<div class="IPBDescription">ARGH</div> Ok, so after running AVG virus scan I can't seem to open .exe's anymore. It gives me the same message every time about that the .exe program I requested wasn't found.
In the future avoid using AVG alltogether. It gave me a constant memeory leak in my system, and caused long-pauses in games, and pings of 100-700 with 50 loss....
<!--QuoteBegin-CommunistWithAGun+Mar 7 2004, 03:55 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (CommunistWithAGun @ Mar 7 2004, 03:55 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> In the future avoid using AVG alltogether. It gave me a constant memeory leak in my system, and caused long-pauses in games, and pings of 100-700 with 50 loss....
Uninstalled it, back to normal...hmm... <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Yeah but... it's free.
I'm using AVG v6 (the free version) and I've been having no trouble with it, so I have no idea what could be wrong <!--emo&???--><img src='http://www.unknownworlds.com/forums/html//emoticons/confused.gif' border='0' style='vertical-align:middle' alt='confused.gif' /><!--endemo--> .
Have you tried turning the resident shield off? And if that doesn't work have you tried uninstalling using add/remove programs?
Weird, yes, I know, I have links in my taskbar so I could open this. I'm using Mozilla Firefox, maybe that's why <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
<!--QuoteBegin-Bill Door+Mar 7 2004, 10:07 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Bill Door @ Mar 7 2004, 10:07 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I'm using AVG v6 (the free version) and I've been having no trouble with it, so I have no idea what could be wrong <!--emo&???--><img src='http://www.unknownworlds.com/forums/html//emoticons/confused.gif' border='0' style='vertical-align:middle' alt='confused.gif' /><!--endemo--> .
Have you tried turning the resident shield off? And if that doesn't work have you tried uninstalling using add/remove programs? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> How do you want me to do that? It requires me to open .exe's, wich I can't.
I had the exact same problem once, couldn't open anything except internet explorer. What I did was go onto the Microsoft Tech Forums and spend a couple of hours looking for a tiny fix. It was something like Emergency Registry Repair. I don't have the file (formatted the computer since) so you will have to do the hunting for it if you want it.
Time for a good ol' fasioned format if you ask me. <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
<!--QuoteBegin-JezPuh+Mar 7 2004, 09:26 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (JezPuh @ Mar 7 2004, 09:26 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <a href='http://www.microsoft.com/windows2000/techinfo/reskit/en-us/prork/pref_tts_swhm.asp' target='_blank'>This?</a> <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> Since I'm feeling kind I'll have a look for you. And that link isnt it.
EDIT: Couldn't find it. Look for it in the Knowledge Base or Technet.
<!--QuoteBegin-CommunistWithAGun+Mar 7 2004, 03:55 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (CommunistWithAGun @ Mar 7 2004, 03:55 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> In the future avoid using AVG alltogether. It gave me a constant memeory leak in my system, and caused long-pauses in games, and pings of 100-700 with 50 loss....
Uninstalled it, back to normal...hmm... <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Nooooooo! AVG is teh w1n tbh. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
I've seen a similar problem. Basically what happened was that a program somehow got the idea that it could associate itself with the .exe extention. I couldn't convince windows to remove the association, so I associated .exe with annother program which I used to edit the registry. IIRC Regedit wouldn't work this way, I needed a 3rd party tool...
Anyway, you should be able to associate .exe with the uninstaller program and cross your fingers.
Not sure how safe it is, I've only used it once, but you can probably get rundll32.exe there. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Aw please dude! Use your noobish head, did I say I don't have the file? I CAN NOT open .exe files, so neither can I open that.
Not sure how safe it is, I've only used it once, but you can probably get rundll32.exe there. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> Aw please dude! Use your noobish head, did I say I don't have the file? I CAN NOT open .exe files, so neither can I open that.
Anyone else? Please. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> Reformat was suggested over and over and it looks to be the only solution, for your PC, and your brain <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
jk <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
<!--QuoteBegin-SkulkBait+Mar 7 2004, 06:05 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (SkulkBait @ Mar 7 2004, 06:05 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I've seen a similar problem. Basically what happened was that a program somehow got the idea that it could associate itself with the .exe extention. I couldn't convince windows to remove the association, so I associated .exe with annother program which I used to edit the registry. IIRC Regedit wouldn't work this way, I needed a 3rd party tool...
Anyway, you should be able to associate .exe with the uninstaller program and cross your fingers. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> That sounds fair. I reckon its a case of booting in safe mode, nipping in the registry and modifying whatever got its claws into .exes. Sounds like malware to me.
Did a Google search, and found an Experts Exchange topic from another user with your problem.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--><b>Damsel in Distress:</b> Not sure if my problem falls into this catergory but I'm need of some help.
