m

Recently had a Vista machine infected with the fake Windows Security Center rubbish, this was cleared relatively easy by running SuperAntiSpyware. We tend to favour MalwareBytes however this was being blocked by the infection (even after renaming mbam.exe to something else). Once SuperAntiSpyware had finished and the system was rebooted we ran MalwareBytes along with some online scanners (TrendMicro Housecall and ESET Online Scanner) to confirm the all clear.

After running the cleanup the system appeared back to normal with no further infections found. Once we loaded IE again (after resetting to default and disabling addons etc) it re-infected the client PC. This was a little frustrating as nothing seemed to pick up any malicious files, we cleared again and re-ran ccleaner to emtpy temp files which must have done the trick as the Internet Explorer Start Menu shortcut failed to load reporting the below:

explorer.exe
The application could not be found

The infection had tagged this shortcut to run the malicious installer upon launching IE. To resolve load regedit and navigate to the below registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet
\IEXPLORE.EXE\shell\open\command

You should only see the default path of IE in here (usually C:\Program Files\Internet Explorer\iexplore.exe), if not amend to resolve.

You can also download the following reg file to run that will make the above changes automatically.

iefix.reg (right click + save as) – Note: Only use this if you are sure of what you are doing, playing with the registry can screw things up! This file is mainly for my ease of use.

1 comment

  1. 06/04/2010 at 2:06 PM Barnie Rubble

    Excellent!! You really are the dogs danglies!!