asked on

Need help with a virus

Looks like it is relitively new but maybe a remake of the w32.blaster After being infected nothing will run. Every time you double click on a exe or com you get the "open with" dialog. The strange part is that it only messes up the current profile. If you log in as a different user everything appears fine.

There has to be a way to fix the profile that got damaged. I just haven't found it. As mentioned I have only come across this virus twice in the last two week so it has to be more or less a new on. Any idea how to fix the specfic profile that got damaged?

askurat1

Try running what I attached then try running a program.
WinXP-EXE-Fix.reg

Sudeep Sharma

You could check all the file association fix from the below URL inclusing EXE fix:

http://www.dougknox.com/xp/file_assoc.htm

Sudeep

jimbecher

ASKER

I have tried the registry fixes but s mentioned above all the registry fixes and file associations are per computer not per profile. The problem child is the user that was logged in when the visus hit. If I log in as a different user everything works fine.

ASKER CERTIFIED SOLUTION

askurat1

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

younghv

That same "Open With" problem was solved in this EE question:
https://www.experts-exchange.com/questions/26972080/Rogue-virus-breaking-file-extensions-for-exe.html

younghv

@jimbecher,
The comment you selected as a "Solution" is only the first of several steps needed to repair your system.

You really should run additional scans to make sure your system is clean.

jimbecher

ASKER

The other "steps" weren't a problem. Combofix, Malwarebytes, tdskiller, etc. The computer was "clean" in the first hour. Getting exe and com files to run again was the killer :)