OK... I'm relatively new to XP and it is only today that I got around to downloading an anti virus software. As soon as I had installed AVG (free edition) onto my computer I was alerted that my comp had been infected with the I-Worm/Yaha.K virus. I was adviced to run AVG to remove this worm but I was unable to open the program. It was only after I searched for the syestem32 directory I was able to open AVG which found 88 infected files. AVG healed all those files however my computer hasn't returned to 'normal'.
After restarting my computer I now find myself unable to open any .exe files. I have no idea how to edit the registry and I'm having difficulty understanding all the technical jargon.
So I would be very grateful if someone could outline in plain english/lamen terms how I can get around this problem without going through the painful task of system restore.
Any help would be much appreciated. In the meantime I will browse this site to see if this question has been answered elsewhere.
---------------------
<b>ghana:</b> Symantec offers a free removal tool to fix the registry entries altered by the Yaha virus:
First disable the system restore feature of Windows XP as described on <a href='http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039' target='_blank'>http://service1.symantec.com/SUPPORT/tsgen...001111912274039</a> and then run the removal tool. If this works it would be the easiest way to restore your system to normal operation.
Good luck!
---------------------
<b>ghana:</b> Try to run the removal tool without disabling the system restore first. The removal tool is a .COM file and I hope this will run. After the removal tool has fixed the registry changes of the virus you should be able to disable the system restore as described in the 2nd link. Now run the removal tool again to remove infected items from the system restore section.
---------------------
<b>Damsel in Distress:</b> Is it really safe to run the removal tool without disabling system restore first? If so, I will definately try that.
---------------------
<b>ghana:</b> Yes it is safe to run the removal tool without disabling system restore first. The only thing that could happen is that you accidently restore an infected file from the system restore later. That's why I recommend to run the removal tool for a second time and with disabled system restore, if the virus is removed from registry and non-system restore file system. This second run should then remove the virus also from the system restore.
Symantec says about system restore: "System Restore option in Windows Me/XP Windows Me and Windows XP users should temporarily turn off System Restore. This feature, which is enabled by default, is used by Windows Me/XP to restore files on your computer in case they become damaged. When a computer is infected with a virus, worm, or Trojan, it is possible that the virus, worm, or Trojan could be backed up by System Restore. By default, Windows prevents System Restore from being modified by outside programs. As a result, there is the possibility that you could accidentally restore an infected file, or that on-line scanners would detect the threat in that location."
You can find this on <a href='http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html' target='_blank'>http://securityresponse.symantec.com/avcen...moval.tool.html</a>
---------------------
<b>Damsel in Distress:</b> Yay! I fixed it! Or should I say 'we'? <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
I ran the removal tool twice like you suggested ghana and it worked like a charm.
Thanks for all your help guys and I'm definately more prepared if this happens again (God forbid!)
Without patient and helpful people like you, who knows what the state of my pc would be like now!
Once again... Thank you!!!
---------------------
<b>lucca1988:</b> I have the same problem, but when I try and run the yaha virus fix, i am told that this will not run on the system, (I have tried this in safe mode).
I can get into c:windows, when i try and run sfc/sannow i am told that windows file protection could not initate a scan.
It comes up with the error code 0x000006ba [the RPC server is unavailable]
any ideas your help is greatky appreciated
---------------------
<b>lucca1988:</b> Hi
I have looked in the registry,
the registry key: HKEY_CLASSES_ROOT\exefile\shell\open\command
if you copy this to a txt file and rename it exefile.reg and dubleclick it it will be restored <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Bwaaaaaaah <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo--> Thank you thank you thank you all for helping me, and especialy you Medhead <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo-->
Comments
Uninstalled it, back to normal...hmm...
Uninstalled it, back to normal...hmm... <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Yeah but... it's free.
Have you tried turning the resident shield off?
And if that doesn't work have you tried uninstalling using add/remove programs?
<a href='http://www.trendmicro.com' target='_blank'>TREND MICRO BABEH</a>
I'm using Mozilla Firefox, maybe that's why <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
Have you tried turning the resident shield off?
And if that doesn't work have you tried uninstalling using add/remove programs? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
How do you want me to do that? It requires me to open .exe's, wich I can't.
If you wana remove it:
Start-->control panel--> Add/remove programs.
done.
Sorry <!--emo&:(--><img src='http://www.unknownworlds.com/forums/html//emoticons/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /><!--endemo-->
Since I'm feeling kind I'll have a look for you. And that link isnt it.
EDIT: Couldn't find it. Look for it in the Knowledge Base or Technet.
<a href='http://www.dll-files.com/' target='_blank'>Dll Files.com</a>
Not sure how safe it is, I've only used it once, but you can probably get rundll32.exe there.
I plug my surge protector into itself and it can't power my computer! I mean.. what gives?!
Uninstalled it, back to normal...hmm... <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Nooooooo! AVG is teh w1n tbh. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
Anyway, you should be able to associate .exe with the uninstaller program and cross your fingers.
