Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

XP Not Opening EXE files - requests "Open With"

Posted on 2011-03-15
7
791 Views
Last Modified: 2013-11-22
I have a client and who has been receiving prompts to "Open With" when attempting to open EXE files. I have run a full scan with Malwarebytes, and found a number of viruses, which were all removed. I also downloaded and ran a script which corrected the registry to allow these files to be opened. But the problem recurred. I removed the antivirus that was in place, and installed Kaspersky, which immediately found a rootkit, which it removed after reboot. However the problem has referred yet again.

I wonder what could be the root cause of this, and how to get rid of it once and for all.

Any help would be appreciated.
Thanks
Mark
0
Comment
Question by:mlitin
7 Comments
 
LVL 3

Accepted Solution

by:
KenTankrus earned 125 total points
ID: 35140514
The registry sounds like it's been corrupted. There is a simple fix found here:

http://windowsxp.mvps.org/exefile.htm
0
 
LVL 8

Assisted Solution

by:Sean Scissors
Sean Scissors earned 125 total points
ID: 35140564
If the registry is still being broken then its possible the rootkit isn't completely gone. You used kaspersky you said but did you use their actual rootkit tool the "TDSS killer"?  I would suggest trying that and the .exe being broken is very common but thankfully easy to fix. @KenTankrus's link will work just fine. Just download the .reg file and when it prompts "Are you sure" just say yes and that should fix the .exe issue. However after a reboot if it comes back then clearly its still not fixed. So before rebooting again I suggest running TDSS killer if you haven't already done so and also running CCleaner to remove temp files.

TDSSkiller: http://support.kaspersky.com/viruses/solutions?qid=208280684
CCleaner: http://www.piriform.com/ccleaner
0
 
LVL 27

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 125 total points
ID: 35140907
As to disabling System Restore, there has been much debate on that here on EE.  I think generally the consensus has been DON'T until you are sure you can reboot into a clean working system.  See these 2 articles on System Restore:

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_2209-Removing-protected-System-Restore-files-if-they-have-been-infected.html

If you have discovered a rootkit, then TDSSkiller is an excellent tool to run, but you should also run AT LEAST 2 other antirootkit tools.  See my article on rootkits and free antirootkit tools:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 26

Expert Comment

by:Dr. Klahn
ID: 35141243
Is this occurring on all .EXE files, or only some files?
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 125 total points
ID: 35141504
You can try Exehelper which will scan for some rogues and reset exe for you. If prompted to reboot after running Exehelper, do not, and scan with Hitmanpro.
Post both logs.

http://raktor.net/exeHelper/exeHelper.com
http://www.surfright.nl/en/downloads/
0
 

Author Closing Comment

by:mlitin
ID: 35178035
Thanks all.

A synthesis of all suggested resulted in the elimination of this pest.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cheap SSL Certificates 3 128
Is the 2017 Annual Visitor Survey on Chrome a Virus? 11 333
is this a virus? 3 57
Ransomware protection - Event Sentry and  File auditing 2 29
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question