Registry damaged

My friend does downloads and got that idiotic ransom Trojan Antivirus 7 which apparently has been upgraded to damaging. Before, it was easy to clean using the removal procedure from MG. Unfortunately, as soon as I ran Malwarebytes the unit started not recognizing anything I was trying to do.

Every program I try to open, including system restoreand regedit, asks what program I want to associate the file with. The link that says to find an associated program on the web takes me to the Windows site which says the registry is likely damaged.

I have tried booting using the last known good boot record and there is no change.

Any thoughts?

 

I've seen this problem a few times with malware. You best bet is to follow the Read & Run me to the best of your ability and then post your logs/problems in a new thread in the malware forum. Unless, you can't run anything, then I would make a post stating what you've tried and the problems you are having. They would be better equipped to help.

 

I had to rename regedit.exe to regedit.com to get it to work at all.

The help file at MS stated that it might be a certain virus which renames a file in the registry but I followed the steps and there was no file there to change so that was not it.

I have wiped this virus from several computers that young people have downloaded music from various websites like itunes; but I have never had it damage the registry before. And yes you can say "You damned fool" when I say that I failed to back up the registry before starting. Won't happen again.

I had worked on this unit prior when they first bought it used and the thing was crawling with malware, viruses, and trojans. I got everything off of it and it has worked fine for nearly a year -- until last night. That's when the daughter got this virus.

I cannot get Malwarebytes to run. When I try it asks what program is the one that is to run it. I tried to reinstall MB but it wants to know what program will run the .exe file to install it.

When I started I had to use Ultimate Boot Disk to get to safe mode. I could not get to safe mode on a normal boot.

When I try to run User Accounts, or anything from the Control Panel, it gives me the message:

C:\WINDOWS\system32\rundll.exe
Application not found

The VAIO Recovery does not work either.

I did make, and gave to the owner, a set of recovery disks the last time I had this thing. Hopefully, she can find them so I can at least try a recovery.

My next attempt will be to try renaming CCleaner.exe and Mbab.exe to .com to see if they will install.

 

Re: Registry damaged SOLVED

I was able to rename the file for MB and run it. It said there ware three registry files called:

Registry values infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (hijack.exeFile) Quarantined and deleted
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) Quarantined and deleted

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (hijacked.exeFile) -> Bad: (secfile) Good: exefile -> 04-21-Quarantined and deleted

Everything seems to be working now that those three files were removed. Note that the VERY first thing I did was to back up the registry.

Hopefully, all problems solved. Thanks for the help.