We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

URGENT - Infected with XP Total Security 2011


JordanDoyle

Likes # 0

Hello, I have recently (about 3 days ago) been infected by XP Total Security 2011. My antivirus has only just picked it up today and I have only just got back onto Firefox, BUT it has been messing with my registry so the only way I could get onto firefox was by Run-As, I got into registry editor by doing run-as, other wise it'll show what would you like to open with? with every .exe file, I went to HKEYLOCALMACHINE/SOFTWARE/Clients/StartMenuInternet/FIREFOX.EXE/shell/open/command and I found out it had changed my firefox registy setting to: '"%UserProfile%/Local Settings/Application Data/khg.exe" /START "C:/Program Files/Mozilla Firefox/firefox.exe"' I changed that back to C:/Program Files/Mozilla/Firefox/firefox.exe then my antivirus (PC Tools Antivirus free) told me to restart to remove khg.exe, so I did.

Now I opened the registry to find out what was happening with this What would you like to open with? dialog, and found this under: HKEYCURRENTUSER/Software/Classes/exe/shell/open/command

(default) = "C:\Documents and Settings\LocalService\Local Settings\Application Data\khg.exe" -a "%1" %*"

So, I tried to change it to "%1" %* to stop the errors but it wont let me change it the error message I get is: Cannot Edit : Error writing the value's new contents.

Notes

- Before my antivirus removed anything I couldn't access anything, an error something along the lines of, 'Cannot access (filename).exe, wrong permisions'. - The random name that XP Total Security chose was khg.exe which is now removed, according to PC Tools Antivirus 2011, which updated around 1 hour ago.

Like this post
rdave13

Likes # 0

First thing I'd try is to boot to safe mode and try a system restore. If successfull follow this guide from Bleeping Computers.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model