mailworm?

I am trying to sort out my son's computer which gas a major problem. It
is a fairly new Dell running Windows 7 Home Premium and protected by
paid for AVG.

He sent an email to his Hotmail account. Then he got a dialogue box
saying you have a mail worm and you have 5 minutes to restart your
computer. He did a restart. But since then he cannot open any program. A
box comes up with an .exe filename saying choose the program you want to
use to open the file. This happens with all applications. I tried to run
System restore but it says "file:rstrui.exe and choose a program, etc."

I managed to get into safe mode and ran Recovery and something seemed to
happen but no cure.

What might have happened and will it be necessary to reinstall the OS.

Thanks and all suggestions welcome.

Denis
--
Denis Scadeng

http://www.burdon.demon.co.uk/

On 6/19/2011 2:39 PM, Denis Scadeng wrote:
> I am trying to sort out my son's computer which gas a major problem. It
> is a fairly new Dell running Windows 7 Home Premium and protected by
> paid for AVG.
>
> He sent an email to his Hotmail account. Then he got a dialogue box
> saying you have a mail worm and you have 5 minutes to restart your
> computer. He did a restart. But since then he cannot open any program. A
> box comes up with an .exe filename saying choose the program you want to
> use to open the file. This happens with all applications. I tried to run
> System restore but it says "file:rstrui.exe and choose a program, etc."
>
> I managed to get into safe mode and ran Recovery and something seemed to
> happen but no cure.
>
> What might have happened and will it be necessary to reinstall the OS.
>
> Thanks and all suggestions welcome.
>
> Denis
I am not an expert but I would try the free Malwarebytes from
http://www.malwarebytes.org/

--
Zaidy036

In news:yE6gugAMJk$,
Denis Scadeng <> typed:
> I am trying to sort out my son's computer which gas a
> major problem. It is a fairly new Dell running Windows 7
> Home Premium and protected by paid for AVG.
>
> He sent an email to his Hotmail account. Then he got a
> dialogue box saying you have a mail worm and you have 5
> minutes to restart your computer. He did a restart. But
> since then he cannot open any program. A box comes up
> with an .exe filename saying choose the program you want
> to use to open the file. This happens with all
> applications. I tried to run System restore but it says "file:rstrui.exe
> and choose a program, etc."
> I managed to get into safe mode and ran Recovery and
> something seemed to happen but no cure.
>
> What might have happened and will it be necessary to
> reinstall the OS.

Maybe; maybe not. AVG is mostly a vrus detection program, regardless of what
it says it can do. In addition, you need to run some anti-spyware programs
and hope they'll find your virus, trojan, worm or whatever type of malware
that has affected you.

These are free and IMO good ones to try although there are some others and
you might get others offering other, different applications to try.
== Antimalware.com
== Sypbot Search & Destroy
== Adaware
== Microsoft Defender
== MSE (Microsoft Essentials)
== SuperAntiSpyware
Use Google to locate/downad them.
Before using, update EACH one; they don't normally come with the most
current databases. Same for AVG of course, which is a good app but just not
made to catch all malware by any means. Its claim to fame is catching
viruses, not othere malware.
Also of course if you have DSL or FIOS you should disconnect from the
'net whenever no one is actually sitting in front of the computer watching
it. You still need a good firewall in place, hopefully your router prvodes
NAT, and a software firewall added to the computer adds a final layer of
security.
This one is probably even more important than all the above: Practice
SAFE HEX!
http://winhelp2002.mvps.org/security.htm is one place you'll find it, and
many others exist. Google for it if you can't find it or the link doesn't
work for you.


The reasons for more than one malware app is, no single program as yet can
detect every malware that exists. Some people will swear for and against
each of them because of their own personal experiences with the types of
malware etc. that they personally receive.

HTH,

Twayne`

On 19/06/2011 19:39, Denis Scadeng wrote:
> I am trying to sort out my son's computer which gas a major problem. It
> is a fairly new Dell running Windows 7 Home Premium and protected by
> paid for AVG.
>
> He sent an email to his Hotmail account. Then he got a dialogue box
> saying you have a mail worm and you have 5 minutes to restart your
> computer. He did a restart. But since then he cannot open any program. A
> box comes up with an .exe filename saying choose the program you want to
> use to open the file. This happens with all applications. I tried to run
> System restore but it says "file:rstrui.exe and choose a program, etc."
>
> I managed to get into safe mode and ran Recovery and something seemed to
> happen but no cure.
>
> What might have happened and will it be necessary to reinstall the OS.
>

Don't know which bug your son's comp has, which makes it difficult to
provide a solution. However what I would do is run SuperAntispyware
portable: http://www.superantispyware.com/portablescanner.html It may
fix the problem but if it does not , you should at least find the name
of the malware for further assistance.

