• Broken .exe file association?
    7 replies, posted
So I had this virus, and I looked up how to get rid of it, and one of the walkthroughs said that before you did it, you would need some program that restores the .exe file association, because when the virus is removed it will break that association. However, my computer updated itself, and apparently got rid of the virus in the process, because when I first turned it on after the update and opened Task Manager to kill the virus process, the process never popped up, the various program initiation screens didn't come up (Antivirus, etc.), and nothing would open. I tried opening Steam and it said "What program would you like to open this file (steam.exe) with? I can open some things by proxy, like clicking a Notepad file and it opens it up in Notepad, but I need to restore full association. It's also affecting my ability to access the internet on that computer, because presumably the computer has a program that governs networking. Is there any way to restore the file association manually? I heard you can do it with REGEDIT but I haven't tried. I also have a copy of SEAtools that my friend gave me, but I don't know how much that would help.
hahaha. I remember this virus! Sounds like you got a virtu/virut variant virus! Yes, it fucks with your registry under the classes root hive. Try this (Copy and save this as a .reg file!) [code] Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" [HKEY_CLASSES_ROOT\.exe\PersistentHandler] @="{098f2470-bae0-11cd-b579-08002b30bfeb}" [/code]
I actually once did what the virus did by accident :v: Had to reformat :saddowns:
I removed the classes root hive from one of my former technicians because he was a bitch. he didn't find it amusing one bit. [editline]12:37PM[/editline] I love batch scripting and autoplay. :)
[QUOTE=Richard Simmons;24186732]hahaha. I remember this virus! Sounds like you got a virtu/virut variant virus! Yes, it fucks with your registry under the classes root hive. Try this (Copy and save this as a .reg file!) [code] Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" [HKEY_CLASSES_ROOT\.exe\PersistentHandler] @="{098f2470-bae0-11cd-b579-08002b30bfeb}" [/code][/QUOTE] Thanks, I'll be sure to try this next time I can get on my computer. My friends suggested reformatting, but that's not really an option for me, unless I can find an external HD that I can really depend on. Btw, is that for Windows XP? Probably a bad time to ask...
[QUOTE=ElectricSquid;24187870]Btw, is that for Windows XP? Probably a bad time to ask...[/QUOTE] No. It's for Windows 2000 - Windows 7.
[QUOTE=ElectricSquid;24187870]Thanks, I'll be sure to try this next time I can get on my computer. My friends suggested reformatting, but that's not really an option for me, unless I can find an external HD that I can really depend on. Btw, is that for Windows XP? Probably a bad time to ask...[/QUOTE] Normally doing a reinstall (no reformatting) can solve this issue. But if you had the virut variant.. you might want to be VERY careful on what you do. I normally delete any executable then attempt a reinstall. Repair may work as well. Reformatting WILL work. But every dipshit and a half can suggest a reimage for the most mundane of issues.
if the above .reg file for some reason doesn't work, you can also do this manually. here's a quote from a post I made in the windows forum regarding this issue: [quote]if the virus has messed with the .exe file association in the registry, it won't be easy to install things like MBAM until you fix this manually through the registry. The problem? the registry editor is called regedit[B].exe[/B] which means that if your file associations have been messed with, you won't be able to open it either. to fix it, simply navigate to your c:/windows/system32 where your regedit.exe file is located, change the file extension to [B].com[/B], this is the extension that executable files used in the old days, but they still work, now you can double click on regedit.com, and it should run. from here you can fix the file association for .exe manually: 1. Search for [B]HKEY_CLASSES_ROOT|.exe[/B] 2. Change the value listed for [B]Default[/B] to [B]exefile[/B] 3. Search for [B]HKEY_CLASSES_ROOT|.exefile|shell|open|command[/B] 4. Change the value for [B]Default[/B] to [B]”%1″%*[/B] 5. Reboot now that your file associations are fixed, you can continue to install malwarebytes (or run it if it previously wouldn't allow you to) and do a full scan under safe mode. remember that sometimes the full scan doesn't detect everything in one pass, so after the first scan, if it found a lot of objects, make sure to [B]scan again[/B] for any leftover threats. reformatting is usually not necessary in these cases, these viruses have been around for a long time and they are not very difficult to remove. as another user said, look under your users folder ([B]C:/Users[/B] in Vista and 7, [B]C:/Documents and Settings[/B] in XP) for any .exe files that shouldn't be there (most of them shouldn't, real programs don't install themselves there)...look mainly in the [B]Application Data[/B] folder and [B]Local Settings/Application Data[/B], these are hidden folders so make sure you enable the show hidden folders and files option.[/quote]
Sorry, you need to Log In to post a reply to this thread.