[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1263
  • Last Modified:

Desktop icons have lost their file association. All applications, under Programs also. Can't run regedit or any utility type programs. Viruses were found and cleaned but I can't get these back.

I'm trying to recover from this virus issue but my icons (shortcuts) and any application for that matter has lost it's file association.   Is there an easy way to recover this?   Any help please.

0
CAT27
Asked:
CAT27
  • 6
  • 5
  • 4
  • +4
1 Solution
 
LeeTutorretiredCommented:
There are a number of viruses that mess up the Registry data for running executable (.exe) files, so this can cause nothing to happen when you double click an .exe file in My Computer or try to execute one by putting the name in the Run dialog box off the Start Menu.  Various authors have come up with .reg (Registry) files to restore the proper contents.

For Windows XP, you can find one this way: go to the following page and click on the link for item number 12, "EXE Fix for Windows XP":

http://www.kellys-korner-xp.com/xp_tweaks.htm

You would need to download the .reg file to someplace convenient where you can access it, such as your Desktop, then double click it to merge the contents into the Registry and reboot the computer.

If double-clicking it doesn't work, try renaming regedit.exe to regedit.com and see if you can do it that way.

And if THAT doesn't work, try this tip from the following page:

http://www.dougknox.com/xp/file_assoc.htm

 If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files.  To work around this, press CTRL-ALT-DEL and open Task Manager.  Once there, click File, then hold down the CTRL key and click New Task (Run).  This will open a Command Prompt window.  Enter REGEDIT.EXE and press Enter.
 

The above page has fixes for other lost file associations, including shortcuts (.lnk files.)
 
0
 
rpggamergirlCommented:
After you've fix your file associations, can we look at your hijackthis log?

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.


0
 
FriarTukCommented:
can you boot into safe mode command prompt, if so try running system restore & select a date prior to when this started occurring

%systemroot%\system32\restore\rstrui.exe
http://support.microsoft.com/?kbid=304449    "xp sys rst from dos"
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MereteCommented:
run windows system file checker at start run type in cmd press enter then type in the blackbox sfc /scannow press enter you may need your xpcd.

perform a system restore at start all programs accesories system tools system restore
or restart the machin etapf8 continoulsy choose from the advanced options last known good config that worked choose a date. pres enter onthat windows will load the time frmae before anything was wrong and not infected.
Once malware has definately been removed its ok to restore so long as your system restore itself is not infected.
Merete

0
 
scrathcyboyCommented:
do a "repair" install, that restores all the basic system files.  Boot from the XP CD, and go through as if you are going to reinstall the OS, but you dont.  When it detects the existing OS on the drive, press "R" to repair the corrupted setup files.  YOu will be running in less than 30 mins.
0
 
LeeTutorretiredCommented:
CAT27, any feedback?
0
 
CAT27Author Commented:
I took the drives out and did a virus scan on them.   14 virus have been found.  Trojan.ByteVerify, Bloodhound.Morphine, Backdoor.Ranky, and Backdoor.Jupdate.    Norton Quarantined these virus.    I deleted them from the Quarantine area.  I also tried to locate them on the drive to delete them as well.  

Put drives back into system, rebooted.   Problem still there.   I've tried dougknox registry files but the won't write to the registry.  I can't run anything from the run command because of the association problem.   Nothing launches from the Control panel.   I'm about ready to reload but prefer not to if it can be resolved in another way.   I would like to try repair option from CD but I'm not 100% sure the virus issue is cleaned.  

Here's my updated, still trying to resolve.
Thanks
CAT
0
 
LeeTutorretiredCommented:
You tried the trick of using the Regedit.exe program by opening it in Task Manager?  You say the Doug Knox fixes won't write to the registry; is there an error message?
0
 
MereteCommented:
here's how to do a repair not a recovery.
a reinstallation of Windows XP, sometimes called a repair installation?

Configure your computer to start from the CD-ROM drive. Then insert your Windows XP Setup CD, and restart your computer.

When the Press any key to boot from CD message is displayed on your screen, press a key to start your computer from the Windows XP CD.
 
Press ENTER when you see the message To setup Windows XP now, and then press ENTER displayed on the Welcome to Setup screen.
 
 Do not choose the option to press R to use the Recovery Console.
 
In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
 
 Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
 
 Follow the instructions on the screen to complete Setup.
 
extra guide for illistrations just look below the writing for the pictures
http://www.webtree.ca/windowsxp/repair_xp.htm
0
 
rpggamergirlCommented:
C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt
start notepad look.txt

-------------------------------------------------------------------------
The problem could be the path variable, let's check it.
Copy all the text above the line to Notepad. Save as "look.bat"
Save as Type to *All Files
Save it on the desktop
Once saved, double click on the "look.bat" file.
A new document will appear (look.txt) on your desktop.
Open this document with Notepad and post its contents in your next reply.


