Major Invasion ...Now What

I had a Major Invasion of my computer and used Norton to clean it up so that there doesn't appear to be any virus left although, I can only open Firefox and Picasa, that's about it, all other programs I attempt to open show a box which asks me to "choose a program to open this file with" so I need to know two things I think.

 

1.  How can I really tell if my computer is still infected in any way?

 

2.  What do I now need to do so I can start operating my individual programs again.

 

I would appreciate any help anyone can provide realising I am pretty much inexperienced so in simple terms would be best (for me).

 

Thank you

I had a Major Invasion of my computer and used Norton to clean it up so that there doesn't appear to be any virus left although, I can only open Firefox and Picasa, that's about it, all other programs I attempt to open show a box which asks me to "choose a program to open this file with" so I need to know two things I think.

 

1.  How can I really tell if my computer is still infected in any way?

 

2.  What do I now need to do so I can start operating my individual programs again.

 

I would appreciate any help anyone can provide realising I am pretty much inexperienced so in simple terms would be best (for me).

 

Thank you

I saved that file to the Desktop and when I opened it, it opened in Notepad Format, not sure4 that is right, you tell me.

Thank you

What was the infection called, If a FakeAV (Rogue) the name, as different FakeAV Families that change the .exe commands use different registry keys that need to be fixed.

 

One can use the HKLM branch, where the next could use the HKCU branch.

 

Quads

I have no idea what the infection is called, can I find out now

 

Although I have located a recent major intrusion (nmeawcxosr.exe) detected by SONAR

Hi, I just ran the antivirus program and came up with the same problem as Lionheart 500 and I have no idea what you just said to do to fix it. Can you run through that again, but make it understandable to a person who barely knows how to even turn a computer on? Thank you

Guys

 

Go to this webpage http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012, Do step 3 which is to download the registry file etc.

That should fix the HKCU Branch.

 

If that didn't work, download SuperAntispyware Portable http://www.superantispyware.com/portablescanner.html

This is a .com file so gets around the .exe problem. right at the end of a Full Scan it should show in the list of detections the broken .exe commands for the HKLM branch to repair.

 

Then you should be able to run programs after the repair.

 

Quads

Thanks for the help guys I shall do as you have instructed and get back to you when I return home.

 

I amj most appreciative of your help.

OK I tried that but I cannot open the downloaded file as it asks for me to choose a program I want to open the file and I would not know.  Any further advice please.

Try SuperAntispyware Portable

 

Quads

 

Thank you Quads I downloaded Superantispyware Portale and it apparently removed a further 132 items.  However the problem of opening Programs is still there in that each time I attempt to open a program a little box appears asking me choose a programs to open that particular file.  There programs normally would open automatically when you click on them.  I have a feeling  SUBASH PRABU is onto something as I feel it is to do with the exe files.                       

Hi

  

   To make the Programs work properly. Follow these steps carefully.

Open Computer/My Computer -> C:  drive -> Windows -> Regedit -> Right click and select Run as Administrator -> goto HKEY_CLASSES_ROOT\.exe in Registry Editor -> On the Right Hand side do a right click on Default -> Modify -> Under Value Data-> Type in exefile like in the picture below->OK->Now try to open other Programs

 

registry.png

 

 

 

It Workedddddddddd...............Thank you soooooooo much I'm so appreciative

Glad to hear that....:robotvery-happy:

SuperAntispyware Portable on a XP system with the FakeAV family withe the .exe registry change.

 


Trojan.Agent/Gen-RogueAV

C:\DOCUMENTS AND SETTINGS\JOHN\LOCAL SETTINGS\APPLICATION DATA\*.EXE (Random file name) (process running)

C:\DOCUMENTS AND SETTINGS\JOHN\LOCAL SETTINGS\APPLICATION DATA\*.EXE (Random file name)


System.BrokenFileAssociation

HKCR\.exe

HKCR\exefile\shell\open\command

 

Quads