New MSN Messeger Virus Help

Bumping your thread will only make it take longer to get an answer. We work from oldest to newest threads requiring answers. So bumping (while it does move you to the first page) pushes you deeper down the queue relative to time.

D3m3nt3d has not been around today. I'll see if I can help keep you moving until he returns.

See if you can do the following. Goto this website: http://www.dougknox.com/xp/file_assoc.htm

and download and install the below registry patch:

EXE File Association Fix (Restore default association for EXE files)

Now can you run EXE files?

 

Sounds like you lost registry file associations too.

But you were able to open the Zip file you downloaded before so it would seem you can run EXE but only in certain forms.

Let's try three tests:

1) Click Start, Run, and enter regedit then click OK. This should open the registry editor.

2) Click Start, Run, and enter cmd then click OK. This should open a command prompt
window.

3) Press CTRL-ALT-ESC simultaneously. This should open Task Manager.


Just let me know those three tests work.

 

What about steps 2 & 3?

Edit: Sorry! Only question 3!

 

Sorry! I meant use CTRL-SHIFT-ESC for step 3.

 

By the way, what OS are you running and what version (Service Pack level)?

Also, do you have your original bootable CD for the OS?

 

One last thing for the night! Have you tried running EXEs from safe mode boot? Also try my 3 steps from safe mode.

 

Please tell me the SP number.

Also in Task Manager (which you say you can bring up) click File and select New Task (Run...) now click the Browse button. Navigate your way to the c:\windows\system32 folder and look to see if regedit and cmd (fullnames are regedit.exe and cmd.exe) exist.

You did not answer one of my questions:

 

Okay! Regedit.exe is actually supposed to be in c:\windows and the regedt32.exe that you found is correctly located.

Using Task Manager browse to where you found cmd.exe and right click on it with your mouse in the browse window. Then select rename. Try to rename it to cmd.com. If that works, try to run the file now that it is named cmd.com.

Is your original CD for Win XP SP2 or did you upgrade to SP2 afterwards?

 

Okay! You should rename cmd.com back to cmd.exe just to get it back to normal.

I doubt the below is going to work since no EXE or COM files will run, but let's try anyway. If this does not work, you may have to run Windows repair from your original CD, so you better find it. I'm not sure that will work either since you CD version will not match your installed OS version. You may be closed to having to do a reinstall.

Try clicking Start, Run and enter sfc /scannow and click OK. I'll bet it will not work either.

Provide me a list of all processes seen running in Task Manager.

 

If you cannot run EXE programs, how are you getting FireFox.exe to run.

Did you try the sfc command from my previous message?

 

Do you have HijackThis on this PC and will it run?

 

See if you can run regedit and Import the xp_exe_fix.reg patch I had you download in message # 8 (that is assuming you extracted the .reg file from the Zip file you downloaded).

 

You said you could run registry editor so run it and select File, Import. Then locate the xp_exe_fix.reg (if you extracted it, you did not answer that question) and import it into the registry.

 

You mean .lnk not .ink (it's a lower case L for link). You may need to edit them to make sure they point to they correct items.

 

You need to get HijackThis installed properly. You have it here:

C:\Documents and Settings\Chris Tank\Local Settings\Temp\HijackThis.exe

This is not a safe location. You could easily loose backups there and it can only be run by you and no other user account names if located there.

Put it here: c:\Program Files\HJT\HijackThis.exe

 

Run these registry patches too:

LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)

REG File Association Fix (Restore default associations for REG files)

 

Did you merge in those other registry patches?

You have two copies of HJT running:
C:\Documents and Settings\Chris Tank\Local Settings\Temp\HijackThis.exe <--- delete this one
C:\Program Files\HijackThis.exe

 

You AVG antivirus does not seem to be loading properly. I would uninstall it, reboot and then reinstall and update. Make sure you do this before continuing.

Also run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You're welcome. Now that you are clean, make sure you check out the steps in the below:

How to Protect yourself from malware!