Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Open With..." Virus [Closed]


  • This topic is locked This topic is locked

#1
superwin

superwin

    Member

  • Member
  • PipPip
  • 28 posts
Hello,

I've been experiencing this virus where it opens the "open with..." window everytime I double click some icons on the desktop. I've been using right click - start to open programs. Please help me with this.

Thank you.

Edit: I have tried scanning my computer with MBAM but it didn't help much.

Edited by superwin, 05 December 2011 - 09:45 PM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, superwin! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.



Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 4.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 5.

Please Post:

both RkReport.txt files
aswMBR log
OTL.txt
Extras.txt



How is your computer doing? Have your wallpaper and icons reappeared?
  • 0

#3
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Ok so this is the RKreport.txt




RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Erwin [Admin rights]
Mode: Remove -- Date : 12/06/2011 20:16:14

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Users\Erwin\AppData\Local\igc.exe" -a "%1" %*) -> REPLACED ("%1" %*)

¤¤¤ Particular Files / Folders: ¤¤¤
[FOLDER] plugs : c:\users\erwin\appdata\roaming\adobe\plugs --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Remember run RogueKiller twice. Once selecting option 2 and once selecting option 6!
  • 0

#5
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
After I ran option 2, the icons seems to be working fine. I can double click them and "open with..." window wouldn't come up.
I wasn't able to run the option 6. It stays in this state for about 15 minutes. Is it supposed to be like that?




----------------- RogueKiller V6.1.12 by Tigzy -----------------
------------ contact at http://www.sur-la-toile.com -----------
--------------- mail: tigzyRK<at>gmail<dot>com ----------------

Searching bad windows...

Searching bad processes...

Searching hidden processes running...

Searching bad services running...

Searching for new version online...

------------------------
-- 1. Scan --
-- 2. Delete --
-- 3. Hosts fix --
-- 4. Proxy fix --
-- 5. DNS fix --
-- 6. Shortcuts HJfix --
-- --
-- 0. Exit --
------------------------

In order to improve it, RogueKiller sends
the report to the developer. These datas aren't sensitive
If you don't agree, please type 0


Enter your choice and press [Enter]
6

Hijack Shortcuts:
=================
--- Backup : No backup found ---
--- Desktop ---
--- Quick launch ---
--- Programs ---

Edited by superwin, 06 December 2011 - 10:39 PM.

  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Delete it and redownload it.
  • 0

#7
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here's the report after running option 6:




RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Erwin [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/07/2011 16:27:03

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 11 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 200 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 6 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 56 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 165 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#8
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
For Step 3, it asked me to download Avast Virus database. Do I need to download it or I can just scan without it?
  • 0

#9
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I downloaded the virus database and did the scan. Here's the txt file.




aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 16:33:03
-----------------------------
16:33:03.031 OS Version: Windows x64 6.1.7600
16:33:03.031 Number of processors: 2 586 0x170A
16:33:03.031 ComputerName: ERWIN-PC UserName: Erwin
16:33:31.564 Initialize success
16:36:37.683 AVAST engine defs: 11120701
16:37:22.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:22.610 Disk 0 Vendor: FUJITSU_ 0040 Size: 476940MB BusType: 3
16:37:22.615 Disk 0 MBR read error 0
16:37:22.619 Disk 0 MBR scan
16:37:22.626 Disk 0 unknown MBR code
16:37:22.631 MBR BIOS signature not found 0
16:37:22.637 Service scanning
16:37:24.449 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
16:37:25.064 Modules scanning
16:37:25.071 Disk 0 trace - called modules:
16:37:25.092 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spab.sys hal.dll
16:37:25.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc5680]
16:37:25.107 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004aea050]
16:38:15.675 AVAST engine scan C:\windows
16:39:00.895 AVAST engine scan C:\windows\system32
16:39:10.906 AVAST engine scan C:\windows\system32\drivers
16:39:20.915 AVAST engine scan C:\Users\Erwin
16:39:30.925 AVAST engine scan C:\ProgramData
16:39:30.934 Scan finished successfully
16:39:59.428 Disk 0 MBR has been saved successfully to "C:\Users\Erwin\Desktop\MBR.dat"
16:39:59.429 The log file has been saved successfully to "C:\Users\Erwin\Desktop\aswMBR.txt"
  • 0

#10
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Not able to run OTL. It's stuck in "getting drive info" state for about 20 minutes, then the program is not responding.
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK we can try this:

Step 1.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Please download OTL.scr and paste in the custom scan text and see if it runs


Step 2.

Try downloading the OTL.scr version of OTL.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

RogueKiller log
OTL.txt
Extras.txt


Also give me any updates on your computer's symptoms.
  • 0

#12
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Ok, here's the RKreport for option 2 after I reran it.


RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Erwin [Admin rights]
Mode: Remove -- Date : 12/07/2011 19:04:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#13
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
the OTL.scr link does not work.

When I tried to delete the old OTL.exe, it took a little bit longer than when I try to delete other file. Is that normal?
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
That is not normal we will have to try something else. I need to put an alternate plan together and will have it ready for you tomorrow afternoon Central time here in the US.

But please get me one more piece of information.


Do the following:
Start -> Run.
Type diskmgmt.msc .
Click "OK".

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen shot of the Disk Management Window and attach the screen shot to your reply.


To do this follow these steps:

  • Press Alt and Print Screen button on your keyboard
  • Open Paint program
  • From the menu choose Edit then Paste
  • Now save the picture as a .jpg file and attach it here for me.





CompCav

Edited by CompCav, 07 December 2011 - 10:06 PM.

  • 0

#15
superwin

superwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
It doesn't show anything when I open the diskmgmt. It only shows blank window as shown in attachment.
One thing I notice is I wasnt able to open Windows media player.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP