PDA

View Full Version : registry infected?



hoanikai
14-01-2012, 10:49 AM
Good day folks,

After a good run, my pc has suffered a virus raid.
I run eset NOD32 and it picked up the threat strght away.
However this morning I can't open firefox.exe ad a number of others.
It appears that the registry values that associate with file name extension are corrupted.

any clues?
i run windows xp pro

Speedy Gonzales
14-01-2012, 11:01 AM
Scan it with malwarebytes update it first. Then do a full scan. I would also run trojan remover. (http://www.simplysup.com) Update then click on scan. Then reset everything under the utils menu

hoanikai
14-01-2012, 11:06 AM
thanks speedy, however when malwarebytes downloaded, i cant open and run the exe file...don't have malwarebytes onboard.
any ideas

bevy121
14-01-2012, 11:16 AM
try downloading again, but rename it to something else before downloading, see if that works

wainuitech
14-01-2012, 11:36 AM
If the File associations have been changed/ damaged, go HERE (http://www.dougknox.com/xp/file_assoc.htm) Download the appropriate file for the association you want, merge it into the reg and it should fix it. ( try the exe)

Had a customer a few weeks back, he managed to get some malware and it totally screwed all exe files, ran the exe fix, and all was well.

feersumendjinn
14-01-2012, 11:37 AM
Go to the BleepingComputer site
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
Halfway down that page, you'll see a reference to Rkill, download and run that first (DONT reboot) then download and run MalwareBytes.
What's happening is that you are still infected, and that infection is running processes that is actively stopping you downloading/running anything to fix it, Rkill should stop that process.

hoanikai
14-01-2012, 12:17 PM
thanks so far...
have managed to get malwarebtes onboard..scanning now

pctek
14-01-2012, 12:30 PM
If after scanning with all known good malware checkers, and I'd do a Hijackthis too - it's still screwed up, do a Windows Repair install.

hoanikai
14-01-2012, 01:13 PM
malwarebytes scan completed...3 threats found and quarantined.
can open .exe & .com again
got super anti spyware scanning now
will post more later..
thanks everyone

hoanikai
15-01-2012, 11:53 AM
hello folks,

have just managed to get back online

a few more threats found on super anti spyware scan
then did a crap cleaner workover registry included
seems like everything is running well again.
the rkill did the trick.

thanks for everyones help.

Question:
I am running eset NOD32 in conjunction with a windows firewall,
should i add a purely malware protection program that is running continually in the same way as the eset?

Please get back to me if you can help.
Perhaps I should make this a new post

Speedy Gonzales
15-01-2012, 03:21 PM
Dont run too many anti malware programs in the background. They'll conflict

feersumendjinn
15-01-2012, 08:54 PM
the rkill did the trick.
Good to hear it's sorted, and thanks for letting us know.
Wish more people gave us some feedback, helps everyone.

hoanikai
16-01-2012, 09:56 AM
Good to hear it's sorted, and thanks for letting us know.
Wish more people gave us some feedback, helps everyone.
you're welcome...a little common courtesy goes a long way

dugimodo
16-01-2012, 10:25 AM
I'd suggest Use 2 good antimalware programs and run them once a month. too many resident programs just cause issues and aren't as good as a full scan anyway.
In my experience a lot of malware comes from not being careful when browsing and can be avoided with a little care.

For example, any time a website claims you have malware or virus's (Virii?) close all browser windows and don't click yes to anything, run your own anti-virus / anti-malware software if you're concerned.
If the broswer won't close use task manager and force it to.
If any anti-virus software you don't remember installing tries to run, kill it! and use your own.
Basically treat all website based warnings and pop-ups as dodgy scams & malware unless you are sure of the site.
The hardest part - educating anyone else who uses the computer to do the same, tell them not to install anything or respond to any warnings without your say so.