Resolved Not able to start any program at start even when fixing the registry

Hello,

I have recently been infected with the 'XP Security 2012' malware. My computer is now clean (confirmed by Broni from malware-virus-removal forum, see http://www.windowsbbs.com/malware-v...rity-2012-leads-exe-problems-each-reboot.html) but the .exe file extension association still disappears at each reboot.
When I run exeHelper.com (to fix the registry), I can run .exe file again normally and it stays ok when I log-off then log-in. But when I shutdown and restart, it is gone.

I have made a comparison of my registry before and after the restart and I see that these keys are gone after the reboot:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
@= "exefile "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
@= "\ "%1\" %* "

I tried to fix the registry in safe-mode and restart in safe-mode but still not working.

The registry stays ok if I logout then login.

There must be a piece of software somewhere deleting these registry entries at shutdown or at start. Does someone have any clue on how to fin out? Should I reinstall my windows?

Thanks, cheers,
Gérard.

 

Hi, only a suggestion, but sfc /scannow or chkdisk?
These would be worth a try before doing a re-install. Neil.

 

Hello,

Thanks for your response. I tried both sfc and chkdsk but no changes.

Any other clue?

Thanks,
Gérard

 

I have already tried that. It works at the moment I execute it but the problem appears again at next boot. My registry is modified back and I don't know how (my computer is malware free according to windows BBS malware forum.)

 

Create a new user & test there. Could be that your user profile is damaged.

 

Hello,

I tried to create a new user and to make a repair install but both were unsuccessfull.

Any other idea? There must some way to know what is modifying my registry, no?

Thanks,
Gérard.

 

Hm. I believe we have reached the end of road & whetever damage has been done by malware/virus is more or less permanent.

Unless somebody else comes up with a solution I believe you are looking at backup/format/reinstall/restore routine.

 

Hello,

I tried the .reg file from http://www.dougknox.com/xp/file_assoc.htm but it only works until next restart.

I have checked the system policy (both registry and mmc), there are no script at logon, logoff, startup nor shutdown.

Any other idea?

Thanks,
Gérard.

 

Hello,

Thanks for all your suggestions.
1) Safe mode : already tried but not working. I also tried to apply the reg fix in safe mode and reboot in safe mode but it is the same.
2) Restore point: unfotunately I have none
3) Reg key permissions : My user is already in teh Administrators group, but I gave him the full control on top of it, executed the fix then restarted and problem remains
4) file & registry permissions to the defaults : I used secedit (since I have XP pro ) and I re-ran the fix but still the same problem

Thanks,
Gérard.

 

Hello,

1. I reran combofix but nothing found.
2. I already tried a repair install.

I can do a clean install but I was very curious to find out how registry keys can disappear that way.

I think I have no other option than leave it as a mystery ;-)

Thanks for your time and your science, best regards,
Gérard.

 

Hello,

I tried fixboot and fixmbr but no luck.

I will not reinstall immediately so if you have anyother idea, I would be glad to try it.

Thanks, cheers,
Gérard.

 

I went trough it. It is pretty much the way I got rid of it at the beginning. Then after a lot of different checks, my computer was declared clean on the malware forum. The only remaining problem is this one.