Hi I'm a virus magnet.

Kantastic · Feb 21, 2010, 05:31 PM

My dads lappy was infected with some trojans (Avast! was disabled/not working and wouldn't start) so I did what I usually do and yanked the HDD out and blasted the viruses to hell with Kaspersky on my comp, but when I put the HDD back in the laptop and tried to run some apps (like internet explorer/calculator/paint) it kept asking me what program I wanted to use to open the.. program.

If you guys need pictures let me know, I'm not sure how I can take a pic when paint won't open.

Exeodus · Feb 21, 2010, 05:34 PM

Did you try to run the application from the directory on the hard drive?

Kantastic · Feb 21, 2010, 05:35 PM

Quote:

Originally Posted by Exeodus

Did you try to run the application from the directory on the hard drive?

Just did, wouldn't work.

PS - What's ssvagent.exe?

Exeodus · Feb 21, 2010, 05:40 PM

It looks like part of a Java update.

Exeodus · Feb 21, 2010, 05:43 PM

Do you have any system restore points you can try? But keep in mind the virus might have placed itself in the restore file so that it puts itself back on when you go to a previous restore point.

newmodder · Feb 21, 2010, 05:44 PM

try windows repair option,and yes that file is part of java update..try uninstalling java and reinstall

Kantastic · Feb 21, 2010, 05:50 PM

Uninstalling Java didn't do any good, and right now I can't open IE so reinstalling isn't an option. I'll try the recovery but first I need to back up some stuff.

Edit: Sunnuvagun! System restore gives me the same "Open With" popup. Next up, system recovery!

Boyfriend · Feb 21, 2010, 06:00 PM

Here are some of the tips to restore the windows to work properly:

1. Download Virus Effect Remover 3.2.1.26 from MajorGeeks. It is free, use it to restore most of the settings to default/working condition.
2. Open Control Panel --> Programs --> Default Programs and set your defaults.
3. There is a program named File Association Fixer. Use to fix association problems.
4. Restore IE to default in Tools --> Internet Options --> Advanced --> Reset Advance Settings. Also reset security zone to defaults. This will not damage his bookmarks/favourites
5. Check startup programs. Either use msconfig utility or Autoruns.
6. Make sure to install good Antivirus and update it regularly (automatic is good option).
7. Delete all previous restore points. They are useless as virus might have rendered them useless
8. Symantec has developed UnHookExec to restore registry and some association to typical default. Try it
9. Need more help. Ask here or PM

Which version of IE are you using? Update it if you are on IE 6/7. If IE 8, you can reinstall it. BTW, you haven't mentioned his OS

Kantastic · Feb 21, 2010, 06:04 PM

Quote:

Originally Posted by Boyfriend

Here are some of the tips to restore the windows to work properly:

1. Download Virus Effect Remover 3.2.1.26 from MajorGeeks. It is free, use it to restore most of the settings to default/working condition.
2. Open Control Panel --> Programs --> Default Programs and set your defaults.
3. There is a program named File Association Fixer. Use to fix association problems.
4. Restore IE to default in Tools --> Internet Options --> Advanced --> Reset Advance Settings. Also reset security zone to defaults. This will not damage his bookmarks/favourites
5. Check startup programs. Either use msconfig utility or Autoruns.
6. Make sure to install good Antivirus and update it regularly (automatic is good option).
7. Delete all previous restore points. They are useless as virus might have rendered them useless
8. Need more help. Ask here or PM

Which version of IE are you using? Update it if you are on IE 6/7.

The problem here (after xferring some of the programs you mentioned to the laptop via USB) is that none of them will open. They all give me the "Open With" popup.

I'm using IE 8.

blkhogan · Feb 21, 2010, 06:05 PM

Has it identified what viruses you are dealing with. We can help more if we knew what we are dealing with.

erocker · Feb 21, 2010, 06:06 PM

Sound like the virus took out some essential Windows files, explorer files, etc. If System Restore isn't getting it done, you'll probablly need to reinstall the O/S. Save your files.

Kantastic · Feb 21, 2010, 06:07 PM

Quote:

Originally Posted by blkhogan

Has it identified what viruses you are dealing with. We can help more if we knew what we are dealing with.

No idea what the exact virus is, I just checked Kaspersky's quarantine and got HEUR:Trojan.Script.IFramer.

Boyfriend · Feb 21, 2010, 06:08 PM

What OS??

blkhogan · Feb 21, 2010, 06:08 PM

http://malwarecrawler.com/?tag=detected

Boyfriend · Feb 21, 2010, 06:09 PM

Symantec has developed UnHookExec to restore registry and some associations to typical default. Try it. It will restore *.exe files execution.

