HELP! Messed up work computer

tres · 6 Apr 2010 at 16:31

Hi all,

Picked up the fake Total XP Security package (i think from lolfbmoments).
On the work computer, which isn't good.
Can't run anti-spyware due to limited rights (ie. not admin)

Did the best I could - removed all mentions of the process from regedit, considering the process was starting up every few minutes.

Removed them all, and no sign of it again.

BUT, i've lost the file association for EXE files!

I opened IE by right clicking on the exe, then "start" rather than Open.

Same for all my exes...

Please do help!

Mikoyan · 6 Apr 2010 at 16:35

that new exe blocking is crazy these things are getting more and more clever..

here you go for fix the reg file works wonders

http://www.malwarehelp.org/ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010.html

edit: just read it again use the reg file it should sort the association.

apatia77 · 6 Apr 2010 at 16:37

If I was you I'd contact IT department and just tell them what has happened (you can always pretend you didn't do this).

I don't get how you can delete anything from registry without administrators privileges.

tres · 6 Apr 2010 at 16:41

Great, thanks very much chief, seems to have sorted it out.

I thought the site in question was quite a busy, popular site.

And as you said, the offending malware is getting very clever.....

Mikoyan · 6 Apr 2010 at 16:42

Glad its all sorted!

tres · 6 Apr 2010 at 16:51

Ah, I didn't notice the new Nod32 we have also has antispyware!

Certainly didn't pick it up though, and it's supposed to be actively monitoring the system.
Doing a scan - it found the malware (a variant of Win32/Kryptik.DMR trojan) in a JPEG file in my temp internet files!