"Denis Scadeng" <> wrote in message
news:yE6gugAMJk$...
>I am trying to sort out my son's computer which gas a major problem. It is
>a fairly new Dell running Windows 7 Home Premium and protected by paid for
>AVG.
>
> He sent an email to his Hotmail account. Then he got a dialogue box saying
> you have a mail worm and you have 5 minutes to restart your computer. He
> did a restart. But since then he cannot open any program. A box comes up
> with an .exe filename saying choose the program you want to use to open
> the file. This happens with all applications. I tried to run System
> restore but it says "file:rstrui.exe and choose a program, etc."
>
> I managed to get into safe mode and ran Recovery and something seemed to
> happen but no cure.
>
> What might have happened and will it be necessary to reinstall the OS.
>
> Thanks and all suggestions welcome.
>
> Denis

Sounds like he's had a virus or some kind of malware attack.

He now has a file association problem for .exe files, quite easy to fix.

Go to this link (doesn't matter it's XP), scroll to No.12 left 'EXE fix',
download
http://www.kellys-korner-xp.com/xp_tweaks.htm
and run, allow file to merge into your registry, that should sort your sons
programs out.

Denis Scadeng wrote:
> I am trying to sort out my son's computer which gas a major problem. It
> is a fairly new Dell running Windows 7 Home Premium and protected by
> paid for AVG.
>
> He sent an email to his Hotmail account. Then he got a dialogue box
> saying you have a mail worm and you have 5 minutes to restart your
> computer. He did a restart. But since then he cannot open any program. A
> box comes up with an .exe filename saying choose the program you want to
> use to open the file. This happens with all applications. I tried to run
> System restore but it says "file:rstrui.exe and choose a program, etc."
>
> I managed to get into safe mode and ran Recovery and something seemed to
> happen but no cure.
>
> What might have happened and will it be necessary to reinstall the OS.
>
> Thanks and all suggestions welcome.
>
> Denis

If you write down the *exact* text of the dialogue box,
you can use that in a Google search, to get help identifying the
pest. There are custom web pages, with removal recipes for
particular pests.

Many pests now are "rogueware". First, they present what looks like
an antivirus program window. The program tells you you're infected.
And then it asks for a credit card number, with the promise that if
you pay them money, they're remove the infection present. Of course,
the only infection, is them. So the motivation is money. Or stealing
the credit card number.

There are websites which offer malware cleaning. They follow a
methodical process, which starts with scanning tools that list
things in the computer. Based on the evidence, the trained
malware fighter on the website, gives a custom recipe to the
user. The service is free, but those sites can be overloaded
with pending cases needing treatment.

http://www.bleepingcomputer.com/forums/forum22.html

If Safe Mode is working, you can try MalwareBytes (MBAM) from there.
The free version is used to scan for malware and remove it. The
tool would preferably be run from Normal boot mode, but if that is
severely broken, Safe Mode may be your only option.

http://en.wikipedia.org/wiki/Malwarebytes

Well designed malware, knows what MBAM is. The malware can block the
Internet connection to the MBAM download site. The malware can prevent
the user from running .exe files. Even if renamed, it still might not
be possible to get MBAM running. Safe Mode is sometimes an option,
but comes with no guarantees.

Well designed malware includes things like rootkits, which are a powerful
way of defeating any protections the OS might have.

http://en.wikipedia.org/wiki/Rootkit

http://en.wikipedia.org/wiki/TDSS

"The Alureon rootkit was first seen in 2006. PCs usually get infected
by manually downloading and installing Trojan software, and has been
seen bundled with the rogue security software Security Essentials 2010."

So sometimes, the situation is more complicated than it looks.

Paul

In message <yE6gugAMJk$>, Denis Scadeng
<> writes
>I am trying to sort out my son's computer which gas a major problem. It
>is a fairly new Dell running Windows 7 Home Premium and protected by
>paid for AVG.
>
>He sent an email to his Hotmail account. Then he got a dialogue box
>saying you have a mail worm and you have 5 minutes to restart your
>computer. He did a restart. But since then he cannot open any program.
>A box comes up with an .exe filename saying choose the program you want
>to use to open the file. This happens with all applications. I tried to
>run System restore but it says "file:rstrui.exe and choose a program, etc."
>
>I managed to get into safe mode and ran Recovery and something seemed
>to happen but no cure.
>
>What might have happened and will it be necessary to reinstall the OS.
>
>Thanks and all suggestions welcome.
>
>Denis
Many thanks to all who responded - I never cease to be amazed at the
kindness of people who take the time to offer advice and help on
newsgroups.