Lazzer408 · Feb 21, 2010, 06:10 PM

Try this. Paste between the lines into notepad. Save as exe_fix.reg run it merge the key then reboot.

__________________________________________________

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

__________________________________________________ _

blkhogan · Feb 21, 2010, 06:11 PM

Quote:

Originally Posted by Lazzer408

Try this. Paste between the lines into notepad. Save as exe_fix.reg run it merge the key then reboot.

__________________________________________________

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

__________________________________________________ _

LoL. I was just typing that out. You beat me to it.

oily_17 · Feb 21, 2010, 06:11 PM

What OS is the laptop running ??

Boyfriend · Feb 21, 2010, 06:12 PM

Open notepad and copy following text

[Version]
Signature="$Chicago$"

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"reg edit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""% 1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System,DisableRegistryTools,0x00000020,0

Save it as "Restore.inf" and right click and select install.

blkhogan · Feb 21, 2010, 06:13 PM

Quote:

Originally Posted by Boyfriend

Open notepad and copy following text

[Version]
Signature="$Chicago$"

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"reg edit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""% 1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System,DisableRegistryTools,0x00000020,0

Save it as "Restore.inf" and right click and select install.

Ive heard of "unhook", have you actually used it? Does it work?

Boyfriend · Feb 21, 2010, 06:14 PM

It works very well on systems having severe file association problems. I have used it to restore things back on some clients computers.

He should at least mention his OS

Kantastic · Feb 21, 2010, 06:17 PM

Quote:

Originally Posted by Boyfriend

What OS??

Vista Home Premium 32bit

Working on everything else right now, will post updates when finished.

oily_17 · Feb 21, 2010, 06:18 PM

Bookmark this, for some file ext fixes -

http://www.winhelponline.com/article...ows-Vista.html

Kantastic · Feb 21, 2010, 06:20 PM

Quote:

Originally Posted by Lazzer408

Try this. Paste between the lines into notepad. Save as exe_fix.reg run it merge the key then reboot.

__________________________________________________

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

__________________________________________________ _

Failed! =[

Quote:

Originally Posted by oily_17

What OS is the laptop running ??

Vista Home Premium 32bit

Quote:

Originally Posted by Boyfriend

Open notepad and copy following text

[Version]
Signature="$Chicago$"

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""% 1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"reg edit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""% 1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System,DisableRegistryTools,0x00000020,0

Save it as "Restore.inf" and right click and select install.

Failed!

pantherx12 · Feb 21, 2010, 06:20 PM

Sounds like when you took the virsues out they took some of the files out with them, damn embed viruses!

Feb 21, 2010, 05:31 PM	#1
Kantastic Join Date: May 2009 Location: The Big Apple Posts: 4,976 (3.39/day) Thanks: 1,252 Thanked 930 Times in 739 Posts System Specs	Hi I'm a virus magnet. My dads lappy was infected with some trojans (Avast! was disabled/not working and wouldn't start) so I did what I usually do and yanked the HDD out and blasted the viruses to hell with Kaspersky on my comp, but when I put the HDD back in the laptop and tried to run some apps (like internet explorer/calculator/paint) it kept asking me what program I wanted to use to open the.. program. If you guys need pictures let me know, I'm not sure how I can take a pic when paint won't open. __________________ Heatware

System Name:	Silencio
Processor:	Intel Core i3-3225
Motherboard:	Gigabyte GA-Z77N-WIFI
Cooling:	Corsair A70 (Passive)
Memory:	Samsung 8GB MV-3V4G3D/US
Video Card:	MSI GTX 650 1GB + Arctic Cooling Accelero S1 Plus (Passive)
Hard Disk:	OCZ Agility 4 128GB
CRT/LCD Model:	Dell UltraSharp U2312HM
Case:	BitFenix Prodigy (Arctic White)
PSU:	FSP Zen 400 (Fanless)
Software:	OS X 10.8.2 Mountain Lion

Feb 21, 2010, 05:34 PM	#2
Exeodus Join Date: Oct 2005 Location: A suburb of Chicago, IL Posts: 581 (0.21/day) Thanks: 196 Thanked 156 Times in 88 Posts System Specs	Did you try to run the application from the directory on the hard drive? __________________ http://www.fquick.com/exeodus Heatware

