Can't run msconfig.exe

Hi,

Methods to restore .exe functionality AFTER removing the malware.

1. Make a Restore Point so you can revert back if needed though not likely required.

How to Create a System Restore Point in Vista
http://www.vistax64.com/tutorials/76332-system-restore-point-create.html

How to Do a System Restore in Vista
http://www.vistax64.com/tutorials/76905-system-restore-how.html

2 . Copy BETWEEN these lines and paste into Notepad - Save as exefileFix.reg  -  then Right
Click on it and MERGE - REBOOT

DO NOT COPY LINES
-----------------------------------------------------------------


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.EXE]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
  00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
  32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
  00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]

--------------------------------------------------------------
DO NOT COPY LINES

If needed :

Check the EXE file fix here
http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html

Also check this one if it applies
http://www.winhelponline.com/articles/165/1/Restore-the-exe-file-association-in-Windows-Vista-after-incorrectly-associating-it-with-another-application.html

How to Set Default Associations For a Program in Vista
http://www.vistax64.com/tutorials/83196-default-programs-program-default-associations.html

Hope this helps.

---

Rob - Bicycle - Mark Twain said it right.

Hi,

Try Safe Mode with networking - repeatedly tap F8 as you boot up.

The top two methods allow the scanners to run and/or get AV.exe out of the way or removal.

1.
CTRL SHIFT ESC  - Task Manager  OR Right Click the TaskBar - Task Manager

Processes tab - End Process on AV.EXE and then proceed with the Uninstall Guide.

If needed use Start - Computer  OR  Windows Explorer  to navigate to

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  or where ever it is installed at - if
needed Right Click the Malwarebytes - Properties - Shortcut tab - target line to see where it
is installed.

Right Click on it and Rename it to ZZMbam.COM (or anything different than it is now) and
then double click on it and run it that way. You can rename it back later. Do similar with
other programs as needed. Use this method for others as needed - DO NOT ASSUME any
one program removes it all or that there is not other malware involved. Use the .COM
extension as this malware prevents .EXE from running.

---------------------------------------------------

2.
Another method is to use these :

Use Process Explorer to "Suspend" not Stop the Processes

Then use AutoRuns to remove the malware startup items.

Now use UnLocker to delete the files in the malware.

You may have to do this one file at a time.

Process Explorer - Free
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

AutoRuns - Free
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

UnLocker - Free (do not install the Ebay adaware)
http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml

AV.exe

==============================================

There are MANY varieties of these with many names however all can be removed with the
same methods :

Vista Antispyware 2010, XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010
are rogue antivirus, scams to force you to pay for them while they have no benefits at all.

How to remove ALL varities of this malware - please read the Removal Instructions carefully.
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

RENAME these as needed to allow them to run : (use another name with the .COM extension instead of .exe)

These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run them
in regular Windows when you can.

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits
run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free
http://www.malwarebytes.org/

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can download it
here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs.
This is a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see
how to remove. 
http://www.prevx.com/   <-- information
http://info.prevx.com/downloadcsi.asp  <-- download

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

Try the trial version of Hitman Pro :

Hitman Pro is a second opinion scanner, designed to rescue your computer from malware (viruses,
trojans, rootkits, etc.) that have infected your computer despite all the security measures you have
taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro

--------------------------------------------------------

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/

http://onecare.live.com/site/en-us/default.htm

http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------------------

Also do these to cleanup general corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228

Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-----------------------------------------------------------------------

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

Hope this helps.

---

Rob - Bicycle - Mark Twain said it right.