Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Virus that changes program extensions to .lnk?

Posted on 2009-04-08
Medium Priority
Last Modified: 2013-11-16
My computer started having fits last night, first with Lavasoft alerting about changes to registry keys (all of which I blocked).  Then games like solitaire and hearts became unable to open.  When I went to Start/Programs/Games to open them, the icons were gone/replaced, and the file extensions were changed to .lnk.  Then it started to cascade to other programs, so I shut the system down.  I had Norton AV, but the script had just expired yesterday, and I was in the process of renewing it when all this happened.  Norton AV is now also a .lnk extension.  What is happening?  And how do I fix it?  Thanks!
Question by:blueminnow
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4

Expert Comment

ID: 24097330
-Temporarily uninstall Norton.
-Temporarily turn off System Restore (right click "My Computer", click on System Restore tab)
-Download and install AVG Free (free.avg.com)
-Download and install MalwareBytes (get it from www.download.com)
-Download and install Spybot S&D (also from www.download.com)
-Download and Run CCleaner (www.ccleaner.com)
-Go to Start-->Run and type "sfc /scannow" (without quotations)

Report back with what types of infections found.

Author Comment

ID: 24100748
Thank you.  I'll give this a try tonight (it's my home computer).

Author Comment

ID: 24106324
Hi tplaya07,

I downloaded all the apps to a flash drive and took them home, then loaded them onto my laptop.  However, that's basically as far as I could go.  I cannot uninstall NAV, or do anything else, as all of the commands no longer work.  I can see things, like in Control Panel, but cannot access them.  All of my documents are intack, but that's the only good news.  None of the apps would load, no matter which method I tried.  Any other suggestions....or is the goose cooked and we need to take it somewhere?  Thanks for the help.  Kathy
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!


Expert Comment

ID: 24107670
OK.. go to the link below, click on "Win XP Fixes" on the left, click "File Association Fixes", and then download "EXE File Association Fix" and "LNK File Association Fix"


Since you'll probably have to download these from another PC onto your flash drive, you might as well go ahead and download all of them and name them appropriately. They are all very small files.

When you try and open these files from your computer, it may ask what program you want to use to open them with, just browse to C:\windows\regedit.exe

Author Comment

ID: 24109152
Thanks, will give this a go.

Author Comment

ID: 24114805
I managed to get 'exe file association fix' and lnk file association fix' onto the desktop of my laptop.  Unzipped 'LNK...", but could not unzip 'EXE_XP_ fixes'...that one read "no files found".

I ran the sft/scannow, and a Windows File Protection window appeared stating that it was 'verifiyng all protected Windows file are intact and in their original versions."   This got about 20-25% complete when the system shut down.  

I didn't have the opportunity to deal with it further, but will do so tonight.  Some of the desktop icons reappeared and their programs were functioning, so I have great hopes.  Will also install the cleaner.  Will let you know what happens.  Thanks for your help so far.

Accepted Solution

tplaya07 earned 2000 total points
ID: 24117755
Glad things seem to be going in the right direction. You could try downloading and unzipping those files at another computer, putting them on a CD or USB drive, and then loading them on your computer. We'll probably have to get all the file associations fixed before we proceed on to the sfc and other scans.

Author Comment

ID: 24141988
Sorry for the delay....I was home yesterday downloading the updates at 21.6 kbps.  It was like watching hair grow.

I loaded and ran SpyBot, CCleaner, AVG, MalBytes, and "EXE File Association Fix" and "LNK File Association Fix".  I opened the latter 2 files w/ C:/Windows/regedit per your instructions.  Ran all the other programs, and they found a bunch of stuff (see attached logs) which I quarantined/deleted.  Then I ran sfc /scannow.  It finally worked!  I'm assuming that everything is okay with that as it did not give me any kind of message to the contrary.  

Things seem to be running pretty smoothly now (keeping my fingers crossed!).  The only thing I can't seem to fix so far is the right-hand portion of the task bar where the active programs should be.  It used to have a little button where you could expand it to see all the active programs, but no longer.  The only items showing up are the time/date, AVG, SpyBot, and Malbytes, and the HP imaging icon.  Missing is my network connection, my internet connection, and any other programs which I'm running.  I've gone into Control Panel, Start Menu/Task Bar and made changes, but none of these changes take effect.

Any idea on how to fix that?  Other than that, things are working well.  And I thank you so much!

Author Closing Comment

ID: 31567999
Thanks a million!  Who knew all those resources were out there, not to mention that you knew what I was talking about.  Much appreciated!!

Expert Comment

ID: 24148132
Glad to hear things are running better. To verify that your system is clean, can you post a HijackThis log (http://majorgeeks.com/downloadget.php?id=3155&file=10&evp=3304750663b552982a8baee6434cfc13)

As for the Taskbar issue, which area is it that's affected? I believe you're referring to the System Tray circled in green below, but just want to make sure.

Try right-clicking on your Start button, select Properties, click the Taskbar tab, and at the bottom place a check next to "Hide Inactive Icons". This option determines whether to show ALL items/programs running (unchecked box), or only show some of the programs running but place an arrow next to them to be able to expand and show all (box is checked).

As for the Network Connection icon not showing up, you can try going to Start-->Control Panel-->Network Connections, and then right-click on the icon that says "Local Area Connection" (I'm assuming your using a hardwired connection) and click Properties. Place a check next to "Show icon in notification area when connected". This will make the icon appear next to your clock in the System Tray.

I'm not sure what you mean when you say that "my internet connection, and any other programs which I'm running" isn't showing up. Do you mean their not showing up on the TaskBar (red circle) or System Tray (green circle)?

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question