System Name:	The W.O.P.R.
Processor:	Core i7 920 D0 @ 4.0GHz 1.24 vcore
Motherboard:	ASUS P6T
Cooling:	Xigmatek S1283 with push\pull fan configuration.
Memory:	6GB Mushkin DDR3 1600MHz 7-8-7-20
Video Card:	2 - ASUS EAH5850 CrossfireX
Hard Disk:	1TB WD Black
Optical Drive:	NEC DVD Burner
CRT/LCD Model:	I-INC 28" 1920x1200 HDMI
Case:	Ultra M998
Sound Card:	Realtek HD
PSU:	Corsair TX750W
Software:	Windows 7 Enterprise 64-bit

System Name:	Silencio
Processor:	Intel Core i3-3225
Motherboard:	Gigabyte GA-Z77N-WIFI
Cooling:	Corsair A70 (Passive)
Memory:	Samsung 8GB MV-3V4G3D/US
Video Card:	MSI GTX 650 1GB + Arctic Cooling Accelero S1 Plus (Passive)
Hard Disk:	OCZ Agility 4 128GB
CRT/LCD Model:	Dell UltraSharp U2312HM
Case:	BitFenix Prodigy (Arctic White)
PSU:	FSP Zen 400 (Fanless)
Software:	OS X 10.8.2 Mountain Lion

Feb 21, 2010, 05:40 PM	#4
Exeodus Join Date: Oct 2005 Location: A suburb of Chicago, IL Posts: 581 (0.21/day) Thanks: 196 Thanked 156 Times in 88 Posts System Specs	It looks like part of a Java update. __________________ http://www.fquick.com/exeodus Heatware

Feb 21, 2010, 05:43 PM	#5
Exeodus Join Date: Oct 2005 Location: A suburb of Chicago, IL Posts: 581 (0.21/day) Thanks: 196 Thanked 156 Times in 88 Posts System Specs	Do you have any system restore points you can try? But keep in mind the virus might have placed itself in the restore file so that it puts itself back on when you go to a previous restore point. __________________ http://www.fquick.com/exeodus Heatware

Feb 21, 2010, 05:44 PM	#6
newmodder Join Date: Sep 2005 Location: british columbia Posts: 606 (0.22/day) Thanks: 2 Thanked 7 Times in 7 Posts System Specs	try windows repair option,and yes that file is part of java update..try uninstalling java and reinstall __________________ phenom 9950 x4 black edition msi ms-7309 BFG GTX 260 Maxcore 2 gb ddr Sony dvd r/rwLogitech x530 spkrs 6.1 160gig sata2/Antec 550 watt psu

System Name:	Gamer
Processor:	amd phenom quad core 9950 black edition
Motherboard:	msi ms-7309
Cooling:	120mm front,120mm rear
Memory:	2gigs ddr2 800
Video Card:	BFG gtx 260 maxcore
Hard Disk:	wd 160gig sata2 hd
Optical Drive:	Sony dvd r/rw
CRT/LCD Model:	LG 20in widescreen
Case:	USP 100
Sound Card:	onboard Logitech x-530 5.1 spkrs
PSU:	Antec Neo 550watt
Software:	windows 7 Ultimate 64 bit

Feb 21, 2010, 05:50 PM	#7
Kantastic Join Date: May 2009 Location: The Big Apple Posts: 4,976 (3.39/day) Thanks: 1,252 Thanked 930 Times in 739 Posts System Specs	Uninstalling Java didn't do any good, and right now I can't open IE so reinstalling isn't an option. I'll try the recovery but first I need to back up some stuff. Edit: Sunnuvagun! System restore gives me the same "Open With" popup. Next up, system recovery! __________________ Heatware

Feb 21, 2010, 06:00 PM	#8
Boyfriend Join Date: Nov 2008 Posts: 128 (0.08/day) Thanks: 33 Thanked 35 Times in 32 Posts System Specs	Here are some of the tips to restore the windows to work properly: 1. Download Virus Effect Remover 3.2.1.26 from MajorGeeks. It is free, use it to restore most of the settings to default/working condition. 2. Open Control Panel --> Programs --> Default Programs and set your defaults. 3. There is a program named File Association Fixer. Use to fix association problems. 4. Restore IE to default in Tools --> Internet Options --> Advanced --> Reset Advance Settings. Also reset security zone to defaults. This will not damage his bookmarks/favourites 5. Check startup programs. Either use msconfig utility or Autoruns. 6. Make sure to install good Antivirus and update it regularly (automatic is good option). 7. Delete all previous restore points. They are useless as virus might have rendered them useless 8. Symantec has developed UnHookExec to restore registry and some association to typical default. Try it 9. Need more help. Ask here or PM Which version of IE are you using? Update it if you are on IE 6/7. If IE 8, you can reinstall it. BTW, you haven't mentioned his OS Last edited by Boyfriend; Feb 21, 2010 at 06:07 PM. Reason: System restore is useless if real virus hits

