Saturday, February 18, 2012

Trouble with the Windows Anti-Virus 2011 virus...?

This is atrocious. I was doing my usual thing (checking email, looking at some yahoo articles) when all of a sudden a big window popped up saying "Windows Anti-Virus 2011 has found a virus blah blah blah." If I had thought about this for a second, I would have realized it was fake, considering I'm running Vista and it looked like an XP window. At any rate, I clicked the box like an idiot and that's when all hell broke loose. Every time I tried to get online to find the right software to beat the virus, my Spyware Terminator would tell me that something by YXU.exe was trying to break through. I used alt f4 to close all the virus boxes and rebooted in Safe Mode. Once I did that, I caught the virus in the act and opened task manager. Sure enough, yxu.exe was running, so I looked to see where it was coming from and used the command prompt to follow it's path. However, it wasn't found anywhere. I tried searching for hidden files, searching by the virus' other known names, but nothing worked. Finally I just went in to C:\Users\Domino\App Data\Local, and of course there were LOTS of folders. There was nothing suspicious though. Finally I opened my temp folder. It was the only one with anything close to the virus in appearance, so I decided that I had hit rock bottom anyway (I'd been working on it for 2 hours) and I deleted the whole folder. I deleted a few apparently empty folders as well and hoped for the best. I thought I must've hit it, because once I deleted that, all the pop ups disappeared. I cautiously took it out of safe mode and tried starting it up. Everything worked, except for one thing - Nothing would run. I tried opening Firefox and all it said was "what program would you like to use to open this file?" I tried IE and it said the same thing. I decided to run it as admin, and that worked, but I was still running into trouble. I wanted to run Ad-Aware, just to be on the safe side, and it wouldn't be a part of it at all. I tried HijackThis and it just kept trying to make me open it with another program. What have I done that everything's acting this way? Is this a side effect of the virus? How do I fix this?Trouble with the Windows Anti-Virus 2011 virus...?
u may have deleted the actual virus file but its effects remain
the registry has been hosed so the computer does not know what to do with an exe file extension
copy and paste this into a txt file - change the extension to REG and run it. it will fix that association.
=======================

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandl鈥?br>@="{098f2470-bae0-11cd-b579-08002b30bfe鈥?br>
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Compan鈥?br>"InfoTip"="prop:FileDescription;Company鈥?br>
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\c鈥?br>@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\鈥?br>@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\Drop鈥?br>@="{86C86720-42A0-1069-A2E8-08002B30309鈥?br>
[HKEY_CLASSES_ROOT\exefile\shellex\Prop鈥?br>
[HKEY_CLASSES_ROOT\exefile\shellex\Prop鈥?br>@="{09A63660-16F9-11d0-B1DF-004F56001CA鈥?br>
[HKEY_CLASSES_ROOT\exefile\shellex\Prop鈥?br>@="{86F19A00-42A0-1069-A2E9-08002B30309鈥?br>
[HKEY_CLASSES_ROOT\exefile\shellex\Prop鈥?Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF鈥?br>

======================
that is for XP but will probably work on other OS.

you will also need to fix the IE internet options connection by unchecking the use proxy box and checking the automatic DNS box.Trouble with the Windows Anti-Virus 2011 virus...?
It looks like the fake antivirus has broken your .exe extension for your computer, you will have to do a registry hack to get it working again. This requires either using regedit or by download an .exe extension fix off a Google search. Good Luck!

No comments:

Post a Comment