The company where I work produces a web site. In order to make sure it looks ok on as many browsers as possible, we have to keep a few machines around with older OS and broswers versions installed.
Last week, the machine used to test IE6 (now dead and unsupported by Microsoft, but unfortunately while it’s use has stedily been declining since January 2010, there are still over 8% of people using it, so we have to test to make sure it will look right) got infected with the XP Malware 2010 virus.
The virus itself has been well written with a very sincere and genuine looking application interface (see here for pictures etc.). Normally for most computer viri I simply remove their entries from the /Software/Microsoft/Windows/Current Version/Run registry section, delete the binaries and reboot.
But this one went a little further (some do unfortunately). It actually modifies the registry entries that deal with how windows launches .exe binaries. It essentially modified the default open shell open entry to launch itself, with the program you wanted to open as an argument. So if you tried to run notepad.exe, AV.EXE would get launched instead, but AV.EXE would know to run notepad.exe after itself.
I followed to instructions on the site, but not to the letter. I was in a rush and sort of deleted the .exe entries completely. Result, I could no longer launch apps that ended in .exe :o(
I didn’t fancy trying to manually put the correct entried back in, so I had a quick search on google for ‘XP .exe file association’ and found this page.
The whole site is pretty cool with a lot of utils, tips and fixes. Admittedley it seems to all be for XP, but I’m sure some of it could be of use for later Windows versions, or at least provide a starting point.
Doug Knox, I thank you for saving me from having to rebuild an old XP system (hours alone in just trying to find the OS istall disks !!)
;o)
