system can't recgonize .exe files after removing malware

rocking horse

New Member
My computer was infected with Vista Guardian 2010 two days ago. I first ran a full scan using McAfee but didn't detect anything. Following a friend's advice, I then ran Windows Update on the system. After restarting, I lost my desktop, only a small window saying "Personalizing the personal setting of your Internet Explorer" and it stayed there for ever. I managed to get online through Task Manager by hiting ctrl+alt+del. Then I downloaded Microsoft Security Essential and it found two malwares. I clicked "Remove Now" to the first one and my desktop came back. So when the second message prompted me to "Restart Now", I restared my computer while the scanning was still running. After restarting, everything was fine except a bit slower than before. But when I tried to open any .exe file (like IE browser, Firefox browser, MS Security Essential), none of them would open. The system keeps asking me which software I want to use to open the file, and still wouldn't open. I cannot open any browsers and cannot get online now. What should I do? (I tried in Safemode, and didn't work either). Thanks a lot!
 

My Computer

richc46

Vista Guru
Gold Member
Seems that the malware has caused a lot of problems. If it were my computer, I would go back about a week before there was any possiblity of infection and do a system restore. The upside, you will be 100% back to normal. The downside, any changes that you made (programs etc) betwenn today's date and the restore point date will have to be done over.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT

richc46

Vista Guru
Gold Member
Hope that you can report back with good news tonight, rocking horse
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT

Corrine

Banned
Hi, rocking horse.

Please do the following:

1. Launch Notepad (If you do not know where to locate Notepad do the following: Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK. Type the word notepad following the > symbol. >notepad and press enter.

2. Copy and past the text in the code box below into Notepad:

Code:
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]
3. Save the file as "FixExe.reg" (without quotation-marks) to your Desktop. NOTE: choose Save as type: All files

4. Double-click on the FixExe.reg file. When Windows prompts whether or not you want to allow the data to be added to your computer, click on the Yes button.

Please download Malwarebytes' Anti-Malware to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
 

My Computer

rocking horse

New Member
Corrine, thank you for your advice. I also found the following code which claims to be able to restore the exe files. There are more codes than yours. Are they working the same way? Which one would be better for my vista home premium 64bits?

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.EXE]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]

Thank you a lot (I am really frustrated by this.)
 

My Computer

Top