Nasty virus on my machine.

Not sure if this is the right place to post. But here goes.
I think I have a nasty virus or Spyware on my machine. I am running windows XP, with NORTON antivirus 2005 installed. I cannot run any programs on my machine, and something has deleted my NORTON. I can’t run any .EXE files, and all my file associations have gone to CRAP. I  am also receiving tons of FU$%ING annoying  popups from:

 I have tried a repair install of Windows, with no luck. Restore has been corrupted, and I can’t open any .exe files downloaded from the internet or from my removable drive. The funny thing is I can open the files on my removable drive from my laptop. Is there any way to get these bastards of my machine?
 I can provide more info if needed.

I have a print screen of my machine at:

Thanks for any help,


Who is Participating?
Tony GimenezInternshipCommented:
First try to fix that broken exe association by following the tutorial here.

Tell me how it goes.
Can you reboot to Safe Mode?  Restart your computer and press the F8 key on boot and choose safe mode.  

Then if you can go to Start, Run, type "msconfig" without the quotes, press enter.  

Go to the startup tab and take everything out, go to the service tab and check "Hide all microsoft services" then uncheck everything else in there.  Then go to the registry by clicking start, run, type "regedit" without the quotes.  Navigate to Local machine, software, microsoft, windows, current version, run.  Click the run key and see if there are any strange entries on the right side.  If so remove them.  You could leave things like antivirus and such, but since it's not working anyways then you could just go ahead and remove all things listed there.  

Then I would reboot and go back press F8 on boot, and this time go to "safe mode with network support"

From there try downloading adaware, spybot and do an online virus scan.  

If you can't get to msconfig or regedit then post back and we will try something else.
yogiyogi69Author Commented:
Tried to run msconfig and regedit, no dice. Heres what I get

and I still get the popus in safemode. Also can download spybot and adaware, but I cant open the file.

Thanx mistymisty
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

from the screenshot you have sent, I can easily that the problem is worse than what you have described. its not just the .exe files, i can see that your .lnk association as also gone bad, and if i am guessing it right, and if its indeed virus caused, most probably other extensions like .reg / .pif / .scr / .bat / .com are also not working on your system. i hope that the file system that you have on your system is FAT32, coz if it is, then it will be easy for you to recover faster from this situation. all you need is a Win98SE bootdisk and get McAfee's "stinger" tool. boot from the 98 bootable disk and run the stinger tool.
alternatively, if you can, get an antivirus (e.g.) trendmicro that provides creating emergency boot disk that includes antivirus detection and removal. boot from it and run the virus cleaner from dos prompt.

BTW, if once your .exe problem gets resolved, (and i hope you have winzip and it starts to work after that) go here :

this has a complete list of file association fixes that you require in your case.

but, yes, for these to work, your .reg association should be working.

hope this helps.

do let me know if you need more help.

Carpe Diem.
in fact i would recommend that you visit the page i provided first. it has described everything, like how to correct .zip associations, and use the tools directly. it will get you up and running in minutes. read the note given in red on how to use the files from that site in case .exe association is not working or you want to import the .reg files to registry. one more thing, at times, some viruses rename files so as to cause search failures. so if regedit.exe doesnt work, try might just work. All kind of virus tricks used these days.  :-)

will wait for your reply.
Carpe diem.
Download Stinger here:

More info on this tool here :

Carpe Diem
Alternately, you may download from site and run it. This utility fixes the exefile association in the registry automatically.

download link :

BTW, it looks like a sircam infection .... read this
You cannot start programs when your computer is infected with the SirCam virus (

or it may be the Swen worm ... read this
You receive an error message when you try to start a program that has an .exe file name extension (

i think that is a lot of info together.... take time to read and see what works best for you...

Carpe diem.
lojk.Net and Infrastructure ConsultantCommented:
Repairing installations is generally not a great idea.

Salvage the data from the disk using something like Barts Boot Disk or Yeungs WinPe and just format the disk and install a clean installation. It will drastically reduce the chance of reinfection, not to mention saving a *boat load* of hassle...
See if hijackthis runs, if it doesn't try renaming it. Have you tried fixing your file associations as already suggested?

Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> 
and click "Analyse", click "Save".  Then post the link to the saved list here.
yogiyogi69Author Commented:
Well it looks like I may have my associations back "whew". I am able to run programs now etc...............

Here is my hijackthis logfile:

Also my desktop background has changed to black and on the lower right hand of the screen it reads:
"Your computer is in danger!
Windows security center has detected adware/spyware infection!
It is strongly recommended to use special antispyware tools to prevent data loss.

Thanks for all your help guys and girls...........................

A lot of bad entries there! at least 2 infections showing.
Please download and run this 2 tools and then post a new link to a fresh Hijackthis log, so we can check what bad entries are left behind.

1. Please download Look2Me-Destroyer.exe to your desktop.
Close all windows before continuing.
Double-click "Look2Me-Destroyer.exe" to run it.
Put a check next to "Run this program as a task".
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the "Scan for L2M" button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the "Remove L2M" button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.

Please post the contents of C:\Look2Me-Destroyer.txt.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

2. Please download SmitfraudFix:
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
Once in Safe Mode, open the SmitfraudFix folder again and double-click
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
I am glad your associations have been restored and the system is working now.
You didnt mention what worked? and what about the .lnk files... it was showing in the screenshot that they too were not working, is that restored too?
looking at your hijackthis log, your system does have a virus & spyware infection.

I am not so sure if your norton is still working or not as you said something deleted your norton. I gave you the link for the stinger tool. its a basic scan and removal tool for the latest most common viruses (not an alternative for an antivirus, just the latest common threats). have you tried a system scan with it yet. if not, do it now, and if norton is restored to proper working conditions (maybe you need to reinstall a fresh copy) upgrade the antivirus definitions and run a full system scan for viruses. that would take care of your virus problem.

for your spyware infection, Ad-Aware SE or Spyware Doctor are two "really good" spyware detection and auto-removal tools. Ewido is another similar software for spyware removal.
the shortest and fastest way to disable those browser hijack infections till the time you are run the spyware removal tool is given here:

1. open IE properties window (in IE windows, go to tools > options)
2. go to the advanced tab
3. scroll down to the line "enable third party browser extension(requires restart)"
4. uncheck this option and save the changes by clicking OK.

this temporarily disables all the external toolbars/BHO that got installed due to spyware infection. now you can run Ad-Aware/Spyware Doctor to do a complete scan and auto-removal of all spywares installed on the system. whichever product you choose to use, make sure you update the definitions database from the internet first to get the latest protection.

Carpe Diem.
yogiyogi69Author Commented:
Sorry it has taken me so long to get back, but I have been busy working.
All of the tools used on my machine seemed to have gotten rid of the infection and the file extensions are back to normal (GREAT TOOLS). Im still getting a few popups though, and my file extensions seemed to have gotten corupt again, but I followed the instructions again above and they work again now. I'm running a virus scan using NORTON, and so far 10 have been detected.  SmitfraudFix and Look2Me-Destroyer worked great with those damn malware and spyware programs, but i'm contemplating just formatting and starting over.

Thank you all for your help and concern, it is much appreciated..................:)

Perhaps formatting and starting afresh is the best, :)

Closing Questions:

Or post at Community Support to ask your question to be closed:

lojk.Net and Infrastructure ConsultantCommented:
as I said before rpggamergirl, format and fresh prep is *nearly always* the best way to go... Copying the data to another machine with *decent* antivirus will scrub the files during the copy process ready for when you copy them back.

I have just put a fiver on my table to say that this poor bod might be posting a similar question in a few weeks... :-(
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.