message "choose the program to open this file with"

This happened after my anti-spyware deleted a file oso.exe.

The drive is accessible when I use the explore button but not when I
double click on it, like I said earlier double clicking leads to this
message "choose the program you want to use to open this file"

I hope you get the drift.

Please help.

On Jun 24, 8:05 pm, BisU > wrote:
> message "choose the program to open this file with"
>
> This happened after my anti-spyware deleted a file oso.exe.
>
> The drive is accessible when I use the explore button but not when I
> double click on it, like I said earlier double clicking leads to this
> message "choose the program you want to use to open this file"
>
> I hope you get the drift.
>
> Please help.

By the way, that happens in My Computer. I am able to right click and
explore the disk drive easily. But double clicking doesn't work.

Please help!

http://www.mydigitallife.info/2007/04/19/manual-clean-removal-instruction-for-wormpabugck-or-wormpabugco/


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

"BisU" > wrote in message
oups.com...
> On Jun 24, 8:05 pm, BisU > wrote:
>> message "choose the program to open this file with"
>>
>> This happened after my anti-spyware deleted a file oso.exe.
>>
>> The drive is accessible when I use the explore button but not when I
>> double click on it, like I said earlier double clicking leads to this
>> message "choose the program you want to use to open this file"
>>
>> I hope you get the drift.
>>
>> Please help.
>
> By the way, that happens in My Computer. I am able to right click and
> explore the disk drive easily. But double clicking doesn't work.
>
> Please help!
>

"BisU" > wrote
> message "choose the program to open this file with"
>
> This happened after my anti-spyware deleted a file oso.exe.
>
> The drive is accessible when I use the explore button but not when I
> double click on it, like I said earlier double clicking leads to this
> message "choose the program you want to use to open this file"
>
> I hope you get the drift.

See if this helps.
Click Start | Run and type or copy/paste this command:
regsvr32 /i shell32.dll
Click OK

--
Rock [MS-MVP User/Shell]

Thanks Gerry.

On Jun 25, 3:36 am, "Rock" > wrote:
> "BisU" > wrote
>
> > message "choose the program to open this file with"
>
> > This happened after my anti-spyware deleted a file oso.exe.
>
> > The drive is accessible when I use the explore button but not when I
> > double click on it, like I said earlier double clicking leads to this
> > message "choose the program you want to use to open this file"
>
> > I hope you get the drift.
>
> See if this helps.
> Click Start | Run and type or copy/paste this command:
> regsvr32 /i shell32.dll
> Click OK
>
> --
> Rock [MS-MVP User/Shell]

Rock, when I type regedit in run I get the message "windows cannot
find "regedit". Make sure you typed the name correctly ...."

I did write that command and once it was run I got the message
"DllRegisterServer and DllInstall in shell32.dll succeeded."

But :-( nothing changes. I cannot access my disk drive, nor can i
access regedit, either by running from Start - Run or by searching for
regedit in system32 folder.

This happened after Comodo BO Clean did something to a trojan, that
Gerry gave a link about above.

Incidentally, everything else seems fine. I can use my PC, connect to
the internet. No suspicious chinese site opening up automatically
anymore.

Please help.

"BisU" > wrote
> On Jun 25, 3:36 am, "Rock" > wrote:
>> "BisU" > wrote
>>
>> > message "choose the program to open this file with"
>>
>> > This happened after my anti-spyware deleted a file oso.exe.
>>
>> > The drive is accessible when I use the explore button but not when I
>> > double click on it, like I said earlier double clicking leads to this
>> > message "choose the program you want to use to open this file"
>>
>> > I hope you get the drift.
>>
>> See if this helps.
>> Click Start | Run and type or copy/paste this command:
>> regsvr32 /i shell32.dll
>> Click OK
>>
>> --
>> Rock [MS-MVP User/Shell]
>
> Rock, when I type regedit in run I get the message "windows cannot
> find "regedit". Make sure you typed the name correctly ...."
>
> I did write that command and once it was run I got the message
> "DllRegisterServer and DllInstall in shell32.dll succeeded."
>
> But :-( nothing changes. I cannot access my disk drive, nor can i
> access regedit, either by running from Start - Run or by searching for
> regedit in system32 folder.
>
> This happened after Comodo BO Clean did something to a trojan, that
> Gerry gave a link about above.
>
> Incidentally, everything else seems fine. I can use my PC, connect to
> the internet. No suspicious chinese site opening up automatically
> anymore.


I didn't tell you to run regedit, but since you tried that and it gave an
error, that could be a sign of a malware infection. Does msconfig run? Go
to Start | Run | msconfig | Ok. Does it give an error as well. What
about task manager, can you access that with Ctrl-Shift-Esc? If one or the
other or both of these won't run then it suggests a malware infection.

Malware Removal
http://www.elephantboycomputers.com/page2.html#Removing_Malware

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Richard Harper's Guide to Cleaning Pests
http://rgharper.mvps.org/cleanit.htm

--
Rock [MS-MVP User/Shell]

Rock,
Quoting myself from previous message: "I did write that command and
once it was run I got the message "DllRegisterServer and DllInstall in
shell32.dll succeeded."

So I ran the command you told me to and it ran successfully.
Unfortunately, it did nothing advantageous to my system, not at least
to my problem.

Regarding your query, msconfig seems to be suffering from the same
sickness. Interestingly, ipconfig works fine, so does Task Manager.
Event viewer works fine. Services.msc too.

Regedit and msconfig don't seem to be working at all. I can see
regedit in the system32 folder interestingly, but clicking on it gives
me the message "file not found"

Additionally, clicking on my local drive (I got a single partition, C
and E). Clicking on E takes me to the "choose the program to open
this file with..." message. Right clicking E and exploring it works
just fine.

Like I said earlier, this happened after my antispyware cleaned a
trojan.

Thanks for the answers. Expecting more though.

Bisu

Rock

This link refers to regedit and msconfig:
http://www.mydigitallife.info:80/2007/04/19/manual-clean-removal-instruction-for-wormpabugck-or-wormpabugco/

The Worm does seem to do extensive damage.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
"Rock" > wrote in message
...
> "BisU" > wrote
>> On Jun 25, 3:36 am, "Rock" > wrote:
>>> "BisU" > wrote
>>>
>>> > message "choose the program to open this file with"
>>>
>>> > This happened after my anti-spyware deleted a file oso.exe.
>>>
>>> > The drive is accessible when I use the explore button but not when
>>> > I
>>> > double click on it, like I said earlier double clicking leads to
>>> > this
>>> > message "choose the program you want to use to open this file"
>>>
>>> > I hope you get the drift.
>>>
>>> See if this helps.
>>> Click Start | Run and type or copy/paste this command:
>>> regsvr32 /i shell32.dll
>>> Click OK
>>>
>>> --
>>> Rock [MS-MVP User/Shell]
>>
>> Rock, when I type regedit in run I get the message "windows cannot
>> find "regedit". Make sure you typed the name correctly ...."
>>
>> I did write that command and once it was run I got the message
>> "DllRegisterServer and DllInstall in shell32.dll succeeded."
>>
>> But :-( nothing changes. I cannot access my disk drive, nor can i
>> access regedit, either by running from Start - Run or by searching
>> for
>> regedit in system32 folder.
>>
>> This happened after Comodo BO Clean did something to a trojan, that
>> Gerry gave a link about above.
>>
>> Incidentally, everything else seems fine. I can use my PC, connect
>> to
>> the internet. No suspicious chinese site opening up automatically
>> anymore.
>
>
> I didn't tell you to run regedit, but since you tried that and it gave
> an error, that could be a sign of a malware infection. Does msconfig
> run? Go to Start | Run | msconfig | Ok. Does it give an error as
> well. What about task manager, can you access that with
> Ctrl-Shift-Esc? If one or the other or both of these won't run then
> it suggests a malware infection.
>
> Malware Removal
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> THE PARASITE FIGHT
> Finding, Removing & Protecting Yourself From Scumware
> http://aumha.org/a/parasite.htm
>
> Richard Harper's Guide to Cleaning Pests
> http://rgharper.mvps.org/cleanit.htm
>
> --
> Rock [MS-MVP User/Shell]

On Mon, 25 Jun 2007 14:09:15 -0000, BisU >
wrote:


> Regedit and msconfig don't seem to be working at all. I can see
> regedit in the system32 folder interestingly, but clicking on it gives
> me the message "file not found"

....

> Like I said earlier, this happened after my antispyware cleaned a
> trojan.


Almost certainly, you are still (or again) infected.

--
Ken Blake, Microsoft MVP Windows - Shell/User
Please Reply to the Newsgroup

"BisU" > wrote
> Rock,
> Quoting myself from previous message: "I did write that command and
> once it was run I got the message "DllRegisterServer and DllInstall in
> shell32.dll succeeded."
>
> So I ran the command you told me to and it ran successfully.
> Unfortunately, it did nothing advantageous to my system, not at least
> to my problem.
>
> Regarding your query, msconfig seems to be suffering from the same
> sickness. Interestingly, ipconfig works fine, so does Task Manager.
> Event viewer works fine. Services.msc too.
>
> Regedit and msconfig don't seem to be working at all. I can see
> regedit in the system32 folder interestingly, but clicking on it gives
> me the message "file not found"
>
> Additionally, clicking on my local drive (I got a single partition, C
> and E). Clicking on E takes me to the "choose the program to open
> this file with..." message. Right clicking E and exploring it works
> just fine.
>
> Like I said earlier, this happened after my antispyware cleaned a
> trojan.
>
> Thanks for the answers. Expecting more though.


