Using Ubuntu MRT to Fix Malware on a Windows Machine: *Nix Saves Windows
A family member brought me their malware-infested machine. It was the worst infection I had seen in a while. First off, this device had some annoying malware, including:
- Conduit Search
- Delta Toolbar
- Image Editor Packages
- Update for Image Editor
- Driver Detective
- SupportSoft Assisted Service
- Delta Chrome Toolbar
Not surprisingly, all the Web plugins were out-of-date. And on top of everything else, Windows Media Player opened every .exe file. Even when I tried running some malware scanners or built-in components like the Command Prompt, Windows Media Player (WMP) would just open. Even the auto-start programs would spawn multiple instances of WMP. You really could not do anything from Windows–not even get online.
I downloaded the Ubuntu MRT (Malware Removal Toolkit) on a Mac and burned it to a CD using Disk Utility. After booting the Windows machine to the LiveCD, I was able to mount the Windows partition and run a malware scan on it.
It ended up not fixing the problem, but I was able to create a Exe.reg file containing the following:
[-HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe] [HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe] [HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList] [HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids] "exefile"=hex(0):
After saving this to the Windows partition, I shutdown the LiveCD and booted back into Windows. After double-clicking the newly-created Exe.reg file and restarting, I was able to open all the programs normally again.
From there, I was able to use my malware-neutralizing tools. At the end, I installed my three favorite tools:
- Microsoft Security Essentials Avast
- TeamViewer (so I can offer help remotely in the future).
Ubuntu MRT Instructions (translated to English).