Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

XP exe virus!

Status
Not open for further replies.
rtfgirl

rtfgirl

Technical User
Jun 26, 2011
1
US
Hi Everyone! I'm hoping someone could help me remove a virus... here's a little info first:

I have XP home with 3 logins, my own which is infected, my son's loging and my daughter's login which are fine!

The infection... no exe application will start! So I'm hoping someone knows the infected parts of the registry so I could go in through my son's or daughter's login, and repair it! Or, if there is another way to repair this I'm all ears, or eye's actually which is pretty gross! haha

Ohh, someone on another forum suggested to run a program called "KillGodzilla" which is obviously an exe application... and will not run!

Thanks for your time!
 
Sort by date Sort by votes
Sometimes lists of application.exe get placed in this Key as a way of preventing certain .exe from running, or causing them to start the malware .exe instead. Windows itself will place mainly .dlls and one or two ,exe in there, so you should check with a non-virused XP for comparison before assuming your Key has been altered. A good clue to trouble is when you see anti virus, or other security tools listed in there.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Using Image File Execution options as an Attack Vector on Windows


If you want to see file extensions, go to Control Panel/ Folder Options/ View. and uncheck "Hide known file types".




Malware may have disabled the main installer executable for software from running. Please check out the registry here: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun and see if it has msseces.exe in it. If so, delete it.

See if you can run this program to clean your machine. See if it will run and install from Safe Mode.

315222 - A Description of the Safe Mode Boot Options in Windows XP

Malwarebytes' Anti-Malware


Cannot install MBAM on infected system
 
Upvote 0 Downvote
Hi rtfgirl,
I had this error recently and solved it with a registry script I picked up from another site:
Code: 
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"
Copy this to your notepad and then save the file on your desktop with a file extension of .reg. Once on your desktop you should be able to import the file into the registry.

This script will change your registry, so you might want to backup the registry beforehand.

Marc
 
Upvote 0 Downvote
It may just be the shall's association with Exe files at fault.In which case the following mayu help.

Create a new text file, copy and paste in:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

Save file, rename as fixexes.reg

Doubleclick to install
 
Upvote 0 Downvote
Yes actually the reg file in MarcLodge's post is identical to Doug Knox' XP file association fix referred to in DrB0b's post. I have used this twice to fix a similar issue that the OP described.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Rick_
  • Locked
  • Question
Reliance Automax Exec V3 software
Replies
6
Views
462
Andrzejek
Andrzejek
Mike Lewis
  • Locked
  • Question
Using TASKKILL to close a bunch of EXEs
Replies
7
Views
548
mikrom
mikrom
terrytype
  • Locked
  • Question
Windows XP-Prof validation code.
Replies
10
Views
247
terrytype
terrytype
CDIV
  • Locked
  • Question
.EXE is not a valid Win32 Application 6
Replies
10
Views
289
spamjim
spamjim
krabban
  • Locked
  • Question
Dell OptiPlex 330 + SATA SSD + Win XP 2
Replies
11
Views
261
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top