Solved

Desktop icons have lost their file association.  All applications, under Programs also.  Can't run regedit or any utility type programs.   Viruses were found and cleaned but I can't get these back.

Posted on 2006-07-21
25
1,249 Views
Last Modified: 2012-06-21
I'm trying to recover from this virus issue but my icons (shortcuts) and any application for that matter has lost it's file association.   Is there an easy way to recover this?   Any help please.

0
Comment
Question by:CAT27
  • 6
  • 5
  • 4
  • +4
25 Comments
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17158046
There are a number of viruses that mess up the Registry data for running executable (.exe) files, so this can cause nothing to happen when you double click an .exe file in My Computer or try to execute one by putting the name in the Run dialog box off the Start Menu.  Various authors have come up with .reg (Registry) files to restore the proper contents.

For Windows XP, you can find one this way: go to the following page and click on the link for item number 12, "EXE Fix for Windows XP":

http://www.kellys-korner-xp.com/xp_tweaks.htm

You would need to download the .reg file to someplace convenient where you can access it, such as your Desktop, then double click it to merge the contents into the Registry and reboot the computer.

If double-clicking it doesn't work, try renaming regedit.exe to regedit.com and see if you can do it that way.

And if THAT doesn't work, try this tip from the following page:

http://www.dougknox.com/xp/file_assoc.htm

 If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files.  To work around this, press CTRL-ALT-DEL and open Task Manager.  Once there, click File, then hold down the CTRL key and click New Task (Run).  This will open a Command Prompt window.  Enter REGEDIT.EXE and press Enter.
 

The above page has fixes for other lost file associations, including shortcuts (.lnk files.)
 
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17158412
After you've fix your file associations, can we look at your hijackthis log?

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.


0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 17158445
can you boot into safe mode command prompt, if so try running system restore & select a date prior to when this started occurring

%systemroot%\system32\restore\rstrui.exe
http://support.microsoft.com/?kbid=304449    "xp sys rst from dos"
0
 
LVL 69

Expert Comment

by:Merete
ID: 17158586
run windows system file checker at start run type in cmd press enter then type in the blackbox sfc /scannow press enter you may need your xpcd.

perform a system restore at start all programs accesories system tools system restore
or restart the machin etapf8 continoulsy choose from the advanced options last known good config that worked choose a date. pres enter onthat windows will load the time frmae before anything was wrong and not infected.
Once malware has definately been removed its ok to restore so long as your system restore itself is not infected.
Merete

0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17161900
do a "repair" install, that restores all the basic system files.  Boot from the XP CD, and go through as if you are going to reinstall the OS, but you dont.  When it detects the existing OS on the drive, press "R" to repair the corrupted setup files.  YOu will be running in less than 30 mins.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17163061
CAT27, any feedback?
0
 

Author Comment

by:CAT27
ID: 17176940
I took the drives out and did a virus scan on them.   14 virus have been found.  Trojan.ByteVerify, Bloodhound.Morphine, Backdoor.Ranky, and Backdoor.Jupdate.    Norton Quarantined these virus.    I deleted them from the Quarantine area.  I also tried to locate them on the drive to delete them as well.  

Put drives back into system, rebooted.   Problem still there.   I've tried dougknox registry files but the won't write to the registry.  I can't run anything from the run command because of the association problem.   Nothing launches from the Control panel.   I'm about ready to reload but prefer not to if it can be resolved in another way.   I would like to try repair option from CD but I'm not 100% sure the virus issue is cleaned.  

Here's my updated, still trying to resolve.
Thanks
CAT
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17177049
You tried the trick of using the Regedit.exe program by opening it in Task Manager?  You say the Doug Knox fixes won't write to the registry; is there an error message?
0
 
LVL 69

Expert Comment

by:Merete
ID: 17180433
here's how to do a repair not a recovery.
a reinstallation of Windows XP, sometimes called a repair installation?

Configure your computer to start from the CD-ROM drive. Then insert your Windows XP Setup CD, and restart your computer.

When the Press any key to boot from CD message is displayed on your screen, press a key to start your computer from the Windows XP CD.
 
Press ENTER when you see the message To setup Windows XP now, and then press ENTER displayed on the Welcome to Setup screen.
 
 Do not choose the option to press R to use the Recovery Console.
 
In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
 
 Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
 
 Follow the instructions on the screen to complete Setup.
 
extra guide for illistrations just look below the writing for the pictures
http://www.webtree.ca/windowsxp/repair_xp.htm
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17180504
C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt
start notepad look.txt

-------------------------------------------------------------------------
The problem could be the path variable, let's check it.
Copy all the text above the line to Notepad. Save as "look.bat"
Save as Type to *All Files
Save it on the desktop
Once saved, double click on the "look.bat" file.
A new document will appear (look.txt) on your desktop.
Open this document with Notepad and post its contents in your next reply.


