Basically, I just got spammed with, "YOU HAVE 1000000 INFECTED FILES, PLEASE UPDATE NOW!" and Firefox closed. I found a new process running in the Task Manager called ave.exe, found where it was located, deleted the process, then deleted the file. Now, Vista comes with a pop-up when I try to open any type of file, even .exe's. It's like the thing where you have to pick a program to open a new file type. Anyways, I opened Firefox with Firefox, and it wanted me to download and save a file called Firefox, but of course I hit no. Anyone know what's up with this? I was just reading FP with some other links open when it happened.
can you open .com files, like command.com?
If you can make a regedit.com, you can do this by going in CMD and type
cd /
cd /windows
copy regedit.exe regedit.com
start regedit.com
Then, edit the registry at
HKEY_CLASSES_ROOT \exefile\shell\open\command
edit default to be,
[code]"%1" %*[/code]
then go to
HKEY_CLASSES_ROOT\.exe
and set default to exefile
[url]http://lifehacker.com/5504531/the-complete-guide-to-saving-your-windows-system-with-a-thumb-drive[/url]
^ skip to the part about viruses.
Had the same problem too... Here's how to fix :D ( Well it worked for me :/ )
How to fix this problem! ( Is it called XP Anti-Malware, or XP Internet Security by any chance? )
XP Antimalware 2010 also know as XP Antimalware is a rogue antispyware program, clone of XP Internet Security 2010, which is also a rogue antispyware. Nothing new here, as before, the rogue distributed through the use of trojans. When the trojan is initialized, it will download and install core component of XP Antimalware 2010 onto your computer without your permission. The same trojan will also configure the fake security program in such a way as to run automatically when you start any program on your computer. Using the method of running, the rogue can block any your programs, including legitimate antivirus and antispyware applications.
When XP Antimalware 2010 is started, it will perform a full scan of your PC. It It will state that your computer is infected with trojans, adware or malware and that you should purchase its “full” version to remove these infections. Important to know, XP Antimalware 2010 only imitates a system scan, the rogue is not able to perform any type of security related functions. It can`t protect your PC, detect malware files and so on.
What is more, to make a more complete illusion that your computer is infected, XP Antimalware 2010 displays numerous false alerts that the security of your computer at risk, or that a file is infected with a dangerous trojan, etc. The rogue will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site. As the scan results, all these messages and alerts – a fake, so you can safely ignore them
Now here is how to remove it... Oh this fixes the exe. files not working like AVG
--------------------------------------------------------------------------------------------
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
----------------------------------------------------------------------------------------------------------
This is another method if the first does not work ( the first worked for me though so good luck :D )
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
-------------------------------------------------------------------------------------------------------------
Then use Malwarebytes to destroy all of the remains of this " Anti-Malware "
[URL="http:www.malwarebytes.org/"]http:www.malwarebytes.org/[/URL] - To download if you don't already have ( Official Site :D )
And there you have it! I wish you good luck!
What is this "anti-virus" calling itself?
This is actually important information.
[QUOTE=ForTehWolf...2!;21134817]can you open .com files, like command.com?
If you can make a regedit.com, you can do this by going in CMD and type
cd /
cd /windows
copy regedit.exe regedit.com
start regedit.com
Then, edit the registry at
HKEY_CLASSES_ROOT \exefile\shell\open\command
edit default to be,
[code]"%1" %*[/code]
then go to
HKEY_CLASSES_ROOT\.exe
and set default to exefile[/QUOTE]
It also might have some shit at Userinit to fix changes like this, I've noticed a lot of them do this, so you're going to want to check the values for Userinit
If I were you I would just use Malwarebytes ( if you are able too ), figure out where this stuff is and go into registry and manually delete it!
Well, Malwarebytes found all of this stuff, so I'll let it take care of it, but I'm going to be gone until Sunday, so I'll get back to this thread then.
Get Google Chrome and enable NoScript. I'm saying Chrome because even though Firefox has the exact same NoScript, Chrome has sandboxing, so even if a virus executable got through, it can only run inside the Chrome process, and not on your computer.
Sounds like a plan.
Sorry, you need to Log In to post a reply to this thread.
