Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win 7 AnitVirus 2012 removal ( .exe's and .com's wont open)

Status
Not open for further replies.
Iam2391212

Iam2391212

Technical User
Jun 16, 2011
5
US
Just today, my computer started getting pop-ups to get Win 7 AntiVirus 2012. It prevented me from accessing Firefox or Chrome from my desktop, so I searched for solutions on my phone. I found a website ( and started by deleting the "Malicious Files Added by Win 7 Anti-Virus 2012." After doing this, I went to start clearing out the registry entries, and regedit.exe would not open, giving the error "C:\Windows\regedit.exe Application not found". I then found another website that suggested copying regedit.exe to the desktop and changing the extension to .com. When I click on this, nothing happens. Now, when I go to click on other .exe's, such as Firefox, I get an "Open with" prompt with list of programs on my computer. The only way I have found to get onto the internet is to click on the "look for the appropriate program on the Web" link in the "Open with" window. I have tried installing MBAM, but as I cannon run .exe's, this will not work. Anyone know any solutions to this problem?
 
Sort by date Sort by votes
Yes, I did. I cannot do a system restore, even in safemode.
 
Upvote 0 Downvote
Also, if you want to run a scan, such as MBAM, you just rename mbam.EXE to mbam.COM and it should run. That should allow you to scan and remove the bad stuff before you fix your registry. Just remember to name it back when you are finished. =)
 
Upvote 0 Downvote
I read where you said the .COM trick didn't work, but I forgot and I should have asked... Did you copy the exe file, or did you make a shortcut to the exe?
Sorry, not enough coffee yet today.
 
Upvote 0 Downvote
update - after doing nothing more than what was said above, I went to bed and today, my exe's are working... not sure what happened, but I am running MBAM now. I'll keep looking around trying to find

@cmegan656 -
last night I did try the registry trick as well, but it gave me an error, don't remember what it said though as I was tired and didn't write it down.

@ponoodle -
I copied it to my desktop

Again, things APPEAR to be working for the moment, so not sure what good this information does, but I'm sure it didn't go away on its own. I'll report if any malware programs find anything.
 
Upvote 0 Downvote
MBAM installed successfully, but was not able to update, saying that the host was not found. Deffinitions were only 18 days old so I ran it anyway and it found the report copied at the bottom.

I also went through my registry and found some of the items that were listed in the list found on the original website that I posted.

-----


Malwarebytes' Anti-Malware 1.51.0.1200

Database version: 6705

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/16/2011 12:21:31 PM
mbam-log-2011-06-16 (12-21-31).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 860227
Time elapsed: 1 hour(s), 17 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\iam2391212\AppData\LocalLow\Sun\Java\deployment\cache\6.0\0\676cfd80-55ab3c6b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\iam2391212\AppData\LocalLow\Sun\Java\deployment\cache\6.0\37\471e73e5-5be72fee (Spyware.Passwords) -> Quarantined and deleted successfully.
 
Upvote 0 Downvote
Thinking back, I think it must have been ponoodles solution that got my exe's working again. I belive the error I got said that not all the registry entries could be edited because they were in use, but must have been able to edit enough of them to make things work again.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
152
2ffat
2ffat
Bluejay07
  • Locked
  • Question
Open Resolver Malware
Replies
4
Views
109
Bluejay07
Bluejay07
2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
86
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
144
DrB0b
DrB0b
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
119
BionicJohn
BionicJohn

Part and Inventory Search

Sponsor

Back
Top