System Name:	Black Star
Processor:	Core2Duo E7200 @ 2.53 GHz
Motherboard:	Asus P5K-VM (G33)
Cooling:	Cooler Master Hyper N520 + 3 120 mm Fans
Memory:	Corsair CM2X1024-6400C4DHX , 4,4,4,12,2T, 2x1 GB
Video Card:	MSI NX8500GT TD256E
Hard Disk:	WD Caviar Blue 320GB + Maxtor 500 GB
Optical Drive:	LG HL-DT-ST DVD-RAM GSA-H55N
CRT/LCD Model:	ViewSonic VX1940w 19"
Case:	Vento ATX
Sound Card:	Realtek HD (On-Board)
PSU:	Cooler Master Extreme 460 W
Software:	Windows 7 RTM 32-Bit + KIS 2011 CF2 (ab)

Feb 21, 2010, 06:05 PM	#10
blkhogan Join Date: Aug 2007 Location: If I told u.. I'd have to kill u Posts: 1,845 (0.88/day) Thanks: 823 Thanked 648 Times in 446 Posts System Specs	Has it identified what viruses you are dealing with. We can help more if we knew what we are dealing with.

System Name:	Budget Gamer v2
Processor:	Phenom II X4 955BE (3.6GHz)
Motherboard:	Biostar A880G+
Cooling:	Noctua NH-U12P
Memory:	4GB Kingston HyperX 1600
Video Card:	Sapphire 6870 1GB (985/1120)
Hard Disk:	WD VelociRaptor 150GB
CRT/LCD Model:	AOC 2436Vh 24" HDMI
Case:	NZXT H2 Classic
PSU:	Coolmax 700W 80%+
Software:	Windows 7 Ultimate

Feb 21, 2010, 06:06 PM	#11
erocker Senior Moderator Join Date: Jul 2006 Location: Milwaukee, WI. Posts: 31,879 (12.78/day) Thanks: 2,779 Thanked 12,249 Times in 7,804 Posts System Specs	Sound like the virus took out some essential Windows files, explorer files, etc. If System Restore isn't getting it done, you'll probablly need to reinstall the O/S. Save your files.

Processor:	Intel i7 3770K @ 4.6ghz 1.256v
Motherboard:	Asus Maximus V Formula
Cooling:	Water
Memory:	2x4gb Patriot Viper 2133mhz 10-11-10-25 2T 1.55v
Video Card:	Sapphire HD 7970 1125/1575 1.14v
Hard Disk:	Crucial M4 128Gb / Corsair Force 3 120Gb / Samsung 240Gb / 2Tb Seagate
Optical Drive:	None
CRT/LCD Model:	Acheiva Shimian 27" IPS 2560x1440
Case:	Corsair 500R White
Sound Card:	Onboard
PSU:	NZXT Hale90 1Kw
Software:	Windows 8 x64

Feb 21, 2010, 06:08 PM	#13
Boyfriend Join Date: Nov 2008 Posts: 128 (0.08/day) Thanks: 33 Thanked 35 Times in 32 Posts System Specs	What OS??

Feb 21, 2010, 06:09 PM	#15
Boyfriend Join Date: Nov 2008 Posts: 128 (0.08/day) Thanks: 33 Thanked 35 Times in 32 Posts System Specs	Symantec has developed UnHookExec to restore registry and some associations to typical default. Try it. It will restore *.exe files execution.

Feb 21, 2010, 06:10 PM	#16
Lazzer408 Join Date: Jan 2007 Location: Illinois Posts: 2,394 (1.03/day) Thanks: 80 Thanked 320 Times in 242 Posts System Specs	Try this. Paste between the lines into notepad. Save as exe_fix.reg run it merge the key then reboot. __________________________________________________ Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %" "IsolatedCommand"="\"%1\" %" __________________________________________________ _ __________________ Assuming the many universes theory of quantum mechanics is accurate, everything I say will remain relevant in another reality for all of eternity. Heatware - http://www.heatware.com/user_directo...uery=lazzer408