If it is infact the path variable problem then "Fixpath2.zip" should fix it.

Download FIXPATH2.ZIP by Bill Stewart
http://internet.cybermesa.com/~bstewart/files/fixpath2.zip
*Extract the files to a folder in C:\, like C:\FIXPATH2 (make a folder like that to extract the files to).
*Open a command prompt window by going to Start > Run type: cmd and click Ok.
*At the command prompt, type: cd C:\ and press Enter, so you should get C:\>.
*Then type: cd FIXPATH2 and press Enter, So you should get: C:\>fixpath2.
*Then type: FIXPATH.EXE and press Enter.
*It will display some preliminary information, and ask if it should continue and check for errors. Click Yes.
*If it successfully updates the Path value in the registry, you will need to
*reboot for the change to take effect. !! This is really important !!
0
 
CAT27Author Commented:
Thank you for all of the great suggestions.  I have not been able to work on this today but plan on trying your suggestions tomorrow.  I will let you know how it goes. Again thanks
0
 
FriarTukCommented:
when you removed the drives & ran norton on them, i assume you booted from another computer's drive, if so did you boot into safe mode to run norton (this makes a big difference)?

when you put the drive back into your pc, boot into safe mode & turn off system restore (system prop's - system restore tab, check turn off system restore),

then boot into safe mode command prompt:
1) del temp inet files
rd /s /q "C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\"
2) navigate to your temp folder & delete suspicious programs & dlls
cd\ "C:\Documents and Settings\<username>\Local Settings\Temp\"
3) try to copy regedit.exe to regedit.com & then try running regedit.com.
0
 
CAT27Author Commented:
Ok. Update Info

To scan I've removed the hard drive and placed it into a USB hard drive that is placed on a working machine.   This drive should be virus free.  I've scanned it many times, plus manually removed the corrupt files if I could find them.

When I put it back into the system to boot (In safe mode), I always get a dialog box with encrypted symbols prior to login.  It forces me to hit ok, not able to close this dialog box with x in right upper corner of the window.   I'm not able to apply any of the fixes mentioned because nothing will launch.

This is Windows XP Media, not able to repair like mentioned above.   Also, not able to load any new applications to try to fix this.  I've tried to restore back to Ma 15 but that has not worked either.

I'm still working on this.  Thanks for suggestions please add more if you have anything else to add. Thanks
0
 
rpggamergirlCommented:
I've suggested to let us look at your hijackthis log, and also show us the look.txt  
but you didn't reply on either one.
0
 
MereteCommented:
can you perform a repair from Medi cneter recovery console.
Windows XP Media Center Edition 2004 - Recovery Procedure
with illistrated pictures
http://www.fujitsu-siemens.co.uk/rl/servicesupport/techsupport/Consumer/MediaCenter/FAQ/MC_RecoveryProcedure.htm
0
 
FriarTukCommented:
he can't boot to run hijackthis on his drive, unless attached to another computer so it won't read his registry & windows system files

while connected to the other pc in the usb enclosure
1) navigate to each user's local settings & delete temp exe & dll files, next delete the entire temp inet folders, 2) navigate to each user's start menu startup folder & remove any suspicious programs

3) follow below instructions to load the hive from the user folder on your drive - navigating to the run areas in hklm & hkcu to remove unwanted startup programs

http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm
(HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

*** addendum to above link's - to load local machine software settings
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

Highlight HKEY_LOCAL_MACHINE, choose  "Load hive" from the File menu, open
           C:\Windows\system32\config\software    (no extension).
When asked for a name, choose "OldSoftware".  Access/backup/change the keys you're interested in. Once you're done, highlight the "OldSoftware" key, choose "Unload hive" from the file menu.

0
 
CAT27Author Commented:
I've tried all of your suggestions! Thanks, but have run out of time and just did a re-install.  
0
 
MereteCommented:
then my suggestion has resolved it as I offered the repair option twice one for xp and one for Media center.
0
 
FriarTukCommented:
i believe scrathcyboy first mentioned doing a repair install, which also is not the same as doing a complete o/s re-install.
0
 
CAT27Author Commented:
Please close this question.  I resolved this myself by doing a brand new install onto a brand new hard drive.   Thanks for the suggestions.
0
 
FriarTukCommented:
cat, you must submit a new question in community support asking for a refund (include the url to this thread)
see here for more info->  http://www.experts-exchange.com/help.jsp#hi70
0
 
GhostModCommented:
Closed, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now