"xp smart security"
in [Windows Viruses]
|
Prev: Trojan.dropper
Next: Infected XP owners left unpatched
From: MEB on 15 Apr 2010 18:32 On 04/15/2010 03:11 AM, cisz wrote: > We recently got a virus that tries to look like it's from microsoft. It > brings up a window that looks exactly like the "security center" in the > control panel (win xp). It then brings up another window that looks like > it's from microsoft and seems to be a program called "xp smart security". It > acts like it's running a scan and then says you're infected. It doesn't > allow any other programs to run. > > We got this in spite of having a firewall and real time virus protection. > > Fortunately, it only affected our limited access account. > > I was able to get rid of it using a malware scanner, but it disconnected all > the programs from their files and now, whenever I try to run a program in > that account, a window comes up asking which program or file to use to run > the program. > > > http://www.dougknox.com/xp/file_assoc.htm Note 1: it would be better to use exported entries from the particular system IF you have a backup or image. OR you may find the defaults exportable from admin account as you appear to indicate this was a "user" account. Note 2: Any application specific entries beyond the defaults will likely no longer exist, hence they may need reinstalled [depends upon how thorough the hack was]. You MAY have a block of *.reg files, see the link for a "workaround". -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___---
From: cisz on 15 Apr 2010 18:46 "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hq7sok$1sc$1(a)news.eternal-september.org... > "cisz" <cisz.x(a)yahoo.com> wrote: > >>I was able to get rid of it using a malware scanner, but it disconnected >>all >>the programs from their files and now, whenever I try to run a program in >>that account, a window comes up asking which program or file to use to run >>the program. > > Go to the file types tab on your folder options applet and enter a new > filetype called EXE. On the Advanced button associate it with > "Application", > even though it says it's already associated with Application. Save your > work. > Go to your favorite app and it should load now. > The malware problem is happening in a limited user account. I was able to add the EXE filetype and associate it with "Application" in the admin account but for some reason, it doesn't seem to show up when I restart windows explorer. The "Apply" button was greyed-out so I don't know if it got saved.
From: cisz on 15 Apr 2010 18:50 "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hq7sro$1sc$2(a)news.eternal-september.org... > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: > >>rename; mbam-setup.exe to cisz.com >>and then run cisz.com to install Malwarebytes' Anti-Malware. > > This doesn't always work. Some malware tracks some other part of the > program, > maybe the filesize or the internal name or the DLLs being called or > something. > > I did have a problem. The 1st time I ran it, it didn't find anything. I hadn't saved the log file at 1st, thinking I could get it later. But when I tried to open mbam later, I got an error message. So, I reinstalled it and ran it again. This time it found the malware.
From: Andy Medina on 15 Apr 2010 19:25 "cisz" <cisz.x(a)yahoo.com> wrote in message news:hq850n090p(a)news2.newsguy.com... > The malware problem is happening in a limited user account. I was > able to add the EXE filetype and > associate it with "Application" in the admin account but for some > reason, it doesn't seem to > show up when I restart windows explorer. The "Apply" button was > greyed-out so I don't > know if it got saved. Try the following batch file to re-associate files to the XP defaults. You'll need to use "run as administrator" if you run it from the limited user account. http://www.dougknox.com/xp/tips/xp_easy_file.htm "REM Restore Default File Associations for Windows XP. REM Copyright 2003 - Doug Knox REM This BAT file restores the Default associations that XP ships with REM It does not restore associations created by 3rd party applications."
From: "FromTheRafters" erratic on 15 Apr 2010 19:59 "Andy Medina" <gmedina(a)email.arizona.edu> wrote in message news:eYltiLP3KHA.5880(a)TK2MSFTNGP04.phx.gbl... > "cisz" <cisz.x(a)yahoo.com> wrote in message > news:hq850n090p(a)news2.newsguy.com... > >> The malware problem is happening in a limited user account. I was >> able to add the EXE filetype and >> associate it with "Application" in the admin account but for some >> reason, it doesn't seem to >> show up when I restart windows explorer. The "Apply" button was >> greyed-out so I don't >> know if it got saved. > > Try the following batch file to re-associate files to the XP defaults. > You'll need to use "run as administrator" if you run it from the > limited user account. > > http://www.dougknox.com/xp/tips/xp_easy_file.htm > > "REM Restore Default File Associations for Windows XP. > REM Copyright 2003 - Doug Knox > REM This BAT file restores the Default associations that XP ships with > REM It does not restore associations created by 3rd party > applications." Some have recommended this reg file as a more surgical approach. Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Classes\.exe] [-HKEY_CURRENT_USER\Software\Classes\secfile] [-HKEY_CLASSES_ROOT\secfile] [-HKEY_CLASSES_ROOT\.exe\shell\open\command] [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload"
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Trojan.dropper Next: Infected XP owners left unpatched |