We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

laptop gone a bit weird

Options
ali-t
ali-t Posts: 3,815 Forumite
I had a message come up when I was online the other night saying that there was an update and it was an exe (?) file. I pressed cancel as it wasn't something I recognised as having appeared before (laptop is a couple of years old and no new software installed). A message then came up from AVG saying a trojan alert and that the threat had been quarantined and removed.

I didn't think much of it and thought it must have been linked to the popup about the exe file update but now things aren't working properly. I don't have lots of programmes that I did have including Java and the santander rapport programme. When I try to log on to the internet a box pops up asking me what programme I want to open it with. I searched through the programmes and got firefox but it then opens to a blank page and asks where I want to save the exe file to. I have pressed cancel each time and the internet works fine but how do I get it back to normal?
If you always do what you have always done, you will always get what you always got!
«1

Comments

  • closed
    closed Posts: 10,886 Forumite
    copy this to the machine

    http://download.bleepingcomputer.com/reg/antivirus-vista-2010/FixExe.reg

    double click on it

    then install malwarebytes, update it, do a full scan, fix anything found before closing
    !!
    > . !!!! ----> .
  • ali-t
    ali-t Posts: 3,815 Forumite
    Thanks closed, sorry for the delay in replying. Yesterday was the first time I had the time to follow your instructions and it worked - yeeha! It was a broken open command that showed up as being the problem and now appears to be fixed. Thanks again.
    If you always do what you have always done, you will always get what you always got!
  • closed
    closed Posts: 10,886 Forumite
    did you do a malwarebytes full scan too?
    !!
    > . !!!! ----> .
  • ali-t
    ali-t Posts: 3,815 Forumite
    I couldn't do any updates or the malware as I kept getting an error message and when I looked online at what the error message meant I couldn't do the instructions as my computer would not let me in the internet settings bit of the control panel.



    Malwarebytes' Anti-Malware 1.40
    Database version: 2578
    Windows 6.0.6000

    03/07/2011 17:02:02
    mbam-log-2011-07-03 (17-02-02).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 165721
    Time elapsed: 1 hour(s), 27 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\ali\AppData\Local\cru.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    If you always do what you have always done, you will always get what you always got!
  • closed
    closed Posts: 10,886 Forumite
    are you still unable to do updates and unable to see IE connection settings?


    post a hijackthis log
    !!
    > . !!!! ----> .
  • stilltheone
    stilltheone Posts: 2,131 Forumite
    ali-t wrote: »
    I couldn't do any updates or the malware as I kept getting an error message and when I looked online at what the error message meant I couldn't do the instructions as my computer would not let me in the internet settings bit of the control panel.



    Malwarebytes' Anti-Malware 1.40
    Database version: 2578
    Windows 6.0.6000

    03/07/2011 17:02:02
    mbam-log-2011-07-03 (17-02-02).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 165721
    Time elapsed: 1 hour(s), 27 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\ali\AppData\Local\cru.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Malwarebytes' Anti-Malware 1.40
    Database version: 2578
    03/07/2011 17:02:02
    mbam-log-2011-07-03 (17-02-02).txt


    What's this? Too old. :)

    Download and install this version

    If you are downloading on to a USB drive and transferring the infected computer, download the Rules too.
  • ali-t
    ali-t Posts: 3,815 Forumite
    Stilltheone, the website is down for maintenance. Is there anywhere else I could get it?

    Closed, I have no idea what a highjackthis log is and googling didn't help me out with any links to get it.

    I can now get into the internet settings on the control panel and have followed instructions I found that should allow me to get the updates but it is still not working. The instructions were:

    Go to control panel > internet options. Click on the "connections" tab, then the "LAN settings" button. Uncheck "use a proxy server" and check "automatically detect settings." Then click ok/apply and exit out of there. Malwarebytes should update now without giving you the error.

    Sorry if I am coming across as a bit thick but I am not very savvy with this kind of thing.
    If you always do what you have always done, you will always get what you always got!
  • stilltheone
    stilltheone Posts: 2,131 Forumite
    Sorry. Use these links instead: Malwarebytes AntiMalware

    Rules

    Just updated them at 11.45am. So download again if you downloaded before.
  • closed
    closed Posts: 10,886 Forumite
    http://www.trendmicro.com/ftp/products/hijackthis/beta/HijackThis.exe

    if you look around the techie section, you will find lots of hijackthis logs, along with instructions
    !!
    > . !!!! ----> .
  • ali-t
    ali-t Posts: 3,815 Forumite
    Sorry. Use these links instead: Malwarebytes AntiMalware

    Rules

    Just updated them at 11.45am. So download again if you downloaded before.

    Is there a way to get this free? I don't ask for much do I?

    Even using the FAQs I can't work out how to use that site. When I click the download it prompts me to pick a file but there is nothing to pick. do they appear when you pay?
    If you always do what you have always done, you will always get what you always got!
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.