I eventually fixed the problem using System Restore. There seems to many
ways to get into SR and, trying each one, eventually it did the job. I
use XP myself so finding my way through W7 was a learning curve. I've
also created a recovery disc!

I assume it was Malware of some kind but which one I don't know. I think
the critical point was saying you have to restart within 5 min. but I
don't know if a restart is more vulnerable. Anyway, I've told my son if
he gets that dialogue box in future to switch off (not restart) and then
start up again. Might, might not, be important.

Thanks again for all the advice.

Denis
--
Denis Scadeng

On 21/06/2011 11:49, Denis Scadeng wrote:
> In message <yE6gugAMJk$>, Denis Scadeng
> <> writes
>> I am trying to sort out my son's computer which gas a major problem.
>> It is a fairly new Dell running Windows 7 Home Premium and protected
>> by paid for AVG.
>>
>> He sent an email to his Hotmail account. Then he got a dialogue box
>> saying you have a mail worm and you have 5 minutes to restart your
>> computer. He did a restart. But since then he cannot open any program.
>> A box comes up with an .exe filename saying choose the program you
>> want to use to open the file. This happens with all applications. I
>> tried to run System restore but it says "file:rstrui.exe and choose a
>> program, etc."
>>
>> I managed to get into safe mode and ran Recovery and something seemed
>> to happen but no cure.
>>
>> What might have happened and will it be necessary to reinstall the OS.
>>
>> Thanks and all suggestions welcome.
>>
>> Denis
> Many thanks to all who responded - I never cease to be amazed at the
> kindness of people who take the time to offer advice and help on
> newsgroups.
>
> I eventually fixed the problem using System Restore. There seems to many
> ways to get into SR and, trying each one, eventually it did the job. I
> use XP myself so finding my way through W7 was a learning curve. I've
> also created a recovery disc!
>
> I assume it was Malware of some kind but which one I don't know. I think
> the critical point was saying you have to restart within 5 min. but I
> don't know if a restart is more vulnerable. Anyway, I've told my son if
> he gets that dialogue box in future to switch off (not restart) and then
> start up again. Might, might not, be important.
>
> Thanks again for all the advice.
>
> Denis

You should still install and run some anti-malware to check.
Even though the system is now working, if the original
problem was caused by malware, there is likely to be
some infection left such as a password stealing trojan or
a 'hole' left in your firewall etc.
System Restore will not get rid of a malware infection on
it's own, even though it may get you up and running again.
I recommend MalwareBytes Anti-Malware, SuperAntiSpyware
and Spybot Search and Destroy. You should run them all and
perhaps some of the others which have been mentioned in this
thread, too.
There is no single anti-malware or anti-virus application on
the market (free or pay version) which can detect and remove
everything.. Note that the free versions will help eliminate
infections, but only the pay versions usually offer real-time
protection (although I think Spybot Search and Destroy does.)
HTH
--
Rob

On 21/06/2011 11:49, Denis Scadeng wrote:
> In message <yE6gugAMJk$>, Denis Scadeng
> <> writes
>> I am trying to sort out my son's computer which gas a major problem.
>> It is a fairly new Dell running Windows 7 Home Premium and protected
>> by paid for AVG.
>>
>> He sent an email to his Hotmail account. Then he got a dialogue box
>> saying you have a mail worm and you have 5 minutes to restart your
>> computer. He did a restart. But since then he cannot open any program.
>> A box comes up with an .exe filename saying choose the program you
>> want to use to open the file. This happens with all applications. I
>> tried to run System restore but it says "file:rstrui.exe and choose a
>> program, etc."
>>
>> I managed to get into safe mode and ran Recovery and something seemed
>> to happen but no cure.
>>
>> What might have happened and will it be necessary to reinstall the OS.
>>
>> Thanks and all suggestions welcome.
>>
>> Denis
> Many thanks to all who responded - I never cease to be amazed at the
> kindness of people who take the time to offer advice and help on
> newsgroups.
>
> I eventually fixed the problem using System Restore. There seems to many
> ways to get into SR and, trying each one, eventually it did the job. I
> use XP myself so finding my way through W7 was a learning curve. I've
> also created a recovery disc!

Bravo, so long as you can find it when you eventually need it! ;-)

>
> I assume it was Malware of some kind but which one I don't know. I think
> the critical point was saying you have to restart within 5 min. but I
> don't know if a restart is more vulnerable. Anyway, I've told my son if
> he gets that dialogue box in future to switch off (not restart) and then
> start up again. Might, might not, be important.
>
> Thanks again for all the advice.
>
> Denis