If it is infact the path variable problem then "Fixpath2.zip" should fix it.

Download FIXPATH2.ZIP by Bill Stewart
http://internet.cybermesa.com/~bstewart/files/fixpath2.zip
*Extract the files to a folder in C:\, like C:\FIXPATH2 (make a folder like that to extract the files to).
*Open a command prompt window by going to Start > Run type: cmd and click Ok.
*At the command prompt, type: cd C:\ and press Enter, so you should get C:\>.
*Then type: cd FIXPATH2 and press Enter, So you should get: C:\>fixpath2.
*Then type: FIXPATH.EXE and press Enter.
*It will display some preliminary information, and ask if it should continue and check for errors. Click Yes.
*If it successfully updates the Path value in the registry, you will need to
*reboot for the change to take effect. !! This is really important !!
0
 

Author Comment

by:CAT27
ID: 17181214
Thank you for all of the great suggestions.  I have not been able to work on this today but plan on trying your suggestions tomorrow.  I will let you know how it goes. Again thanks
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 14

Expert Comment

by:FriarTuk
ID: 17181257
when you removed the drives & ran norton on them, i assume you booted from another computer's drive, if so did you boot into safe mode to run norton (this makes a big difference)?

when you put the drive back into your pc, boot into safe mode & turn off system restore (system prop's - system restore tab, check turn off system restore),

then boot into safe mode command prompt:
1) del temp inet files
rd /s /q "C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\"
2) navigate to your temp folder & delete suspicious programs & dlls
cd\ "C:\Documents and Settings\<username>\Local Settings\Temp\"
3) try to copy regedit.exe to regedit.com & then try running regedit.com.
0
 

Author Comment

by:CAT27
ID: 17203199
Ok. Update Info

To scan I've removed the hard drive and placed it into a USB hard drive that is placed on a working machine.   This drive should be virus free.  I've scanned it many times, plus manually removed the corrupt files if I could find them.

When I put it back into the system to boot (In safe mode), I always get a dialog box with encrypted symbols prior to login.  It forces me to hit ok, not able to close this dialog box with x in right upper corner of the window.   I'm not able to apply any of the fixes mentioned because nothing will launch.

This is Windows XP Media, not able to repair like mentioned above.   Also, not able to load any new applications to try to fix this.  I've tried to restore back to Ma 15 but that has not worked either.

I'm still working on this.  Thanks for suggestions please add more if you have anything else to add. Thanks
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17205812
I've suggested to let us look at your hijackthis log, and also show us the look.txt  
but you didn't reply on either one.
0
 
LVL 69

Expert Comment

by:Merete
ID: 17206195
can you perform a repair from Medi cneter recovery console.
Windows XP Media Center Edition 2004 - Recovery Procedure
with illistrated pictures
http://www.fujitsu-siemens.co.uk/rl/servicesupport/techsupport/Consumer/MediaCenter/FAQ/MC_RecoveryProcedure.htm
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 17206279
he can't boot to run hijackthis on his drive, unless attached to another computer so it won't read his registry & windows system files

while connected to the other pc in the usb enclosure
1) navigate to each user's local settings & delete temp exe & dll files, next delete the entire temp inet folders, 2) navigate to each user's start menu startup folder & remove any suspicious programs

3) follow below instructions to load the hive from the user folder on your drive - navigating to the run areas in hklm & hkcu to remove unwanted startup programs

http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm
(HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

*** addendum to above link's - to load local machine software settings
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

Highlight HKEY_LOCAL_MACHINE, choose  "Load hive" from the File menu, open
           C:\Windows\system32\config\software    (no extension).
When asked for a name, choose "OldSoftware".  Access/backup/change the keys you're interested in. Once you're done, highlight the "OldSoftware" key, choose "Unload hive" from the file menu.

0
 

Author Comment

by:CAT27
ID: 17216463
I've tried all of your suggestions! Thanks, but have run out of time and just did a re-install.  
0
 
LVL 69

Expert Comment

by:Merete
ID: 17219795
then my suggestion has resolved it as I offered the repair option twice one for xp and one for Media center.
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 17221358
i believe scrathcyboy first mentioned doing a repair install, which also is not the same as doing a complete o/s re-install.
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 17254886
0
 

Author Comment

by:CAT27
ID: 17271169
Please close this question.  I resolved this myself by doing a brand new install onto a brand new hard drive.   Thanks for the suggestions.
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 17276550
cat, you must submit a new question in community support asking for a refund (include the url to this thread)
see here for more info->  http://www.experts-exchange.com/help.jsp#hi70
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 17323600
Closed, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now