Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus removal and blocking exe files

Status
Not open for further replies.

Bluejay07

Programmer
Mar 9, 2007
780
CA
Hello,

A computer I'm working with has been infected with a virus. From what I can tell, it was called xvj.exe and was a pop up advertising xp antispyware 2012. Each time this came up, I used task manager to shut it down.

Ad-aware picked up this virus and removed it. CCleaner then showed missing registry files located in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

It appears that FlashUtil10p_ActiveX.exe was also associated with it.

From what I can tell, xvj no longer appears in the computer and after a registry search, it's not in there either.

Removing this did have a consequence. Now most of my exe files will not work. I have opened file types and tried to add exe set to application, but that didn't do anything.

Anyone have any suggestions on how I can recover from the blocking of exe's?

Thanks.

If at first you don't succeed, then sky diving wasn't meant for you!
 
I logged into safe mode and was able to perform a system restore. At the moment, everything seems to be working again.

If at first you don't succeed, then sky diving wasn't meant for you!
 
xp antispyware 2012
do yourself a favor, check the DEFAULT USER profile, go into every little folder (look in all nooks and grannies), to see if the there is an EXE hiding there...

also run scans using BOTH of the following anti-malware apps (free or trial version will do):

MBAM

SuperAntiSpyware



Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
System restore points can also be infected, so watch out for that. If .exe files won't work, I use this. Just save it as whatever.reg. Remember to backup your registry first. =)

Code:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"
 
Thanks for the responses.
@Ben, I actually used both of those programs after the restore. Nothing showed up but that was only on quick scan. I will perform a full scan.

@poonoodle,
Thanks for the registry entries.

If at first you don't succeed, then sky diving wasn't meant for you!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top