Ashamed to say it, but I have a virus...

Discussion in 'Computer Games and General Discussion' started by Danny Tanner, Mar 7, 2010.

  1. Danny Tanner
    OP

    Danny Tanner GBAtemp Fan

    Member
    361
    0
    Dec 28, 2009
    United States
    New York
    I have the av.exe virus (which I got from a PSP theme site, nice!). I'm running safe mode right now, and I was able to delete the av.exe file from my computer, but I can access regedit.exe or msconfig.exe to do the rest of the cleaning. I am running Vista, and can't find any solutions online.

    Nearly every other function on Windows (such as changing the screen resolution), is not opening, and instead asking me with which program I'd like to open it. Any advice? [​IMG]
     
  2. Jamstruth

    Jamstruth Secondary Feline Anthropomorph

    Member
    3,456
    183
    Apr 23, 2009
    North East Scotland
    Use a AntiVirus program while in Safe Mode, it should be able to clean up most of the damage from there but this virus sounds safe-mode proof
     
  3. Danny Tanner
    OP

    Danny Tanner GBAtemp Fan

    Member
    361
    0
    Dec 28, 2009
    United States
    New York
    I tried to open my security software (Verizon Internet Security Suite, which is usually quite good) and did a complete spyware and antivirus scan, and both came up clean. One thing that makes me nervous is that when I search for regedit.exe and right-click, it gives the option 'start' in lower case like that. I actually just tried 'Run as Administrotor' and it opened, I just hope this is the real regedit (as I've never used it before and the files I'm supposed to remove aren't listed there).
     
  4. KevInChester

    KevInChester GBAtemp Fan

    Member
    308
    2
    Jul 29, 2009
    Open up Notepad and paste in the below, save as exefilefix.reg, then go to where you saved it and right click > merge, then reboot.

    Credit goes to:
    http://social.answers.microsoft.com/Forums...ae-111679b62782


    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\.EXE]
    @="exefile"
    "Content Type"="application/x-msdownload"

    [HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
    @="{098f2470-bae0-11cd-b579-08002b30bfeb}"

    [HKEY_CLASSES_ROOT\exefile]
    @="Application"
    "EditFlags"=hex:38,07,00,00
    "FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
    00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
    32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
    00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00

    [HKEY_CLASSES_ROOT\exefile\DefaultIcon]
    @="%1"

    [HKEY_CLASSES_ROOT\exefile\shell]

    [HKEY_CLASSES_ROOT\exefile\shell\open]
    "EditFlags"=hex:00,00,00,00

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"
    "IsolatedCommand"="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shell\runas]

    [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
    @="\"%1\" %*"
    "IsolatedCommand"="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shellex]

    [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
    @="{86C86720-42A0-1069-A2E8-08002B30309D}"

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]
     
  5. Danny Tanner
    OP

    Danny Tanner GBAtemp Fan

    Member
    361
    0
    Dec 28, 2009
    United States
    New York
    Thanks KevIn, I'll try that now.

    AWESOME! It worked [​IMG]
     
  6. KevInChester

    KevInChester GBAtemp Fan

    Member
    308
    2
    Jul 29, 2009
    Glad to hear it [​IMG]