Hello, I have recently (about 3 days ago) been infected by XP Total Security 2011. My antivirus has only just picked it up today and I have only just got back onto Firefox, BUT it has been messing with my registry so the only way I could get onto firefox was by Run-As, I got into registry editor by doing run-as, other wise it'll show what would you like to open with? with every .exe file, I went to HKEYLOCALMACHINE/SOFTWARE/Clients/StartMenuInternet/FIREFOX.EXE/shell/open/command and I found out it had changed my firefox registy setting to: '"%UserProfile%/Local Settings/Application Data/khg.exe" /START "C:/Program Files/Mozilla Firefox/firefox.exe"' I changed that back to C:/Program Files/Mozilla/Firefox/firefox.exe then my antivirus (PC Tools Antivirus free) told me to restart to remove khg.exe, so I did.

Now I opened the registry to find out what was happening with this What would you like to open with? dialog, and found this under: HKEYCURRENTUSER/Software/Classes/exe/shell/open/command

(default) = "C:\Documents and Settings\LocalService\Local Settings\Application Data\khg.exe" -a "%1" %*"

So, I tried to change it to "%1" %* to stop the errors but it wont let me change it the error message I get is: Cannot Edit : Error writing the value's new contents.

Notes

- Before my antivirus removed anything I couldn't access anything, an error something along the lines of, 'Cannot access (filename).exe, wrong permisions'. - The random name that XP Total Security chose was khg.exe which is now removed, according to PC Tools Antivirus 2011, which updated around 1 hour ago.