.lnk Virus win 7 x64

Discussion in 'Software' started by Wrenchman, Apr 29, 2015.

  1. Wrenchman

    Wrenchman Private First Class

    Hi folks, I'm really in panic here, barely no programs are working on my win 7 x 64, basically all programs refers to windows media center(VMC), all .exe opens VMC

    Panda anti virus found a virus in JenausCam-Setup-v2-2-1.exe

    but now(after a restart) panda is not working, I can't open the prog. goes to VMC

    To open firefox I need to press win button, write defender, select windows defender, choose tools, click windows defender site, then firefox opens

    office word and libre office are working and also printer.

    but the rest is not, regedit is not working goto VMC

    services.msc - is working (it opens)

    compmgmt.msc - is working (it opens)

    peazip seems to work

    %windir%\system32\msconfig.exe is not working goto VMC

    I hope someone can help.

    Thanks,

    :)

    Wrenchman
     
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I have moved this to software forum. You can always return to malware removal once you are in better shape. :)
     
  3. Wrenchman

    Wrenchman Private First Class

    well ok then, I hope someone in the software forum will be able to help, or any merciful soul on Major Geeks.

    btw. is it possible to return to an earlier state by restarting the os?

    Or I could go to ctrl panel, set default programs, but then I would need precise instruction on how to proceed.

    there seems to be many unknown programs, like :

    .386
    .3xe
    .dat
    .dos
    .dsn
    .ex_
    .lnk

    and many other , I'm not sure if this is normal

    also, I have this tweak.reg lying around, which I am able to execute

    I'm not sure what this .reg script is about, but I'll post it here

    Windows Registry Editor Version 5.00

    ;Created by Vishal Gupta for AskVG.com

    [HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\Copy To]
    @="{C2FBB630-2971-11D1-A18C-00C04FD75D13}"

    [HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\Move To]
    @="{C2FBB631-2971-11D1-A18C-00C04FD75D13}"

    [HKEY_CURRENT_USER\Control Panel\Desktop]
    "AutoEndTasks"="1"
    "HungAppTimeout"="1000"
    "MenuShowDelay"="8"
    "WaitToKillAppTimeout"="2000"
    "LowLevelHooksTimeout"="1000"

    [HKEY_CURRENT_USER\Control Panel\Mouse]
    "MouseHoverTime"="8"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoLowDiskSpaceChecks"=dword:00000001
    "LinkResolveIgnoreLinkInfo"=dword:00000001
    "NoResolveSearch"=dword:00000001
    "NoResolveTrack"=dword:00000001
    "NoInternetOpenWith"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
    "WaitToKillServiceTimeout"="2000"

    maybe someone knows about a script that can return the OS to its nornal state

    There are no option to administrator privileges in the context menu anymore and CMD doesn't open - goto VMC

    Thanks,

    :)

    Wrenchman
     
  4. Wrenchman

    Wrenchman Private First Class

    Sounds good!

    But I can't open regedit as mentioned in an earlier post, can you show me how to make a direct reg script?

    even though noteblock is not working - goto VMC, I can still edit the .reg file and even open a new .txt page

    it says :

    Start Registry Editor (Regedt32.exe) and select the following subkey:

    HKEY_CLASSES_ROOT\.lnk

    and then delete.

    Thanks,

    :)

    Wrenchman
     
  5. _nullptr

    _nullptr Major Geeky Geek Geek

  6. _nullptr

    _nullptr Major Geeky Geek Geek

  7. Wrenchman

    Wrenchman Private First Class

    The Download link has expired!

    The links to our downloads expire after 10 minutes. You will be redirected in three seconds to the proper page to download the program.

    I searched a found it, but its an .exe file, so it opens VMC, I need to change that first somehow.

    Thanks,

    :)

    Wrenchman
     
  8. Wrenchman

    Wrenchman Private First Class

  9. _nullptr

    _nullptr Major Geeky Geek Geek

    Reboot and let us know how things are.
     
  10. Wrenchman

    Wrenchman Private First Class

    still the same, it's not executing .exe

    maybe in safemode?

    Thanks,

    :)

    Wrenchman
     
  11. Wrenchman

    Wrenchman Private First Class

    Guess not, all still the same!
     
  12. Wrenchman

    Wrenchman Private First Class

    Yes, same computer, fixit executed well and good , because it's .msi, now I'll restart and come back.

    Thanks,

    :)

    Wrenchman
     
  13. Wrenchman

    Wrenchman Private First Class

    Didn't work, but I was able to open task Manager using alt ctrl del although VMC opened infront of it when I closed down VMC task Manager was opened, not sure if this can be of any help.

    processes

    csrss.exe(no username, not able to open properties, not able to open file location, no description)
    ehshell.exe(Windows Media Center)
    dwm.exe
    explorer.exe
    firefox.exe
    FlashPlayerPlugin_17_0_0_169.exe(adobe)
    FlashPlayerPlugin_17_0_0_169.exe(adobe)
    gbpsv.exe(G-Buster Browser Defence - Service)
    Monitor.exe
    MSASCui.exe(Windows Defender)
    plugin-container.exe(firefox)
    plugin-container.exe(firefox)
    SmartDefrag.exe
    taskeng.exe
    taskhost.exe
    taskmgr.exe
    winlogon.exe(no username, not able to open properties, not able to open file location, no description)

    Thanks,

    :)

    Wrenchman
     
  14. _nullptr

    _nullptr Major Geeky Geek Geek

    Download SystemLook from http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    To run it, try changing the file extension to:
    • .com
    • .scr
    • .pif
    If you get it to run, paste the content of the following code box into SystemLook's edit window.
    Code:
    :regfind
    ehshell.exe
    Then press 'Look'.
    Once it has finished a log file will be created in the same directory as SystemLook. Attach the log file to your post.
     
  15. Wrenchman

    Wrenchman Private First Class

    SystemLook.com worked cool!!!, wow alot of stuff here!

    Thanks,

    :)

    Wrenchman
     

    Attached Files:

  16. Wrenchman

    Wrenchman Private First Class

    CMD doesn't open because it is an exe file, so I tried to change it to cmd.com but it says : you need permission from TrustedInstaller

    Thanks,

    :)

    Wrenchman
     
  17. _nullptr

    _nullptr Major Geeky Geek Geek

    Save the content of the following codebox as regfix1.reg
    Code:
    Windows Registry Editor Version 5.00
    
    [-HKEY_USERS\S-1-5-21-2964195813-3265511255-2560598874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
    "exefile"=hex(0):
    
    Merge the registry file and if successful log off/on.
    Cross your fingers too :)
     
  18. Wrenchman

    Wrenchman Private First Class

    Wow wow wow, when I restarted the OS, the VMC icons were still allover but after a few sec. it all turned back to normal, so I did another restart just for kicks

    btw I use .bat because I think it's cool!
    shutdown -t 0 -r -f

    this one dosen't work
    shutdown -t 45 -f

    You guys were great I really can't thank you enough!

    Thanks,

    :)

    Wrenchman
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds