General discussion

Locked

What has happened?????

By davidfacer ·
Hi all, I have a PC running XP professional that suffered some sort of attack recently - every shortcut was changed to an .lnk file, and most shortcuts would only open with Notepad. On botting there was a huge flurry of registry changes intecepted by Microsoft's Spyuware Remover Beta, and I turned the machine off to try and avoid a suspected glitch in the system. I placed the affected drive into another PC and performed a Spyware and Virus scan (using Adware pro 1.06 and Symantec's Norton Antivirus 2005 (with ALL updates applied) to no avail - nothing was found.
I had a WIndows 2K Pro machine similarly affected some months ago....has anyone else come across this problem?

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Blackcurrant In reply to What has happened?????

Hi

All shortcuts end with a .lnk extension. If you open My Computer, click Tools>Folder Options, then click the View tab you will see an option to 'Hide extensions for known file types'. This is checked by default - have you unchecked it recently? This will enable the viewing of the *full* filname for all your files.

Also, Microsoft's AntiSpyware program notifies the user about many registry changes - this is normal and much of it is informational only. This is why you have not found any spyware or viruses.

IMO, the reporting by MS AntiSpyware is overkill and it should only notify you of problems or potential problems. Instead it notifies you about changes it allows - information which can easily be written to an event instead of notifying the user about every change.

I am sure your disk is OK. You do not mention that you have any problems with it, so I assume the above information will help you.

If you have had problems you should reject this answer and post details.

Hope this helps

Good luck

Collapse -

by avid In reply to What has happened?????

spyware sweeps on an ads volume will not scan the registry there fore will only remove files it finds, not registry keys. tried sys restore yet? might help.. might not. also ms beta spyware remover sucks. it still needs some work i think.

Collapse -

by DeN inc. In reply to What has happened?????

it sounds to me like a registry key lost. try re-installing your windows.

Collapse -

by davidfacer In reply to

no way of starting up the Registry Editor to find out.

Collapse -

by Jaqui In reply to What has happened?????

1) a shortcut is a lnk ( link )
since they only open in notepad, the filetype association has been lost, a system restore should fix it.
( or else shift-right click, open with and pick the application that handles shortcuts )

2) someone played around with the system, this is not a known behavior for virus or adware/spyware.

Collapse -

by davidfacer In reply to

No one touches my file server but me....and I made no changes.

Collapse -

by darren In reply to What has happened?????

First go to the following sites and download the files shown.

http://www.doughknox.com/xp/fileassoc/xp_exe_fix.zip

http://www.doughknox.com/xp/fileassoc/linkfile_fix.zip

Note: if winzip/winrar or whatever isn't working on your machine, either extract the files on another computer or associate the zip files with the appropriate program exe (winzip/winrar) as done for the xp_exe_fix.reg file. see below...

When double clicking the xp_exe_fix.reg file, windows asks what to use to open it. Go to select from list, then browse and find C:\Windows\regedit.exe, select it and click ok, then double click xp_exe_fix.reg again and it'll ask you if you want to add the info to the registry. Click yes and reboot your computer. You should notice that by going Start->my computer->C and opening any one of the folders, all of the programs appear normal again and will function correctly.

If your desktop icons still have the *.lnk extension, run the linkfile_fix.reg by double clicking it, then reboot again. make sure everything seems back to normal and your all done!

Hope this helps.

Collapse -

by davidfacer In reply to

can't RUN any executable files as all associations are linked to notepad....can't even get to the DOS emulator

Collapse -

by darren In reply to What has happened?????

See how to change file associations on windows xp then apply the above as written by me.

http://support.microsoft.com/default.aspx?scid=kb;en-us;307859&product=winxp

Even though the file associations are now notepad ones you should still be able to change the file association using the above link.

Collapse -

by davidfacer In reply to

NO-ONE can run ANY executable file, or use ANY link, as ALL filetypes are now associated with Notepad....I can't change this. I can't run Regedit, or Windows Explorer, or ANYTHING BUT NOTEPAD.

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums