Various Spyware programs

Lately I've had several people be infected with various spyware programs. In fixing these issues, I've come across some steps that I want to document for my (and yours if you come across this blog) future use.

After using several anti-malware programs to clean the infected hard drive, I have come across that some additional steps needs to be taken. Below are my notes regarding this process.

Problem: Get the following error message: “This file does not have a program associated with it for performing this act.” Neither Word, nor any .exe program will open. Windows does not fully load (i.e. virus software, etc)

Step 1 in fixing the problem:
Open the registry editor. This can be slightly tricky because it will not open the old fashion way (Start – Run – Regedit – Ok). Below are three ways in which I have had some success in opening the registry editor.

1. Option 1
a. Press Start>Run and type cmd in the box and press OK.
b. At the command prompt type cd c:\windows and press return.
c. Type copy regedit.exe regedit.com and press return.
d. type regedit.cm and press return. You should now be in the registry editor.
On the menu bar click file and select export. Save the registry as registry.bak.
2. Option 2
a. Follow substeps in Option 1 except type “command” instead of “cmd” in substep a.
3. Option 3 (Vista & Win 7 only)
a. Right click on C:\Windows\regedit.exe
b. Left click on “Run as Administrator”

Step 2 in fixing the problem:
Editing the registry to correct the problem. Note: These steps came from this forum.
1. If Registry Editor opened successfully, navigate to the following key:
2. HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command.
3. Double-click the (Default) value in the right hand pane and delete the current value data,
and then type: "%1" %* exactly as shown including the quotes and asterisk
4. Navigate to HKEY_CLASSES_ROOT\.exe
5. In the right-hand pane, set (default) to “exefile”
6. Exit the Registry Editor.
7. Reboot
8. Verify that the programs will now open.


One more thing to check:
After this I usually double check the problem that I came across in my last blog post and verify that the Security Center is showing the correct firewall and anti-virus software. If not below are the steps to correct this problem.

1. Click the start button and search on the word "CMD" - "CMD.exe" should appear.
2. In the command window at the prompt type each line and press Enter:

net stop winmgmt
cd c:\windows\system32\wbem
ren repository repository.old
net start winmgmt

3. Restart the computer and check the result.



That should take care of it. Good luck!!!