Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help solve crazy Registry Problem


  • Please log in to reply

#1
Help Help

Help Help

    Member

  • Member
  • PipPip
  • 33 posts
Hi,
I ran into this place via google for some help.

A couple days ago somehow so very annoying virus called win 7 security tool overran my computer saying that I have a billion viruses and that I must pay for removal of so called viruses.
My malware bytes, etc couldnt load to take care of it, and I've heard thats due to the win7 virus making changes to the registry.

So earlier today, I found out I have to take care of the registry problems first before getting rid of the virus, so to google I went.

I followed these steps for removal of win7 and fixing the registry:
http://www.2-spyware...7-security.html

I tried to make this file through notepad and sending it to regedit to fix the exe and other file load problem:

[-HKEY_CURRENT_USERSoftwareClasses.exe]
[-HKEY_CURRENT_USERSoftwareClassessecfile]
[-HKEY_CLASSES_ROOTsecfile]
[-HKEY_CLASSES_ROOT.exeshellopencommand]

[HKEY_CLASSES_ROOTexefileshellopencommand]
@=""%1" %*"

[HKEY_CLASSES_ROOT.exe]
@="exefile"
"Content Type"="application/x-msdownload"


But that didnt work, it wouldn't go through my computer, so I followed the other way to do so, MANUALLY through regedit, as it walks you through on that site (http://www.2-spyware...7-security.html)

So I went through regedit manually and did as that site said, this:


Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"




After doing so, NO EXE FILES ARE LOADABLE. NOT even regedit, etc. The win7 virus is gone as the exe for it cant load as well, NO programs work. every time I try to get into a program it states this

"This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel"

So after doing the manual regedit as shown above a couple hours ago, I asked a friend that happens to be a computer geek for help and he downloaded a bootable regedit disk and did the following changes:

HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command.
Double-click the (Default) value in the right hand pane and delete the current value data, and then type:
"%1" %* exactly as shown including the quotes and asterisk.
Navigate to HKEY_CLASSES_ROOT\.exe
In the right-hand pane, set (default) to exefile


After doing that, SAME PROBLEM STILL EXISTS.

Thus I am here asking for help.

Please help : /

Edited by Help Help, 18 April 2010 - 04:17 PM.

  • 0

Advertisements


#2
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Do NOT play with registry, or you may make things even worse.

I suggest that you start a new topic in the Malware Removal and Spyware Removal area.

Before you start a new topic click on this link --> Malware and Spyware Cleaning Guide, Please read before starting a new topic. This will give you a few preparations to make, as well as instruction for posting your OTListIt2 log.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).
  • 0

#3
Help Help

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Just tried to run OTL on my laptop (the problem computer) and it can't load, as with all .exe : (
I'm on another computer posting messages right now as firefox cant load on the problem computer.
  • 0

#4
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
You have to start new topic at malware forum and if you can't perform some steps simply let malware people know.
  • 0

#5
diabillic

diabillic

    Member 1K

  • Member
  • PipPipPipPip
  • 1,370 posts
Theres a new piece of rogue malware that removes the .exe extension with explorer. I suggest you follow Broni's instructions.
  • 0

#6
Help Help

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Yep, I made a thread in that subsection. Thanks
  • 0

#7
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
You're welcome :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP