I usually just restore the system to an earlier point in time, before the problems occured. I'm not a computer guru, that's all I got, my 2¢.

Tried, didnt help.

Is it the one that says it's internet security 2011 or something like that? If you can't do a system restore your pretty much stuck with a complete reinstall of everything. However, if it's because system restore won't run, that may be because you need to run it as administrator (it hoses the linkages to almost every run command in the registry). I use spybot search and destroy for that reason, as right after install it makes a complete registry backup that can be used to recover from something like this. Typically you need to restore to a point in time from before the infection, but that won't always work, cause these things are smart, and will sometimes actually wipe the system restore images off the drives. When my old laptop got zapped recently (my grandson was using it) the only option I ended up with was to wipe it and reinstall. I was able to completely remove the virus and all, but the registry was so badly damaged as to make the OS virtually unrepairable without having a backup of the registry and I had not installed spybot on that computer (had not been using it for like 9 months and had just pulled it out and updated the AV software for the grandson to surf the web with it. It's got everything on it now. And his logon besides is a limited user, if he can't do something with that type of logon I don't want him doing it anyways . If something needs installed I'll logon and install it, and then he can log back on and use it.

But unless the images used by system restore have been wiped, it should be able to turn back the registry clock to before the infection, and that is where all the file associations and such are stored.

Download malwarebytes on a clean pc to a flash drive or cd or w/e.boot the infected pc into safe mode by pressing the F8 key on start up.
put the cd or flash drive in.Install it if it will not let you install right click hit run as admin.If it does not let you do that again from a clean pc download.TDSSkiller run it do not have to install it.Retry to install malwarebytes once you get malwarebytes installed run a full scan.

step 2

get ccleaner from a clean pc
install and run it(run junk files and then registery) run this 2-3 times

then run malwarebytes again it that doesn't fix your file assiation

after you get rid of it download avg and set it to run scheduled scans.

If you can't get something to run right click run as admin if that don't work safe mode.

ps get that TDSSkiller first didn't feel like retyping

once you run that should free you up

hope that help but i know what your talking about and thats what worked to remove it.

I had to hire somebody to come and fix mine last month. Malwarebytes. I now run that and AVG free version. I'm rockin' again!

Hey Nate,

I just did a search for "RESTORE file associations in Winxp", I hope this is the OS you're using??

I found this site, which has a BATch file that can be run to restore all of the DEFAULT windows file associations.

http://www.dougknox.com/xp/tips/xp_easy_file.htm

However, it says it will NOT repair a Damaged association, only correct associations that have been set to the wrong program...I guess??

I found another site that actually has REG files in ZIP form that you can download and IMPORT into the registry to FIX the actual associations!

The same fellow with the BATch file also posted the list of registry import files!

http://www.dougknox.com/xp/file_assoc.htm

Hope these help and speed the fix for you vs. a total install?

T.C.

Well, I seem to have most things working again I had already done most of the suggestions except that ccleaner thing, I will give that a try.

If you get everything working, I strongly suggest spybot search and destroy on all computers. It not only is good at stopping stuff like this, but can also fix a lot of it as well as long as you make sure to do a registry backup after you do the install.

The doug knox site was one of the sites that I was using earlier and was helpful for some things.

I had been using spybot S&D but I was finding that it didnt find some things. I use multiple programs and other programs would find some things that spybot didnt.

Spybot is more of an active tool to just keep in the background on a healthy computer. It catches things and prevents them from installing unless you allow them. Not really a good clean-up tool. Malwarebytes is my favorite cleanup tool, and I also run AVG Free on my PCs, with Spybot at the same time.

That was my point. spybot is more of a preventative tool than a cleanup tool, although it can help recover because of the registry backup it makes for exactly that reason. It also knows how to harden all the popular browsers against the common attacks, and being open source is constantly being improved as long as you keep it up to date. I have found that I don't/didn't care for AVG but run/ran Avast free, but recently switch to MS Security Essentials. It's actually pretty good, right up there with the others, and as part of a defense in depth (spybot, windows defender, MSSE etc) works well. One thing I like is that it keeps itself up to date quietly unlike avast which likes to announce the fact, although I know you can shut it up too but it's not the default.

I forgot about the problems...

I used to have keeping all the AV stuff up to date and system running clean - one of the nice side effects of slowly migrating to Macs (I got rid of all but my work PC) was this extra headache being gone.

I resisted for so long being a Windows guy since the beginning - now I belong to the cult...

Of course its only a matter of time before they swing my way - so I better check into it...


I also seem to remember making fun of my Yamaha owning buddy in the past - now who is laughing...

John

John, this same piece of malware is making the rounds on Mac OS as well. Just be careful where you put your clicker, if ya know what I mean.

Hey Cy,

Spybot S&D does have the TEA Timer function....IF you elect to install it, but it does put a decent load on resources. But it is supposed to protect against unauthorized changes to the registry, but I've seen some bugs actually turn off and delete S&D as well as AV programs!

Also, I've skipped the Registry backup step, guess I should go back and run it and backup a copy just in case! And yes, you have to manually update it, and manually run the IMMUNIZE function to provide protection for the browsers. My AVAST has been doing a good job of protecting me, blocking access to and cutting off connections to malicious sites!
T.C.