All 'exe' lead to MB

programmer04 · May 26, 2010

My computer was infected (maybe still is?) yesterday and nothing seemed to be working at all. Then I managed to get Malwarebytes to run. It found over 30 items and removed all of them. But when my computer restarted I discovered that everything with an 'exe' extension opens Malwarebytes and not what it's suppose to open. How do I fix this so that I can run the READ & RUN ME FIRST post?

I will attach the mb log as soon as I can find one of my flash drives. But just to let you know, it's a slightly older free version of malwarebytes that hasn't been updated.

Also, I want to warn everyone to please stay away from a website called Y8. This is not the first time an infection has happened to me or someone I know through that site. I scolded my daughter yesterday for going there after being told not to. Y8 is a site designed to attract mainly children with tons of little games, but it is apparently a gateway to computer malware.

TimW · May 26, 2010

Try doing this:

http://www.dougknox.com/xp/file_assoc.htm --> scroll down to the ninth file. Tell me it that works.

programmer04 · May 26, 2010

It didn't work. I guess I should've mentioned I'm running Windows Vista, sorry about that.

programmer04 · May 26, 2010

I believe that I finally got the exe problem fixed. I used a similiar reg file but it was specifically for vista. The only issue with that is all the exe files use the malwarebytes icon, which I'm not sure how to fix.

But all of this is the least of my worries right now, because things have taken a turn for the worse. After using the vista exe file fix and noticing that all the icons were still malwarebyte icons, I decided to restart my computer. After logging in, I discovered that I was still infected. This is one of those viruses that claims to be an antivirus program and claims that every file I attempt to access is infected, therefore I can't do anything. It also eventually gives me the BSOD and restarts the computer.

Also, I can't find the malwarebytes log that showed the infections. I found all of the other logs, but that log is missing. I don't know why.

Any help to get me on track to cleaning my computer would be very much appreciated. I believe that nothing in READ & RUN ME FIRST will work as every program is being blocked by this virus.

TimW · May 27, 2010

Then use a different computer to create this cd and boot to in on the infected machine. Then see if you can run the cleaning scans:

Kaspersky Rescue Disk.

programmer04 · May 30, 2010

I know that it's been a couple of days, but, after over 30 hours of scanning, the Kaspersky Rescue Disk worked. I was finally able to log into Windows and go online with no problems.

I ran all of the scans in the READ & RUN ME FIRST sticky. Four of the scans ran without a problem. RootRepeal had an error that said, "could not find our index block", or something like that. I tried uploading the error log, but it won't let me. I've renamed it several times but it keeps telling me that I've already uploaded it in a previous thread.

Here are four of the logs.

TimW · May 30, 2010

Given the size of your hard drive, I am not too surprised at the length of time it took to complete the scanning.

The only thing I see to remove is this:
c:\users\Administrator\AppData\Local\nsylvwqah

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

All 'exe' lead to MB

programmer04 Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

programmer04 Private First Class

programmer04 Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

programmer04 Private First Class

Attached Files:

SAS.log

mbam.txt

combofix.txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member