Ashamed to say it, but I have a virus...

Discussion in 'Computer Games and General Discussion' started by Danny Tanner, Mar 7, 2010.

Mar 7, 2010
  1. Danny Tanner
    OP

    Member Danny Tanner GBAtemp Fan

    Joined:
    Dec 28, 2009
    Messages:
    361
    Location:
    New York
    Country:
    United States
    I have the av.exe virus (which I got from a PSP theme site, nice!). I'm running safe mode right now, and I was able to delete the av.exe file from my computer, but I can access regedit.exe or msconfig.exe to do the rest of the cleaning. I am running Vista, and can't find any solutions online.

    Nearly every other function on Windows (such as changing the screen resolution), is not opening, and instead asking me with which program I'd like to open it. Any advice? [​IMG]
     
  2. Jamstruth

    Member Jamstruth Secondary Feline Anthropomorph

    Joined:
    Apr 23, 2009
    Messages:
    3,456
    Location:
    North East Scotland
    Country:
    United Kingdom
    Use a AntiVirus program while in Safe Mode, it should be able to clean up most of the damage from there but this virus sounds safe-mode proof
     
  3. Danny Tanner
    OP

    Member Danny Tanner GBAtemp Fan

    Joined:
    Dec 28, 2009
    Messages:
    361
    Location:
    New York
    Country:
    United States
    I tried to open my security software (Verizon Internet Security Suite, which is usually quite good) and did a complete spyware and antivirus scan, and both came up clean. One thing that makes me nervous is that when I search for regedit.exe and right-click, it gives the option 'start' in lower case like that. I actually just tried 'Run as Administrotor' and it opened, I just hope this is the real regedit (as I've never used it before and the files I'm supposed to remove aren't listed there).
     
  4. KevInChester

    Member KevInChester GBAtemp Fan

    Joined:
    Jul 29, 2009
    Messages:
    308
    Country:
    United Kingdom
    Open up Notepad and paste in the below, save as exefilefix.reg, then go to where you saved it and right click > merge, then reboot.

    Credit goes to:
    http://social.answers.microsoft.com/Forums...ae-111679b62782


    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\.EXE]
    @="exefile"
    "Content Type"="application/x-msdownload"

    [HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
    @="{098f2470-bae0-11cd-b579-08002b30bfeb}"

    [HKEY_CLASSES_ROOT\exefile]
    @="Application"
    "EditFlags"=hex:38,07,00,00
    "FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
    00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
    32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
    00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00

    [HKEY_CLASSES_ROOT\exefile\DefaultIcon]
    @="%1"

    [HKEY_CLASSES_ROOT\exefile\shell]

    [HKEY_CLASSES_ROOT\exefile\shell\open]
    "EditFlags"=hex:00,00,00,00

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"
    "IsolatedCommand"="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shell\runas]

    [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
    @="\"%1\" %*"
    "IsolatedCommand"="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shellex]

    [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
    @="{86C86720-42A0-1069-A2E8-08002B30309D}"

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]
     
  5. Danny Tanner
    OP

    Member Danny Tanner GBAtemp Fan

    Joined:
    Dec 28, 2009
    Messages:
    361
    Location:
    New York
    Country:
    United States
    Thanks KevIn, I'll try that now.

    AWESOME! It worked [​IMG]
     
  6. KevInChester

    Member KevInChester GBAtemp Fan

    Joined:
    Jul 29, 2009
    Messages:
    308
    Country:
    United Kingdom
    Glad to hear it [​IMG]
     

Share This Page