1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Hi I'm a virus magnet.

Discussion in 'General Software' started by Kantastic, Feb 21, 2010.

  1. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.64/day)
    Thanks Received:
    993
    My dads lappy was infected with some trojans (Avast! was disabled/not working and wouldn't start) so I did what I usually do and yanked the HDD out and blasted the viruses to hell with Kaspersky on my comp, but when I put the HDD back in the laptop and tried to run some apps (like internet explorer/calculator/paint) it kept asking me what program I wanted to use to open the.. program.

    If you guys need pictures let me know, I'm not sure how I can take a pic when paint won't open. :eek:
     
  2. Exeodus

    Exeodus

    Joined:
    Oct 22, 2005
    Messages:
    623 (0.19/day)
    Thanks Received:
    156
    Location:
    A suburb of Chicago, IL
    Did you try to run the application from the directory on the hard drive?
     
  3. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.64/day)
    Thanks Received:
    993
    Just did, wouldn't work.

    PS - What's ssvagent.exe?
     
  4. Exeodus

    Exeodus

    Joined:
    Oct 22, 2005
    Messages:
    623 (0.19/day)
    Thanks Received:
    156
    Location:
    A suburb of Chicago, IL
    It looks like part of a Java update.
     
    Kantastic says thanks.
  5. Exeodus

    Exeodus

    Joined:
    Oct 22, 2005
    Messages:
    623 (0.19/day)
    Thanks Received:
    156
    Location:
    A suburb of Chicago, IL
    Do you have any system restore points you can try? But keep in mind the virus might have placed itself in the restore file so that it puts itself back on when you go to a previous restore point.
     
    Kantastic says thanks.
  6. newmodder New Member

    Joined:
    Sep 9, 2005
    Messages:
    669 (0.20/day)
    Thanks Received:
    7
    Location:
    british columbia
    try windows repair option,and yes that file is part of java update..try uninstalling java and reinstall
     
    Kantastic says thanks.
  7. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.64/day)
    Thanks Received:
    993
    Uninstalling Java didn't do any good, and right now I can't open IE so reinstalling isn't an option. I'll try the recovery but first I need to back up some stuff.

    Edit: Sunnuvagun! System restore gives me the same "Open With" popup. Next up, system recovery!
     
  8. Boyfriend New Member

    Joined:
    Nov 30, 2008
    Messages:
    160 (0.08/day)
    Thanks Received:
    34
    Here are some of the tips to restore the windows to work properly:

    1. Download Virus Effect Remover 3.2.1.26 from MajorGeeks. It is free, use it to restore most of the settings to default/working condition.
    2. Open Control Panel --> Programs --> Default Programs and set your defaults.
    3. There is a program named File Association Fixer. Use to fix association problems.
    4. Restore IE to default in Tools --> Internet Options --> Advanced --> Reset Advance Settings. Also reset security zone to defaults. This will not damage his bookmarks/favourites
    5. Check startup programs. Either use msconfig utility or Autoruns.
    6. Make sure to install good Antivirus and update it regularly (automatic is good option).
    7. Delete all previous restore points. They are useless as virus might have rendered them useless
    8. Symantec has developed UnHookExec to restore registry and some association to typical default. Try it
    9. Need more help. Ask here or PM

    Which version of IE are you using? Update it if you are on IE 6/7. If IE 8, you can reinstall it. BTW, you haven't mentioned his OS :confused:
     
    Last edited: Feb 21, 2010
    Kantastic says thanks.
  9. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.64/day)
    Thanks Received:
    993


    The problem here (after xferring some of the programs you mentioned to the laptop via USB) is that none of them will open. They all give me the "Open With" popup.

    I'm using IE 8.
     
  10. blkhogan

    blkhogan New Member

    Joined:
    Aug 11, 2007
    Messages:
    2,315 (0.89/day)
    Thanks Received:
    648
    Location:
    If I told u.. I'd have to kill u
    Has it identified what viruses you are dealing with. We can help more if we knew what we are dealing with.
     
