Virus that removes file associations.
Getting muh file associations beck.
This one was a toughy. I came into this call a little late in the game. A call went to my supervisor that involved a virus infecting a machine. Luckily Kaspersky had blocked the virus and removed it accordingly. The issue was the remnants of the virus. The removal had messed with the windows settings as well as the file associations with the machine.
So here is what I did, and I will post a quick tutorial in bold below for the Lazy people out there.
I logged over to the administrator profile on the pc, and used my handy all in one windows repair tool from bleepingcomputer.com. The All in one program features a tool that repairs the windows registry as well as fixes any and all file associations. The problem was it wasn't fixing it on the specific profile I needed to fix. When I attempted to run the program from the user profile affected. So that was quite the issue.
After a few minutes of beating my head against the wall. I wondered if I could go to the profile, close the explorer process and run the executable from the run line on task manager. It wouldn't work. So I tried to run explorer.exe again and that wouldn't work either.
It then hit me like a ton of bricks. Browse to the Administrator desktop and run it from the administrator profile while logged onto the user profile. I ran the fixexec program, and it restored the file associations, I was then able to run explorer.exe again and the programs worked. I threw my hands into the air as if I had made a huge achievement. It was wonderful.
Lazy People who skipped my blog.. here is your tutorial.
The stuff you will need:
BleepingComputer.com's program FixExec.exe (link below)
Copy this to the administrator profile of your machine put it somewhere you can find it again.
- Log on to the user profile
- If you are using fast user switching, hit CTRL-ALT-DEL
- Go to Task Manager
- If you are using the welcome screen right click the task bar and click Task Manager
- Or.. Just go to task manager in your own way.
- Go to processes
- End the Explorer.exe process
- Click file > New Task
- Click Browse
- Browse to where you copied the file to the administrator profile
- Example: C:\Documentsandsettings\Administrator\Desktop\FixExec.exe
- Press Ok and allow it to run.
- Press Yes on the little dialog box
- Your File Associations should be fixed.
I hope this has helped. View my other tutorials on how to correct viruses.
- FixExec Download
FixExec is a program that is designed to fix executable file associations for the .bat, .exe, and .com file extensions. If the program detects any of these associations are missing, changed, or hijacked, the settings will be set back to the original
- FBI Virus Removal for Lazy People
How to remove the FBI Buyware Virus