Trojan-BNK.Win32.Keylogger.gen removal

lesley2004

I have just used malawarebytes to remove "Trojan-K.Win32.Keylogger.gen"
which it seemed to do successfully.

However on rebooting the computer every file (.exe program) that i try to open, asks me to select the program from the list or use the internet to search for the the extension!!

I think when i removed the trojan, that it did something with the registry so im guessing that could be the problem.

I havnt done anything else because I know ill proberbly mess things up!

Can anyone advise??

debitcardmayhem

lesley2004 wrote: »

I have just used malawarebytes to remove "Trojan-K.Win32.Keylogger.gen"
which it seemed to do successfully.

Can anyone advise??

Post the malwarebytes log would help + a HijackThis log too..

lesley2004

Thanks so far I have merged http://www.users.on.net/~russ/exe_fix_w7.reg

But that has not worked.


The malaware log appears to be missing I cannot locate it

System restore is turned off and I cant get it back on

The shift and right click has allowed me to run AVG but it wont let me open malawarebytes an error comes up

I will have to call it a night for now otherwise I will never get up for work!!. Tomorrow I will download hijack this and post a log

Thanks so much for your help so far I will not get back to this until tomorrow night now.

lesley2004

Hijack this downloads but will not run-comes up with runtime error 481.

Definatley off to bed now hope you will be able to help tomorrow

Thanks

lesley2004

Hi again

Still having problems. IE works. AVG opens but wont run.

downloaded malawarebytes/hijackthis/surfright/combofix without difficulty but cannot open comes up with runtime error/error launching installer.

Think I may just return to factory settings and as it is just a netbook I could save any pics etc as I am able to access them. However not sure how to do system restore on windows 7

Any advice would be appreciated

Lesley

lesley2004

I tried shift and rt click which opened avg but it would not work
I did not know how to rename files
Did not understanf the bit about system restore?

Is it easy to do the above?

lesley2004

ok i think you are right

Many thanks for your help.

Bogtrotter

The runtime error 481 seems to be generally associated with invalid image files???

I'm assuming you cannot run regedit.exe by clicking Start and typing regedit into search and selecting regedit from the search result.

However try start regedit by

Press Ctrl-Alt-Delete and start Task Manager
Hold in Ctrl and select "New Task (Run)" from the file menu... this should bring up a black window with white text commandline.
Type regedit into the commandline and press enter

Does that work?

lesley2004

Yes that does work..............but what I am I supposed to do now?

Bogtrotter

Ok if you can run regedit by the second method but not the first it suggests the association for the .exe is broken.

Viruses or malware can alter the registry to automatically run the virus program each time you execute any program.

First start regedit and backup registry.

Then in regedit navigate to HKEY_CLASSES_ROOT\exefile\shell\open\command (this is the key commonly altered) the default key should be "%1" %* anything else remove or alter.

Reboot and check if you can run programs now.

lesley2004

not wanting to sound too stupid how do i back up registry?

when navigating to
H-KEY-CLASSES_ROOT\exefile\shell\open\command

when i open shell there are 2 files

one is called open with a default key that has no data set but there is no command key

the other is runas which when I open reveals command
then there is default key which is "%1" %*
and isolated.com key which also says "%1" %*

Does that sound right?