    Kantastic says thanks.
  11. erocker

    erocker Super Moderator Staff Member

    Joined:
    Jul 19, 2006
    Messages:
    39,651 (13.30/day)
    Thanks Received:
    14,042
    Sound like the virus took out some essential Windows files, explorer files, etc. If System Restore isn't getting it done, you'll probablly need to reinstall the O/S. Save your files.
     
    Kantastic says thanks.
  12. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.64/day)
    Thanks Received:
    993
    No idea what the exact virus is, I just checked Kaspersky's quarantine and got HEUR:Trojan.Script.IFramer.
     
  13. Boyfriend New Member

    Joined:
    Nov 30, 2008
    Messages:
    160 (0.08/day)
    Thanks Received:
    34
    What OS??
     
  14. blkhogan

    blkhogan New Member

    Joined:
    Aug 11, 2007
    Messages:
    2,315 (0.89/day)
    Thanks Received:
    648
    Location:
    If I told u.. I'd have to kill u
  15. Boyfriend New Member

    Joined:
    Nov 30, 2008
    Messages:
    160 (0.08/day)
    Thanks Received:
    34
    Symantec has developed UnHookExec to restore registry and some associations to typical default. Try it. It will restore *.exe files execution.
     
  16. Lazzer408

    Lazzer408

    Joined:
    Jan 6, 2007
    Messages:
    2,535 (0.90/day)
    Thanks Received:
    330
    Location:
    Illinois
    Try this. Paste between the lines into notepad. Save as exe_fix.reg run it merge the key then reboot.

    __________________________________________________

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"
    "IsolatedCommand"="\"%1\" %*"

    ___________________________________________________
     
    blkhogan says thanks.
  17. blkhogan

    blkhogan New Member

    Joined:
    Aug 11, 2007
    Messages:
    2,315 (0.89/day)
    Thanks Received:
    648
    Location:
    If I told u.. I'd have to kill u
    LoL. I was just typing that out. You beat me to it. :toast:
     
  18. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,313 (0.79/day)
    Thanks Received:
    670
    Location:
    Norn Iron
    What OS is the laptop running ??
     
  19. Boyfriend New Member

    Joined:
    Nov 30, 2008
    Messages:
    160 (0.08/day)
    Thanks Received:
    34
    Open notepad and copy following text

    [Version]
    Signature="$Chicago$"

    [DefaultInstall]
    AddReg=UnhookRegKey

    [UnhookRegKey]
    HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

    Save it as "Restore.inf" and right click and select install.
     
  20. blkhogan

    blkhogan New Member

    Joined:
    Aug 11, 2007
    Messages:
    2,315 (0.89/day)
    Thanks Received:
    648
    Location:
    If I told u.. I'd have to kill u
    Ive heard of "unhook", have you actually used it? Does it work?
     
  21. Boyfriend New Member

    Joined:
    Nov 30, 2008
    Messages:
    160 (0.08/day)
    Thanks Received:
    34
    It works very well on systems having severe file association problems. I have used it to restore things back on some clients computers.

    He should at least mention his OS
     
    blkhogan says thanks.
  22. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.64/day)
    Thanks Received:
    993
    Vista Home Premium 32bit

    Working on everything else right now, will post updates when finished.
     
  23. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,313 (0.79/day)
    Thanks Received:
    670
    Location:
    Norn Iron
  24. Kantastic

    Kantastic

    Joined:
    May 12, 2009
    Messages:
    5,156 (2.64/day)
    Thanks Received:
    993
    Failed! =[

    Vista Home Premium 32bit

    Failed! :cry:
     
  25. pantherx12

    pantherx12 New Member

    Joined:
    Jan 2, 2009
    Messages:
    9,714 (4.66/day)
    Thanks Received:
    1,699
    Location:
    ENGLAND-LAND-LAND
    Sounds like when you took the virsues out they took some of the files out with them, damn embed viruses!
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page