XP Not Opening EXE files - requests "Open With"

I have a client and who has been receiving prompts to "Open With" when attempting to open EXE files. I have run a full scan with Malwarebytes, and found a number of viruses, which were all removed. I also downloaded and ran a script which corrected the registry to allow these files to be opened. But the problem recurred. I removed the antivirus that was in place, and installed Kaspersky, which immediately found a rootkit, which it removed after reboot. However the problem has referred yet again.

I wonder what could be the root cause of this, and how to get rid of it once and for all.

Any help would be appreciated.
Thanks
Mark
Mark LitinOwnerAsked:
Who is Participating?
 
MichaelConnect With a Mentor Systems EngineerCommented:
The registry sounds like it's been corrupted. There is a simple fix found here:

http://windowsxp.mvps.org/exefile.htm
0
 
Sean ScissorsConnect With a Mentor Program Analyst IICommented:
If the registry is still being broken then its possible the rootkit isn't completely gone. You used kaspersky you said but did you use their actual rootkit tool the "TDSS killer"?  I would suggest trying that and the .exe being broken is very common but thankfully easy to fix. @KenTankrus's link will work just fine. Just download the .reg file and when it prompts "Are you sure" just say yes and that should fix the .exe issue. However after a reboot if it comes back then clearly its still not fixed. So before rebooting again I suggest running TDSS killer if you haven't already done so and also running CCleaner to remove temp files.

TDSSkiller: http://support.kaspersky.com/viruses/solutions?qid=208280684
CCleaner: http://www.piriform.com/ccleaner
0
 
Thomas Zucker-ScharffConnect With a Mentor Systems AnalystCommented:
As to disabling System Restore, there has been much debate on that here on EE.  I think generally the consensus has been DON'T until you are sure you can reboot into a clean working system.  See these 2 articles on System Restore:

http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_2209-Removing-protected-System-Restore-files-if-they-have-been-infected.html

If you have discovered a rootkit, then TDSSkiller is an excellent tool to run, but you should also run AT LEAST 2 other antirootkit tools.  See my article on rootkits and free antirootkit tools:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Dr. KlahnPrincipal Software EngineerCommented:
Is this occurring on all .EXE files, or only some files?
0
 
optomaConnect With a Mentor Commented:
You can try Exehelper which will scan for some rogues and reset exe for you. If prompted to reboot after running Exehelper, do not, and scan with Hitmanpro.
Post both logs.

http://raktor.net/exeHelper/exeHelper.com
http://www.surfright.nl/en/downloads/
0
 
Mark LitinOwnerAuthor Commented:
Thanks all.

A synthesis of all suggested resulted in the elimination of this pest.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.