Articles > Information Security
Removal is difficult, because this malware erases your .exe file association so that you cannot run most application on your computer.
1. ctrl + shift + esc should open up task manager for you. On the Processes tab, select "View" > "Select Columns", enable "Image Path Name", find the process running from c:\users\(username)\AppData\Local\(random).exe, kill this process.
2. Browse to the path above and rename two .exe files in that folder. both with the infection date as their last modified time stamp.
3. Explorer to C:\windows\system32, locate cmd.exe, right click and choose "Run as administrator" (This should launch the command prompt for you, if you just double click it will not open). If that does not open the command prompt, then copy cmd.exe to cmd.com and then execute it.
4. Download the attached reg files and transfer them to the infected computer via USB flash drive or network share. copy them to c:\temp or a similar location ("mkdir c:\temp" if needed to make the folder)
5. Use this command to import each .reg file. If some fail that is ok.
"reg import c:\temp\win7_exefile_assoc.reg", then repeat for each .reg file.
6. Now you should be able to run applications like normal again. I suggest a full virus/malware scan and cleanup or just restore to your last restore point.
Attached Files:
win7_.exe_assoc.reg (2420 downloads)
win7_exefile_assoc.reg (2456 downloads)
win7_.reg_assoc.reg (2372 downloads)
win7_regfile_assoc.reg (2438 downloads)
Malware: Windows Security 2012 Removal Instructions
Last Updated: 6/23/11Removal is difficult, because this malware erases your .exe file association so that you cannot run most application on your computer.
1. ctrl + shift + esc should open up task manager for you. On the Processes tab, select "View" > "Select Columns", enable "Image Path Name", find the process running from c:\users\(username)\AppData\Local\(random).exe, kill this process.
2. Browse to the path above and rename two .exe files in that folder. both with the infection date as their last modified time stamp.
3. Explorer to C:\windows\system32, locate cmd.exe, right click and choose "Run as administrator" (This should launch the command prompt for you, if you just double click it will not open). If that does not open the command prompt, then copy cmd.exe to cmd.com and then execute it.
4. Download the attached reg files and transfer them to the infected computer via USB flash drive or network share. copy them to c:\temp or a similar location ("mkdir c:\temp" if needed to make the folder)
5. Use this command to import each .reg file. If some fail that is ok.
"reg import c:\temp\win7_exefile_assoc.reg", then repeat for each .reg file.
6. Now you should be able to run applications like normal again. I suggest a full virus/malware scan and cleanup or just restore to your last restore point.
Attached Files:
win7_.exe_assoc.reg (2420 downloads)
win7_exefile_assoc.reg (2456 downloads)
win7_.reg_assoc.reg (2372 downloads)
win7_regfile_assoc.reg (2438 downloads)
Keywords: windows security 2012, malware, spyware, virus, removal, windows 7, windows vista