Posted: 3/5/2010 6:48:58 PM EDT
I got infected by that Anti virus XP 2010. It wouldn't allow me to run any of my programs to get rid of it. So I decided to do a system restore. Well when I got done I can't run any of my programs. When I click on Quickbooks it asks what program would you like to open this file with. I tried going into Windows Explorer and opening the executable file there. Still doesn't work. If I go into control panel and click on Add/Remove programs I get this error: C:\windows\system32\rundll32.exe Application not found. So I put my windows disk in and did a restore. That got me nowhere. Anyone have any ideas on how to fix this, other than going MAC 
On the bright side the Anti virus XP 2010 bug seems to be gone 
Oh my operating system is Windows XP Professional |
|
Quoted:
It sounds like you re-installed windows. When you do that you have to re-install your applications because it created a new registry etc. How does it sound like that? Does Windows XP come stock with broken Quickbook shortcuts and non-functional Control Panel applications? I better not ask that question, I'm sure it has happened. 
|
|
Quoted:
Quoted:
REFORMAT.  Thanks alot 
I have found a couple of fixes on the net that edit the register, but that makes me a bit nervous The registry fixes will either work, or you'll have to re-install Windows either way. Combo fix is a good idea to try, give it a shot. |
|
Quoted:
Quoted:
exe is an executable file, its a program installer or a program itself.. Windows runs it. Exactly, I click on an executable file but it won't run. Yet I got Firefox to run  COMBOFIX. Did you try to run it or are you ignoring everyone? The caps are just so you notice the program name, not me yelling.
|
|
You can fight the malware with malwarebytes etc. But you should know that this crap is pervasive and I would never trust the machine afterwards. What I *might* do is use malwarebytes to clean the infection to safely remove data I want, then reformat rebuild. Nuke it from orbit, it's the only way to ever trust that box again, seriously. |
|
I had to clean up XP Guardian on my Dad's PC yesterday.
It is the same type of malware as what you have. Basically it appends itself in the registry so anytime you launch an executable it will also launch the malware. The process is called av.exe. If you aren't familiar with manually editing the registry, please ask a friend to help you out. Editing the registry can be a bit dangerous. These are similiar to the steps I took, but they may not fix all of your issues. This is a good site with instructions to remove it and clean up the registry. http://www.2-spyware.com/remove-antivirus-xp-2010.html Skip step 6 as they want you to pay for spyware doctor. These are the registry values you want to check out. You can do this by clicking on Start - Run and type regedit. If you get a message saying you can't launch it, do the regexe fix in the link above. Modify these keys to remove "%UserProfile%\Local Settings\Application Data\av.exe" /START. When you're done the value of the Default key should just be "%1" %* (must include the quotes). You don't want to delete them. If you don't have all of these keys, just skip them. HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe" Depending on what you have for Antivirus, these keys below may be correct. If AntiVirus XP 2010 has hijacked your security center (i.e you see it's name listed as your AV or FW app) then delete them. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" You also need to make sure the program has been deleted from your user profile. Click on Start - Run and type CMD and hit Enter At the command prompt, type: CD %UserProfile%\Local Settings\Application Data That should change your directory to the one listed above. %UserProfile% will be listed as your user name Then type attrib. That will list all of the files and directories in that folder and their attributes. If you see something called av.exe listed, you still have the malware. Before you can delete it you have to reset the file attributes. Do that by typing: attrib -h -s av.exe That clears the hidden and system file attributes on the file. You can then type "del av.exe" to delete it (without the quotes). Also look for a funny folder name. It might be called this WRblt8464P or something similar. It depends on the variant. If you just type DIR at the command line you won't see the folder listed, however it will be there when you type attrib. It will most likely also have the hidden and system file attributes set. Clear them by using this command: attrib -h -s <folder name> Then you can delete it. That should take care of it. Depending on how long you've been infected, using System Restore to restore your system to an earlier date does not always clean up the malware. Good luck! ETA - just saw your post about running the exe_fix_xp program - looks like you're good to go. |