<a href='http://www.dll-files.com/' target='_blank'>Dll Files.com</a>
Not sure how safe it is, I've only used it once, but you can probably get rundll32.exe there. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Aw please dude! Use your noobish head, did I say I don't have the file? I CAN NOT open .exe files, so neither can I open that.
Anyone else? Please.
<a href='http://www.dll-files.com/' target='_blank'>Dll Files.com</a>
Not sure how safe it is, I've only used it once, but you can probably get rundll32.exe there. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Aw please dude! Use your noobish head, did I say I don't have the file? I CAN NOT open .exe files, so neither can I open that.
Anyone else? Please. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
Reformat was suggested over and over and it looks to be the only solution, for your PC, and your brain <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
jk <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
<span style='font-size:4pt;line-height:100%'>....not</span>
Anyway, you should be able to associate .exe with the uninstaller program and cross your fingers. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
That sounds fair. I reckon its a case of booting in safe mode, nipping in the registry and modifying whatever got its claws into .exes. Sounds like malware to me.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--><b>Damsel in Distress:</b> Not sure if my problem falls into this catergory but I'm need of some help.
OK... I'm relatively new to XP and it is only today that I got around to downloading an anti virus software. As soon as I had installed AVG (free edition) onto my computer I was alerted that my comp had been infected with the I-Worm/Yaha.K virus. I was adviced to run AVG to remove this worm but I was unable to open the program. It was only after I searched for the syestem32 directory I was able to open AVG which found 88 infected files. AVG healed all those files however my computer hasn't returned to 'normal'.
After restarting my computer I now find myself unable to open any .exe files. I have no idea how to edit the registry and I'm having difficulty understanding all the technical jargon.
So I would be very grateful if someone could outline in plain english/lamen terms how I can get around this problem without going through the painful task of system restore.
Any help would be much appreciated. In the meantime I will browse this site to see if this question has been answered elsewhere.
---------------------
<b>ghana:</b> Symantec offers a free removal tool to fix the registry entries altered by the Yaha virus:
<a href='http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html' target='_blank'>http://securityresponse.symantec.com/avcen...moval.tool.html</a>
First disable the system restore feature of Windows XP as described on <a href='http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039' target='_blank'>http://service1.symantec.com/SUPPORT/tsgen...001111912274039</a> and then run the removal tool. If this works it would be the easiest way to restore your system to normal operation.
Good luck!
---------------------
<b>ghana:</b> Try to run the removal tool without disabling the system restore first. The removal tool is a .COM file and I hope this will run. After the removal tool has fixed the registry changes of the virus you should be able to disable the system restore as described in the 2nd link. Now run the removal tool again to remove infected items from the system restore section.
---------------------
<b>Damsel in Distress:</b> Is it really safe to run the removal tool without disabling system restore first? If so, I will definately try that.
---------------------
<b>ghana:</b> Yes it is safe to run the removal tool without disabling system restore first. The only thing that could happen is that you accidently restore an infected file from the system restore later. That's why I recommend to run the removal tool for a second time and with disabled system restore, if the virus is removed from registry and non-system restore file system. This second run should then remove the virus also from the system restore.
Symantec says about system restore:
"System Restore option in Windows Me/XP
Windows Me and Windows XP users should temporarily turn off System Restore. This feature, which is enabled by default, is used by Windows Me/XP to restore files on your computer in case they become damaged. When a computer is infected with a virus, worm, or Trojan, it is possible that the virus, worm, or Trojan could be backed up by System Restore. By default, Windows prevents System Restore from being modified by outside programs. As a result, there is the possibility that you could accidentally restore an infected file, or that on-line scanners would detect the threat in that location."
You can find this on <a href='http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html' target='_blank'>http://securityresponse.symantec.com/avcen...moval.tool.html</a>
---------------------
<b>Damsel in Distress:</b> Yay! I fixed it! Or should I say 'we'? <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
I ran the removal tool twice like you suggested ghana and it worked like a charm.
Thanks for all your help guys and I'm definately more prepared if this happens again (God forbid!)
Without patient and helpful people like you, who knows what the state of my pc would be like now!
Once again... Thank you!!!
---------------------
<b>lucca1988:</b> I have the same problem, but when I try and run the yaha virus fix, i am told that this will not run on the system, (I have tried this in safe mode).
I can get into c:windows, when i try and run sfc/sannow i am told that windows file protection could not initate a scan.
It comes up with the error code 0x000006ba [the RPC server is unavailable]
any ideas
your help is greatky appreciated
---------------------
<b>lucca1988:</b> Hi
I have looked in the registry,
the registry key: HKEY_CLASSES_ROOT\exefile\shell\open\command
is set to nqnnod.exe"%1"%*
please help
lucca
---------------------
<b>db_home:</b> hmm it should be
REGEDIT4
<b>[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"</b>
if you copy this to a txt file and rename it exefile.reg and dubleclick it it will be restored
<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
That's where it ends. Hope it helps.
Thank you thank you thank you all for helping me, and especialy you Medhead <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo-->