File extensions

[ant13375]

Hi all

 

I cannot start any of my programs as all the file extensions are ink. instead of exe. don't know how it happened and i can't change them. I can't even do a system restore which is usually my back-up plan. Any ideas.

 

Ant

[samuria]

They cant all be lnk files there must be some exe files. The lnk files should also work if they link to the exe. The normal way this happens is dragging the file by mistake and it then creates a link. Do you mean all your menu files are lnk?

 

If you want to do system restore open

c:\windows\system32\restore\rstrui.exe or open a cmd prompt ie start/run cmd then type

 

c:\windows\system32\restore\rstrui.exe

[ant13375]

Tried both of the options and all i get is a message saying windows cannot open this file. The thing is i downloaded AVS video converter and now i've read its full of malware. I've tried to download malware bytes but my PC won't let me do it

[snow]

AVS video converter is indeed known malware.

 

Do you run a program called 'Ad-Watch'? I ask because several people on other forums have reported this problem when running Ad-Watch.

 

I would strongly advise you back up any important data you have to an external hard drive, USB pen drive, etc before we try to tackle this problem.

 

Do you either have the recovery CD that came with your computer, or the CD that you created from its recovery partition?

[ant13375]

I think i used to have ad-watch but i believe i removed it some time ago. Right, i've backed up all the important stuff and i've found 2 discs that came with the PC. 1 is the drivers & utilities disc, the other's to do with the colour monitor

[snow]

What make and model of computer do you have?

 

The driver CD just contains the software for your computers particular hardware. It is not a windows recovery disk.

 

Do you have any other disks that came with your computer?

 

A recovery CD will be essential if you have to return your computer to factory settings, and it is always a good idea to have one handy just in case things go wrong.

[ant13375]

Its a Dell dimension 3000 and there is no other disc, windows xp came already on it and i don't think i have a recovery cd

[snow]

Ok. We can try to tackle your malware problem first.

 

Go this link and download the EXE file association fix:

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

And the LNK fix:

http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip

 

Unzip both to your desktop.

 

Press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.EXE and press Enter.

 

Click File, then Import. Locate the .reg file that came inside the EXE fix file, and double-click it. Do the same for the LNK fix file.

 

Can you now run programs normally?

[ant13375]

You are an absolute star, all my programs are now running, i've still got a few issues as all the file names have lnk. after them still and also they have no icons on the quick launch menu but fair play to you, you definately now your stuff

[ant13375]

Its o.k. they're all coming back. Icons are now back

[ant13375]

So, how do i now get rid of the original problem. I've just tried malware bytes but it would not run, any ideas?

[snow]

Great to hear that it helped, for the next step please do the following to clean your computer of malware.

 

If you are unable to complete any of the stages, post back here and we'll try to sort it out.

 

 

Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:
   

    

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark All the Fixed Drives.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

    

   Happy Safe Computing! http://extremetechsupport.com/forum/../images/additional-smilies/thumb.gif

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[ant13375]

i cannot complete step 2 the program installs but will not run

[ant13375]

a program called winifighter is stopping me from using my internet correctly as well

[ant13375]

your link for malware bytes get redirected to a DNS-error - server cannot be found

[snow]

It sounds like there are several things going on here.

 

First you'll need to stop Winifighter, and then get malware-bytes running, as it can remove it.

 

First, boot into safe mode by re-starting and pressing F8 during boot up, until you get the option for 'Safe mode with networking'

 

Once there, press CTRL-ALT-DEL to open Task Manager. Look for the following processes:

WiniFighter.exe, setup2.exe, uninstall.exe, [Random string].exe such as 958z6spy787.exe

 

And kill each of them by right-clicking and selecting 'End Process tree'.

 

Now try to run malware-bytes. If it won't run, then navigate to the malware-bytes folder inside 'Program Files' and re-name the malware-bytes executable, then try it again.

 

 

Try the other steps above as well, to clean as much as you can while in safe mode.

[ant13375]

So, i could not find the processes in the task manager but, i managed to run malware bytes and superantispyware by changing the executable names, i have now completed steps 4 & 5 and it looks like i'm back to normal, i think. I'd like to thank this website and especially snow as i think you guys do a fantastic job. Just for the future, what are the best protection tools to stop this happening again. I currently use commodo.

[snow]

Thanks Ant, you're very welcome ;)

 

 

Please check the following link for FPCH recommended security products:

http://extremetechsupport.com/forum/malware-removal-av-firewalls-etc/3597-free-pc-help-recommended-security-products.html

 

Personally I run Kaspersky internet security, but if you would prefer a free solution then Avira free edition is a very good virus scanner.

 

Comodo has a decent firewall, but I wouldn't rely on its antivirus. A combination of Avira antivirus and comodo (in firewall mode only) is a good line of defence.

 

If you install Avira, then I would boot back into safe mode and give your computer a full scan with it just to be sure.

 

As always, make sure to keep windows updated.