It seems there is still a residual from that malware infection. Did you go
through the link Gerry provided which is quite extensive, and the links I
gave you for malware removal? Removing the malware is one thing, fixing the
damage is a whole different story.

--
Rock [MS-MVP User/Shell]

Hi Gerry, Rock

Well, everything is restored! I can run regedit and msconfig and of
course double click my way into my local disk drive!

Thanks to Gerry, the link to the article he wrote did the trick. Not
exactly the same virus though Gerry, but a variant...its KMAWII.exe
that infected my system.

Comodo BO Clean had already cleaned the file QXCTRT.exe and OSO.exe
but I needed to remove some registry keys which were here -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options

Once these were removed, I used WINRar to locate the hidden files
Kmawii.dll and kmawii.exe in \windows\system32 folder and autorun.inf
in my hard drive.

Also, I did change the registry entry value

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies
\Explorer"NoDriveTypeAutoRun" which was set to b5 by the trojan
(apparently) to 91.

After the restart...everything was fine.

A lot of time wasted, but I am satisfied. Though its sick to think of
it as an achievement...I should be angry at the computer guy who
installed this thing on my system....

I sometimes feel these viruses are nothing but marketing tacks...for
antivirus companies..................but thats me. Lot of BS really.

Anyways, thanks to all. I'll be back once this thing comes back. I
know it will.

Well done! Glad it worked out for you.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
"BisU" > wrote in message
ups.com...
> Hi Gerry, Rock
>
> Well, everything is restored! I can run regedit and msconfig and of
> course double click my way into my local disk drive!
>
> Thanks to Gerry, the link to the article he wrote did the trick. Not
> exactly the same virus though Gerry, but a variant...its KMAWII.exe
> that infected my system.
>
> Comodo BO Clean had already cleaned the file QXCTRT.exe and OSO.exe
> but I needed to remove some registry keys which were here -
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
> File Execution Options
>
> Once these were removed, I used WINRar to locate the hidden files
> Kmawii.dll and kmawii.exe in \windows\system32 folder and autorun.inf
> in my hard drive.
>
> Also, I did change the registry entry value
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies
> \Explorer"NoDriveTypeAutoRun" which was set to b5 by the trojan
> (apparently) to 91.
>
> After the restart...everything was fine.
>
> A lot of time wasted, but I am satisfied. Though its sick to think of
> it as an achievement...I should be angry at the computer guy who
> installed this thing on my system....
>
> I sometimes feel these viruses are nothing but marketing tacks...for
> antivirus companies..................but thats me. Lot of BS really.
>
> Anyways, thanks to all. I'll be back once this thing comes back. I
> know it will.
>

fast forward 1 year+ later n this topic is still very helpful.. gerry's
instructions were very very instrumental in me fixin my own pc instead
of havin some douche reformat my hard-drive n then charge me for it.. i
run vista n used avg in safe mode to delete tha files (kmawii.exe n tha
lot) and vista manager's registry cleaner to get rid of the registry
entries... jus wanted to say thnks mch for this post!! very very
helpful!!
BisU;164915 Wrote:
> Hi Gerry, Rock
>
> Well, everything is restored! I can run regedit and msconfig and of
> course double click my way into my local disk drive!
>
> Thanks to Gerry, the link to the article he wrote did the trick. Not
> exactly the same virus though Gerry, but a variant...its KMAWII.exe
> that infected my system.
>
> Comodo BO Clean had already cleaned the file QXCTRT.exe and OSO.exe
> but I needed to remove some registry keys which were here -
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
> File Execution Options
>
> Once these were removed, I used WINRar to locate the hidden files
> Kmawii.dll and kmawii.exe in \windows\system32 folder and autorun.inf
> in my hard drive.
>
> Also, I did change the registry entry value
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies
> \Explorer"NoDriveTypeAutoRun" which was set to b5 by the trojan
> (apparently) to 91.
>
> After the restart...everything was fine.
>
> A lot of time wasted, but I am satisfied. Though its sick to think of
> it as an achievement...I should be angry at the computer guy who
> installed this thing on my system....
>
> I sometimes feel these viruses are nothing but marketing tacks...for
> antivirus companies..................but thats me. Lot of BS really.
>
> Anyways, thanks to all. I'll be back once this thing comes back. I
> know it will.