classmates quickly.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site

(Download This Button Today!)

Feedback

"...I always seem to find what I need in previous threads without starting my own. I have started a couple but that's it..."

More...

Geography

Where in the world do Tek-Tips members come from?

Click Here To Find Out!

Tek-Tips Shirts!

Get your
Tek-Tips Forums
SWAG here!

Home > Forums > Desktop Software > PC Operating Systems > Microsoft: Windows XP Pro Forum

XP exe virus!

Read More Threads Like This One

rtfgirl (TechnicalUser)

26 Jun 11 12:21

Hi Everyone!  I'm hoping someone could help me remove a virus... here's a little info first:

I have XP home with 3 logins, my own which is infected, my son's loging and my daughter's login which are fine!

The infection... no exe application will start!  So I'm hoping someone knows the infected parts of the registry so I could go in through my son's or daughter's login, and repair it!  Or, if there is another way to repair this I'm all ears, or eye's actually which is pretty gross! haha

Ohh, someone on another forum suggested to run a program called "KillGodzilla" which is obviously an exe application... and will not run!

Thanks for your time!

cmeagan656 (TechnicalUser)

26 Jun 11 14:57

You'll have better results posting in forum760: -Virus/Spyware discussion.

Hope this helps.

Please help us help you. Read Tek-Tips posting polices before posting.
Canadian members check out Tek-Tips in Canada for socializing, networking, and anything non-technical.

linney (TechnicalUser)

26 Jun 11 15:58

Sometimes lists of application.exe get placed in this Key as a way of preventing certain .exe from running, or causing them to start the malware .exe instead.  Windows itself will place mainly .dlls and one or two ,exe in there, so you should check with a non-virused XP for comparison before assuming your Key has been altered.  A good clue to trouble is when you see anti virus, or other security tools listed in there.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Using Image File Execution options as an Attack Vector on Windows
http://silverstr.ufies.org/blog/archives/000809.html

If you want to see file extensions, go to Control Panel/ Folder Options/ View. and uncheck "Hide known file types".

Malware may have disabled the main installer executable for software from running. Please check out the registry here: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun and see if it has msseces.exe in it.  If so, delete it.

See if you can run this program to clean your machine.  See if it will run and install from Safe Mode.

315222 - A Description of the Safe Mode Boot Options in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;315222&FR=1&PA=1&SD=HSCH

Malwarebytes' Anti-Malware
http://www.malwarebytes.org/products/malwarebytes_free

Cannot install MBAM on infected system
http://www.wilderssecurity.com/showthread.php?t=225384

MarcLodge (Programmer)

27 Jun 11 8:01

Hi rtfgirl,
I had this error recently and solved it with a registry script I picked up from another site:

CODE

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Copy this to your notepad and then save the file on your desktop with a file extension of .reg. Once on your desktop you should be able to import the file into the registry.

This script will change your registry, so you might want to backup the registry beforehand.

Marc

strongm (MIS)

27 Jun 11 8:06

It may just be the shall's association with Exe files at fault.In which case the following mayu help.

Create a new text file, copy and paste in:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

Save file, rename as fixexes.reg

Doubleclick to install

DrB0b (IS/IT--Management)

27 Jun 11 9:16

"Silence is golden, duct tape is silver..."

guitarzan (Programmer)

28 Jun 11 12:57

Yes actually the reg file in MarcLodge's post is identical to Doug Knox' XP file association fix referred to in DrB0b's post. I have used this twice to fix a similar issue that the OP described.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Microsoft: Windows XP Pro