how to solve the lost file associations
problem
Copyright 2010 Cairos Computing Limited
Help Computing is a trading style of Cairos Computing Ltd.
Help Computing is a trading style of Cairos Computing Ltd.
What are we
up to?
up to?
We'll write about the
sorts of things we get up
to. It'll be a slightly techy
read, but we'll try our
best to make it readable!
There'll soon be lots of top tips for the technically minded too.
Want to know more? Click the icon above..
There'll soon be lots of top tips for the technically minded too.
Want to know more? Click the icon above..
helpcomputing vs. one infected laptop - round #3
This was the final stage of an epic battle we were having with an infected laptop. We had one user login that had lost its file associations. The infected user was unable to open any files. Because the file associations had been lost, the computer no longer knew what program to use to open any particular file.
File Associations and the infected user
And so, on to the infected user.
Yes, the file associations had been lost and on starting Internet Explorer, it tries to run ssvagent.exe, but of course, with no file associations, we are presented with an Open With box where we are expected to tell Windows how to run an exe. Time to research what ssvagent.exe is.
Searching around Google and we find that ssvagent.exe is something to do with Java, and is a legitimate program. It's just struggling to run.
We turned to the Internet again. Amongst all the rubbish and other advice (which was close to rubbish anyway) we came across what made sense from a poster called danno2010 at tomshardware.co.uk:
http://www.tomshardware.co.uk/forum/241246-34-ssvagent
It all seemed to make sense so we had a go.
Remembering that the file associations are lost on this login, we had to take a diversion from danno2010's instructions and we typed regedit in the run box. Regedit.exe was then listed, so right clicked it and chose Run as administrator.
This got us into the registry editor, and so it is time for a warning.
You are at the heart of the computer. Or perhaps, a major organ. Be careful if you do follow this - one false move and it could be the end of your computer). And we can't be responsible for that!
With that said, we'll continue to follow danno2010:
Expand HKEY_CLASSES_ROOT and find the folder of .exe
Without expanding it, on the main .exe folder, Right-click (Default) and Modify. Change the Value Data to exefile [MINE SAID SECFILE]
Now in the same HKEY_CLASSES_ROOT find the folder of exefile and Right-click (Default) and Modify. Change the Value Data to "%1" %* [MINE SAID APPLICATION]
Lastly expand exefile , expand shell , expand open , click on the command folder, Right-click (Default) and Modify . Change the Value Data to "%1" %* [MINE ALREADY SAID THIS. DIDN'T HAVE TO CHANGE]
Close Regedit and Restart the computer. When restarted, EXE files should not prompt you to choose a program to run it now and load correctly.
Problem resolved. User login is back to normal.
If you came to this page for assistance with lost file associations, you could stop here. We hope that this page was useful to you. But if you have been following our battle against the rogue fake antivirus program, you should continue as there is still a bit more to do.
How horrible was this rogue antivirus program?
Very horrible. There's a bit more of a tidy up left to do, and we need to go into System Configuration to do it (see screenshot below).
This was the final stage of an epic battle we were having with an infected laptop. We had one user login that had lost its file associations. The infected user was unable to open any files. Because the file associations had been lost, the computer no longer knew what program to use to open any particular file.
File Associations and the infected user
And so, on to the infected user.
Yes, the file associations had been lost and on starting Internet Explorer, it tries to run ssvagent.exe, but of course, with no file associations, we are presented with an Open With box where we are expected to tell Windows how to run an exe. Time to research what ssvagent.exe is.
Searching around Google and we find that ssvagent.exe is something to do with Java, and is a legitimate program. It's just struggling to run.
We turned to the Internet again. Amongst all the rubbish and other advice (which was close to rubbish anyway) we came across what made sense from a poster called danno2010 at tomshardware.co.uk:
http://www.tomshardware.co.uk/forum/241246-34-ssvagent
It all seemed to make sense so we had a go.
Remembering that the file associations are lost on this login, we had to take a diversion from danno2010's instructions and we typed regedit in the run box. Regedit.exe was then listed, so right clicked it and chose Run as administrator.
This got us into the registry editor, and so it is time for a warning.
You are at the heart of the computer. Or perhaps, a major organ. Be careful if you do follow this - one false move and it could be the end of your computer). And we can't be responsible for that!
With that said, we'll continue to follow danno2010:
Expand HKEY_CLASSES_ROOT and find the folder of .exe
Without expanding it, on the main .exe folder, Right-click (Default) and Modify. Change the Value Data to exefile [MINE SAID SECFILE]
Now in the same HKEY_CLASSES_ROOT find the folder of exefile and Right-click (Default) and Modify. Change the Value Data to "%1" %* [MINE SAID APPLICATION]
Lastly expand exefile , expand shell , expand open , click on the command folder, Right-click (Default) and Modify . Change the Value Data to "%1" %* [MINE ALREADY SAID THIS. DIDN'T HAVE TO CHANGE]
Close Regedit and Restart the computer. When restarted, EXE files should not prompt you to choose a program to run it now and load correctly.
Problem resolved. User login is back to normal.
If you came to this page for assistance with lost file associations, you could stop here. We hope that this page was useful to you. But if you have been following our battle against the rogue fake antivirus program, you should continue as there is still a bit more to do.
How horrible was this rogue antivirus program?
Very horrible. There's a bit more of a tidy up left to do, and we need to go into System Configuration to do it (see screenshot below).
In this screenshot you'll notice six Startup programs that shouldn't be there. One or more of these may cause
an error on logon because the file it wants to load is not present. Untick the following:
* Windows Update
* MyWebSearch Email Plugin
* Syncman
* Regedit32
* Bpuxuc
* vlcqgdf
There may be other variants, depending on which virus you have. These all have the same Manufacturer in common: unknown. This is not to say that all 'unknown's' are to be suspected. You just need to be careful here and check out any other executable or DLL that you suspect.
And that's it!
The laptop is now alive and well and somehow, we can feel that it is happier. We really can!
* Windows Update
* MyWebSearch Email Plugin
* Syncman
* Regedit32
* Bpuxuc
* vlcqgdf
There may be other variants, depending on which virus you have. These all have the same Manufacturer in common: unknown. This is not to say that all 'unknown's' are to be suspected. You just need to be careful here and check out any other executable or DLL that you suspect.
And that's it!
The laptop is now alive and well and somehow, we can feel that it is happier. We really can!
helpcomputing
If you and your computer are in or around London, we
could help!