Virus on XP Pro

[Jagerbomb71]

My daughter was playing an online game and some how picked up a spy ware or malware virus which has disabled all my .EXE files. I can't run any of my scans or open control panel or download any other virus protection. Am I screwed and better off wiping the disk clean and re-installing the OS. Or is there something I can do to get rid of the virus. Any suggestions.

 

[kjv1611]

You will be better off, time-wise, and overall with a better system to wipe and reinstall.

However, it probably is fixable if you want to. It could take a lot of time, though, so keep that in mind. If this was just a system that was used for Internet, Games, Docs, and such, then I'd probably just suggest a reinstall, and be done with it.

For an all-in-one disk that helps fix various things, you could try downloading the Ultimate Boot CD, run a couple scans from it, and see if you can then work within the Windows system.

Then you could try running Malwarebytes Antimalware, SuperAntispyware, CCleaner, and a couple other products if need be. Also, you might want to consider a different AV product, depending upon what you have. I suggest Microsoft Security Essentials and/or Avira Antivir for the #1 spot. They are both free. Avira has paid and free versions.

You can download any of the programs in the last paragraph from

http://www.download.com.

If you do decide that you want to battle with this thing, then post your further questions and such in the following forum rather than here:
forum760

 

[vacunita]

Can you run your exe's from Safe Mode? Perhaps a BartPe to run the clean up utils without having to boot up the infected Windows.

I'd start with Malwarebytes, and a hijack this log if possible.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[guitarzan]

First, you need to fix the EXE associations: Check out this thread from a different forum:

http://www.pcreview.co.uk/forums/thread-428934.php

There are several suggestions there, including registry fixes from Doug Knox' page and from Kelly's Korner, two great sites with many XP fixes. The Kelly's Korner link worked for me in a similar situation in the past.

 

[linney]

This article is a detailed explanation of the removal process for this (type of) malware. It also includes a .reg file to fix the .exe associations. If (big IF), Windows can load that file then your problems are halfway to being solved.

How to remove XP Security Tool 2010, XP Defender Pro, and Vista Security Tool 2010 (Uninstall Guide)

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

These are the only two Hives that may be loaded for you to work on out of the Windows environment.

HKEY_LOCAL_MACHINE
HKEY_USERS

These two articles in the RegEdit Help are a good explanation of the process.

To load a hive into the registry
To unload a hive from the registry

How to edit the registry offline using BartPE boot CD

http://windowsxp.mvps.org/peboot.htm

Try loading the Hive for HKEY_LOCAL_MACHINE and navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

see if your programs, like Regedit, are blocked by being listed in there.

Using Image File Execution options as an Attack Vector on Windows

http://silverstr.ufies.org/blog/archives/000809.html

Can't run EXEs after virus removal, regedit is also broken
thread779-1599741

I see lots of recommendations here for programs like -

Malwarebytes' Anti-Malware

http://www.malwarebytes.org/mbam.php

SuperAntispyware

http://superantispyware.com/