XP Home Security 2013 and Registry issue

Say, I think Ive found a bogus removal link:

http://www.bleepingcomputer.com/virus-removal/remove-xp-security-2013

Associated XP Security 2013 Windows Registry Information:

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\
HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\\DefaultIcon "(Default)" = '%1'

How can I recover from this!

Any program I try run has nothing ascociated with it. Can't even run regedit or do  System restore

OS is XP
shaunwinginAsked:
Who is Participating?
 
John HurstConnect With a Mentor Business Consultant (Owner)Commented:
Run online Malwarebytes to see if you can correct this. Try that and let us know.

If you have the XP install DVD, you can back up your system and try the repair function in XP install to see if that helps.

... Thinkpads_User
0
 
shaunwinginConnect With a Mentor Author Commented:
It sais choose a program you want to open this file....
Can one edit the registry from a remote PC? or put drive in another PC and edit registry this way?
0
 
shaunwinginConnect With a Mentor Author Commented:
Then I can restore the settings...
See above instrucitons. They call for removal of important keys!

OOPS, Ignore above link: This is it and these are the keys!!! They are in hindsite important keys!
http://www.2-viruses.com/remove-xp-home-security-2013

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = ''
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
HKEY_CLASSES_ROOT\
HKEY_CURRENT_USER\Software\Classes\ "(Default)" = 'Application'
0
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

 
John HurstBusiness Consultant (Owner)Commented:
Can one edit the registry from a remote PC? or put drive in another PC and edit registry this way?

I haven't seen that. The registry is a very live file.

What you might be able to do is boot from a bootable CD and scan the problem drive.

... Thinkpads_User
0
 
shaunwinginAuthor Commented:
Please reveiw my quesiotn. There must be a simpler solution!
0
 
John HurstBusiness Consultant (Owner)Commented:
I did review your question. On line advertising links ("Let me fix your PC") usually completely screw up the user's computer.

If scanning the drive offline cannot repair it, then the operating system may be completely corrupted.

... Thinkpads_User
0
 
Darr247Connect With a Mentor Commented:
Follow the instructions in this Experts Exchange Article by younghv.

Note that a lot more has happened than what you can currently see, so after you get rid of that malware, backup all your data, then do a full format and reinstall windows (or use the recovery partition or disks that came with your computer).
0
 
shaunwinginAuthor Commented:
pls send link to: Run online Malwarebytes
0
 
Darr247Commented:
Did you try following the steps in that article?
0
 
shaunwinginAuthor Commented:
Solved by Getting into CMD shell and launching programes from there and download malwarebytes
0
All Courses

From novice to tech pro — start learning today.