Full Games List
Featured Games
New Games
Reviews
Media
Images
Blogs
Game Updates
Images Feedback Summary
Game Design Highlights
Tutorials
Articles
Scripts
Utilities / Plugins
Resources
Engines
Engine Bulletins
What is Makerscore?
Past Events
Achievements
Misaos
Forums
Post History
Chat
New to RMN?
Full Store List
RMN Music Pack (free)
SEVERE COMPUTER PROBLEM. ASSISTANCE/INFORMATION APPRECIATED.
Posts
Pages:
1
Ephiam
8579
Ephiam
View playlists
CloseOkay. I don't know how to describe this, but I recently closed down RPG Maker 2003 to find that a TON of the files on my computer had been deleted or are seemingly so by some type of virus/whatever. All of the files (or near all of them) on my desktop are showing as pages/sheets of paper now and when I click on it, it simply prompts me to select a program from a list to open it with. It does this for EVERYTHING, ranging from even the System Restore options to my word editors.
I have a feeling it may be spyware/malware or something to that extent, as whenever I open a new tab it asks the same thing. However, I can't even install anything on to my computer to get rid of it as I'm asked the same thign AGAIN with no other options other to choose from whatever is there, resulting in me not being able to install what I wanted.
I'm fairly sure Norton blocked something while I was browsing Deviantart called... "ev.exe" I think.
Does anyone have any information regarding what this may be? Thank you.
I have a feeling it may be spyware/malware or something to that extent, as whenever I open a new tab it asks the same thing. However, I can't even install anything on to my computer to get rid of it as I'm asked the same thign AGAIN with no other options other to choose from whatever is there, resulting in me not being able to install what I wanted.
I'm fairly sure Norton blocked something while I was browsing Deviantart called... "ev.exe" I think.
Does anyone have any information regarding what this may be? Thank you.
So the files aren't actually deleted, but you can't use anything?
If you still can run regedit from the command line and see if there is anything under HKEY_CLASSES_ROOT
Also, what is your OS?
If you still can run regedit from the command line and see if there is anything under HKEY_CLASSES_ROOT
Also, what is your OS?
Ephiam
8579
Well... I don't really know! Maybe some THING that was allowing them to work has been deleted without my notice, but they're just blank at the moment. When I closed down MSN just that time, the same thing occured. If I try and open it, it acts as if it does not exist anymore and asks what it should open the file with.
And no Command Propmt can work. That is also gone. The most I can use that is similar is the Run command/option.
As an example (only one I can give):
OpenOffice (my word editor) can not be opened. I'm given the same thing I've been describing.
However, if I were to go to the ACTUAL FILE (say, one of my saved stories made IN Open Office) and open it from there, then it will load fine. So... I don't think it's actually GONE.
And no Command Propmt can work. That is also gone. The most I can use that is similar is the Run command/option.
As an example (only one I can give):
OpenOffice (my word editor) can not be opened. I'm given the same thing I've been describing.
However, if I were to go to the ACTUAL FILE (say, one of my saved stories made IN Open Office) and open it from there, then it will load fine. So... I don't think it's actually GONE.
You should be able to access regedit from the run command too. And what version of Windows are you running?
Edit:
So you can't run programs? Anything that is an executable will not start?
Edit:
So you can't run programs? Anything that is an executable will not start?
post=128418So in other words, you can not open *.exe files but can open files like, say, *.txt?
As an example (only one I can give):
OpenOffice (my word editor) can not be opened. I'm given the same thing I've been describing.
However, if I were to go to the ACTUAL FILE (say, one of my saved stories made IN Open Office) and open it from there, then it will load fine. So... I don't think it's actually GONE.
Sorry, the way you're wording it is kind of confusing. ;_;
Download this and run it if you can. http://rpgmaker.net/users/GameOverGamesProductions/locker/registrykeyclassforexecutables.reg
It should add the .exe key to HKEY_CLASSES_ROOTand HKEY_LOCAL_MACHINE\SOFTWARE\Classes, if the key is missing from the registry then that might be one of your problems. If there is a virus causing it that is running on your computer right now, it won't fix anything though.
It should add the .exe key to HKEY_CLASSES_ROOTand HKEY_LOCAL_MACHINE\SOFTWARE\Classes, if the key is missing from the registry then that might be one of your problems. If there is a virus causing it that is running on your computer right now, it won't fix anything though.
Ephiam
8579
Yes! That's exactly what it is. Whatever is an executable will not start, and that includes everything from internet explore to whatever else is on here. Sorry, but I was trying to get it out the best I could while slightly irritated. =/
Text, music, and pictures are all fine. Anything that requires an executable will not work.
Text, music, and pictures are all fine. Anything that requires an executable will not work.
Ephiam
8579
GameOver...! MY GOD, I COULD JUST...WOOT! It works. It finally works! Everything's been reverted back to normal! All of the executable images are back again, too! Thank you very much for this. I thought my computer was royally screwed over there for a moment.
Hua ha ha! Excellent. Something must have gone and deleted that, then, did it?
Hua ha ha! Excellent. Something must have gone and deleted that, then, did it?
It would appear that you more than likely had something on your computer that maliciously damaged your registry then.
Hold on and I'll give you a list of free stuff to run if your antivirus isn't catching it.
Hold on and I'll give you a list of free stuff to run if your antivirus isn't catching it.