Processor:	i7 2600k@4.6ghz
Motherboard:	MSI z68ma-ed55
Cooling:	Silentx Extreem 120mm
Memory:	2x4gb XMS 7-8-7-20 1600
Video Card:	HD6870
Hard Disk:	2x128gb Kingston Hyper-X (Raid0), 2x750gb RE3 (RAID1), 2x750gb RE3 (RAID1)
Optical Drive:	24x DVDR-DL LG SATA
CRT/LCD Model:	Soyo 24", Gateway 22"
Case:	Fractal Design Arc Mini 6x120mm fans.
Sound Card:	Onboard
PSU:	Zalman 750w
Software:	Windows 7

Feb 21, 2010, 06:11 PM	#18
oily_17 Join Date: Sep 2006 Location: Norn Iron Posts: 2,056 (0.85/day) Thanks: 214 Thanked 679 Times in 516 Posts System Specs	What OS is the laptop running ?? __________________ Join The TPU Folding@home Team

Processor:	Q9550 @3.8
Motherboard:	Asus Maximus Extreme
Cooling:	Custom water cooling
Memory:	4GB Patriot Viper DDR3 1600MHz
Video Card:	2x HD4870 512MB
Hard Disk:	2x 500GB
CRT/LCD Model:	3x LG L226WTQ 22" Widescreen LCD
Case:	Modded TJ07
Sound Card:	On board
PSU:	PC P&C Silencer 750
Software:	Windows 7 Ultimate

Feb 21, 2010, 06:12 PM	#19
Boyfriend Join Date: Nov 2008 Posts: 128 (0.08/day) Thanks: 33 Thanked 35 Times in 32 Posts System Specs	Open notepad and copy following text [Version] Signature="$Chicago$" [DefaultInstall] AddReg=UnhookRegKey [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,"""% 1"" %" HKLM, Software\CLASSES\comfile\shell\open\command,,,"""% 1"" %" HKLM, Software\CLASSES\exefile\shell\open\command,,,"""% 1"" %" HKLM, Software\CLASSES\piffile\shell\open\command,,,"""% 1"" %" HKLM, Software\CLASSES\regfile\shell\open\command,,,"reg edit.exe ""%1""" HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""% 1"" %*" HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System,DisableRegistryTools,0x00000020,0 Save it as "Restore.inf" and right click and select install.

Feb 21, 2010, 06:14 PM	#21
Boyfriend Join Date: Nov 2008 Posts: 128 (0.08/day) Thanks: 33 Thanked 35 Times in 32 Posts System Specs	It works very well on systems having severe file association problems. I have used it to restore things back on some clients computers. He should at least mention his OS

Feb 21, 2010, 06:18 PM	#23
oily_17 Join Date: Sep 2006 Location: Norn Iron Posts: 2,056 (0.85/day) Thanks: 214 Thanked 679 Times in 516 Posts System Specs	Bookmark this, for some file ext fixes - http://www.winhelponline.com/article...ows-Vista.html __________________ Join The TPU Folding@home Team

Feb 21, 2010, 06:20 PM	#25
pantherx12 Eligible for custom title Join Date: Jan 2009 Location: ENGLAND-LAND-LAND Posts: 8,443 (5.29/day) Thanks: 1,188 Thanked 1,705 Times in 1,375 Posts System Specs	Sounds like when you took the virsues out they took some of the files out with them, damn embed viruses! __________________ http://www.heatware.com/eval.php?id=68840

System Name:	Panther's PC
Processor:	FX8120 4.5 ghz + 0.125 volts over stock
Motherboard:	Gigabyte 990fxa ud3
Cooling:	Ek Supreme, Coolingking Tripple Thick Copper Radiator
Memory:	Hyperx 4x2gb 1600mhz
Video Card:	460 768mb : [
Hard Disk:	WD blue 500gb
CRT/LCD Model:	AOC HD
Case:	Mountain Mods U2-UFO
Sound Card:	Audigy z2
PSU:	Powercool 750w modular PSU ( GAMBLING YAY!)
Software:	Windows SEVEN
Benchmarks:	Pffft benchmarking for me is for the lulz only!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Virus - Please solve me how to deal with this virus	freebird_9924	General Software	72	Dec 3, 2009 03:03 AM
Dust magnet?	NONYA	General Hardware	7	Feb 5, 2008 03:50 AM
virus replace wallpaper with fake virus protection advertisement	HiddenStupid	General Software	2	Dec 23, 2007 09:00 PM
New Magnet Keyboard Concept Floats Keys	Easy Rhino	News	8	Jul 28, 2007 11:14 PM