1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows XP .exe open with problem

Discussion in 'Windows & Other Software' started by PraxxtorCruel, 19 Apr 2010.

  1. PraxxtorCruel

    Wise Guy

    Joined: 26 Mar 2010

    Posts: 1,937

    Location: London

    Okay yesterday I got done by a lousy trojan, and now any executable I try to run opens the 'open with' dialogue box. I ran malwarebytes anti malware and these are the places that the trojan targetted.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    19/04/2010 10:45:42
    mbam-log-2010-04-19 (10-45-42).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 286432
    Time elapsed: 57 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 9
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{efba1085-7161-3171-9046-08926c1b31dd} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0750a2cc-245a-325d-8f1f-aaf27926c0e3} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{da46c13f-323e-3232-9a60-dd7ba48f3351} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{da46c13f-323e-3232-9a60-dd7ba48f3351} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{da46c13f-323e-3232-9a60-dd7ba48f3351} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da46c13f-323e-3232-9a60-dd7ba48f3351} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Rami Ghessen\My Documents\Downloads\Programs\install_flash_player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iw26947.dll (Trojan.BHO) -> Quarantined and deleted successfully.
     
  2. Paul91

    Gangster

    Joined: 2 Dec 2007

    Posts: 258

    Save this (right click and choose 'Save Target As') and run it. You might need to make the file a '.reg' as opposed to '.txt', depending on the browser.
     
  3. PraxxtorCruel

    Wise Guy

    Joined: 26 Mar 2010

    Posts: 1,937

    Location: London

    Hi, ran that file, it said it was successful. I restarted but still the same problem :(.
     
  4. PraxxtorCruel

    Wise Guy

    Joined: 26 Mar 2010

    Posts: 1,937

    Location: London

    Wow, weird thing is after that patch, it didn't work first when I restarted, but when I tried a few minutes later most of the .exe work again except for IE.