If you are running a 32 bit version of Windows, download, rename to something else before running, and run http://download.bleepingcomputer.com/sUBs/ComboFix.exe (will require your computer to restart and will install the Microsoft Recovery Console if you do not already have it)
Then download http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ and install and use it to scan your whole computer.
See if using those two utilities doesn't find anything.
Then download http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ and install and use it to scan your whole computer.
See if using those two utilities doesn't find anything.
Ephiam
8579
That would be very helpful.
Again, thank you for the help GOGP! I'm thankful that you just happened to pass by. =)
Also, it may have been the file I got earlier but was deleted by Norton. I don't really know, but is it possible that it deleted whatever it was that had been deleted before being erased/quarantined by Norton?
Again, thank you for the help GOGP! I'm thankful that you just happened to pass by. =)
Also, it may have been the file I got earlier but was deleted by Norton. I don't really know, but is it possible that it deleted whatever it was that had been deleted before being erased/quarantined by Norton?
It might have, though you should still run the two above tools just to be sure. Also for security purposes, if your user account on your computer is an Administrator account and you don't want to have your main account have standard privileges, you should probably install and use a program that detects and intercepts changes to the registry and requires your authorization before it allows them.
Ephiam
8579
Also, sorry for this double-post, but I have to put out there that I got TWO viruses now--two days in a ROW--from going to Deviantart. I had managed to get "Vista Antivirus 2010" when viewing yesterday, and this "av.exe" today. This is simply from being there! I noticed a slow-down in the computer both times, and then that's when they began to pop up/work their magic.
Your computer might have an undetected open back door or some sort of a trojan downloader on it somewhere, so it might not be Deviantart. Doing a quick Google search though I see another person who thinks that they've been getting a virus from Deviant starting about two days ago.
Ephiam
8579
Hrm... that is DEFINITELY a possibility! Ha ha. But I haven't been having much trouble at all with my computer since I got it, actually. The only real trouble was when I got that Malware yesterday.
I'll go and do what you've suggested now in a minute.
I'll go and do what you've suggested now in a minute.
GOGP handled the issue (highfives for all Combofix recommendations), and here's some ways to avoid having it happen again!
1) Keep windows updated. No surprise there. Same goes for your AV. I wouldn't recommend Norton at all but I am completely biased and I have no good sources saying why besides personal anecdotes. Well besides that you are paying for an AV where there are perfectly good free alternatives.
2) Update everything Internet related. Update your browser if possible. Update Java and Adobe Flash to seal current exploits which can cause your system to become infected just by using the Internet. Get rid of Adobe Reader and replace it with something like Foxit Reader or PDF XChange, Reader is another commonly exploited attack vector and while the others aren't perfectly secure they aren't nearly as common and therefore they aren't as common attack vectors and they are decent PDF viewers. If you really really like Reader, at least keep it updated too.
3) Set DEP to OptOut mode. OptIn mode is pointless as a security feature and with DEP checking everything it cuts down on attack vectors. If you have Vista/W7, SEP Chain Validation can also help (and make sure UAC is on too).
Turning on DEP:
Turning on SEP Chain Validation:
Thread with more details on DEP and SEP Chain Validation if anybody's interested
1) Keep windows updated. No surprise there. Same goes for your AV. I wouldn't recommend Norton at all but I am completely biased and I have no good sources saying why besides personal anecdotes. Well besides that you are paying for an AV where there are perfectly good free alternatives.
2) Update everything Internet related. Update your browser if possible. Update Java and Adobe Flash to seal current exploits which can cause your system to become infected just by using the Internet. Get rid of Adobe Reader and replace it with something like Foxit Reader or PDF XChange, Reader is another commonly exploited attack vector and while the others aren't perfectly secure they aren't nearly as common and therefore they aren't as common attack vectors and they are decent PDF viewers. If you really really like Reader, at least keep it updated too.
3) Set DEP to OptOut mode. OptIn mode is pointless as a security feature and with DEP checking everything it cuts down on attack vectors. If you have Vista/W7, SEP Chain Validation can also help (and make sure UAC is on too).
Turning on DEP:
BangersInMyKnickers
If you're a chump, you can open System Properties, Advanced tab, Performance Settings, Data Execution Prevention tab, and then change the radio button to the bottom option.
Turning on SEP Chain Validation:
BangersInMyKnickers
SEH chain validation is another feature implemented on Vista SP1 and 7, but not actually turned on. It can be changed at HKLM\System\CurrentControlSet\Control\Session Manager\kernel set DisableExceptionChainValidation to 0. Create the DWORD value if it does not exist. Server 2008 and R2 has it enabled by default.
Thread with more details on DEP and SEP Chain Validation if anybody's interested
I've been plagued by malware twice in the past 3 months just for going to regular 'friendly' sites that I've been going to for many months. What has the internet come to?
Malicious ads, perhaps? I can't exactly imagine a trusted site like DeviantArt suddenly distributing viruses.
facesforce
442
Rah. I had the same virus running loose on my old windows comp as well. I discovered how a lot of assembly code could do the same thing as fixing that regestry. That is not something I think I should mess with ever again, as I fixed the problem but probaly voided the warranty, somehow set it up so vista refuses to update and to top it off now I get ¥ instead of: \. Got any NON-Assembly fixes for that one?
Pages:
1
