We saw a malware / scareware tactic today that we had not seen for a while. What happened is that Win 7 Antispyware 2011 infected a machine and changed the registry so that any file with the .exe extension would actually try and launch the virus.
We looked at Windows Task Manager and saw a process named mpx.exe (you might see a different name file on your machine). When we searched through the registry we saw that it was referenced at HKEY_CLASSES_ROOT\exefile\shell\open\command default=C:\users\username\AppData\Local\mpx.exe –a “%1” %*
To fix the issue we deleted the file C:\users\username\AppData\Local\mpx.exe and changed HKEY_CLASSES_ROOT\exefile\shell\open\command default=C:\users\username\AppData\Local\mpx.exe –a “%1” %* to HKEY_CLASSES_ROOT\exefile\shell\open\command default=“%1” %*
We also had to change the following registry key back: HKEY_CLASSES_ROOT\.exe default=exefile
During the install of AVG it gives a conflicting anti-spyware product detected error message and will not install. The message then goes on to say: “Setup had detected ewido anti-spyware or ewido anti-malware installed on your computer. Anti-spyware protection is now included in AVG. In order to proceed with installation, you will have to uninstall the previous anti-spyware product first”
I checked add/remove programs and I did not see any reference in there to ewido anti-virus / anti-malware, but I did find a key for it in the registry. Once I deleted the the “HKEY_Local_Machine\Software\ewido anti-spyware” registry entry I was able to install AVG with out any further problems.
When removing the Antivirus 2008 virus from an infected PC, you may come across the issue where you no longer get a windows desktop. Thus, there is no windows taskbar/start menu. The problem is that, the virus has damaged the registry, keeping it from running the explorer.exe process correctly. This fix will enable windows to load explorer.exe and display the windows desktop.
To fix this issue, first you will need to press CTRL+ALT+DELETE to open the task manager. Click the Task Manager button. Next, under the FILE menu click on New Task (Run…). In the space next to Open:, type in REGEDIT and hit OK. Once inside the registry, find the keys bellow as needed.
The key that needs to be deleted to re-enable the windows desktop taskbar/start menu is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
And this key, if Internet Explorer will not start:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe
Once you have deleted the key(s), reboot. Your Windows task bar should reappear and/or internet explorer should launch normally.
I needed to uninstall Trend Micro Officescan Client from several computers a while back. The problem arose when no one at the company knew the password set when the software was installed. I found a way to bypass the password prompt that appears the moment you try to uninstall Officescan Client. Open up the registry editor(Start>Run>Regedit) and follow the path and instructions below:
On the right pane look for “Allow Uninstall” and then set its value to “1″.
Close the registry editor and run the Uninstall again and it should go through without asking for the password!
Was trying to uninstall AVG 8.0 and got the following error.
“Local machine: installation failed
Error: Action failed for file clock.gif: creating backup….
Error 0×80070020 %DESTINATION% = “C:\Program Files\AVG\AVG8\Icons\clock.gif.install_backup”, %SOURCE% = “C:\Program Files\AVG\AVG8\Icons\clock.gif”
I tried to delete the hklm\software\AVG key like was suggested in some articles and that did not work. I then tried to delete the file that was giving error clock.gif and it told me the file was in use.
I then figured that AVG had the file in use while it was trying to uninstall it. So I disabled the AVG8 e-mail scanner and AVG8 Watchdog services, restarted the machine, and was then able to uninstall AVG.
I had a situation today where I needed to uninstall Symantec Antivirus Corporate Edition 9.0 from a computer and it was asking for the uninstall password. Unfortunately the computer had not been communicating with server for sometime and the current password would not work. We also tried the default password of ‘symantec’, but no luck.
Fortunately their is a pretty easy work around in this situation if you are comfortable with editing the registry
Go to start, run, and type in regedit.
Navigate to HKEY_Local_Machine > Software > Intel > LanDesk > VirusProtect6 > CurrentVersion > ClientConfig > AdminstratorOnly > Security
Double click on UseVPUninstallPassword and change the Dword Value from 1 to 0. Click okay and you should now be able to uninstall Symantec without a password.
A couple of notes. I know that this works on Norton Corporate Edition 7.5, Symantec Corporate Edition 8.0 and 9.0, but I am unsure it works on versions 10 or 11.