The war escalates.
May 31, 2011 6:43 AM   Subscribe

Help me find the right countermove in the war on malware.

Certain malware will change your (i.e. my) registry so that attempting to run a file with the .exe extension triggers their popups. The workaround was to rename the file extension on anti-malware to .com so it would run. But the bad guys finally figured this out and have blocked .com, .scr, and .pif as well. The 4 versions of Rkill (see Deezil's profile) use these 4 extensions but now I can't run them. If I knew the registry changes to undo these magic spells I could proceed.

How do I patch my registry to get around this new roadblock? (Or any other trick you might suggest to fix this restriction?)
posted by Obscure Reference to Computers & Internet (5 answers total) 1 user marked this as a favorite
 
Best answer: I had some success with this.
posted by londonmark at 6:50 AM on May 31, 2011


(Sorry, meant to add, I used this to get around a block some spyware had put on running MalwareBytes, so it's just a guess that it might help your situation too.)
posted by londonmark at 6:53 AM on May 31, 2011


Best answer: Here's some file association fixes that should work (unless they've hijacked .reg as well) If so, you can normally fix file associations if you can get to an explorer window:

- Click Tools/Folder Options
- Click File Types
- Scroll down to REG
- Change REG to launch the Registry Editor
- (If you have to used Advanced, the line is: regedit.exe "%1")
posted by samsara at 8:46 AM on May 31, 2011


Best answer: Here's another reg import if the previous link does not work due to the fixes being zipped.
posted by samsara at 8:47 AM on May 31, 2011


Response by poster: Thanks. These worked.
posted by Obscure Reference at 6:16 PM on May 31, 2011


« Older Windows 7 home server hardware recs   |   What's a cool idea for a website with a database? Newer »
This thread is closed to new comments.


Tags

Share