Using Ubuntu MRT to Fix Malware on a Windows Machine: *Nix Saves Windows

A family member brought me their malware-infested machine.  It was the worst infection I had seen in a while. First off, this device had some annoying malware, including:

Not suprisingly, all the Web plugins were out-of-date.  And on top of everything else, Windows Media Player opened every .exe file.  Even when I tried running some malware scanners or built-in components like the Command Prompt, Windows Media Player (WMP) would just open.  Even the auto-start programs would spawn multiple instances of WMP.  You really could not do anything from Windows–not even get online.

I downloaded the Ubuntu MRT (Malware Removal Toolkit) on a Mac and burned it to a CD using Disk Utility.  After booting the Windows machine to the LiveCD, I was able to mount the Windows partition and run a malware scan on it.

It ended up not fixing the problem, but I was able to create a Exe.reg  file containing the following:

[-HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]

[HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]

[HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]

[HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
"exefile"=hex(0):

After saving this to the Windows partition, I shutdown the LiveCD and booted back into Windows.  After double-clicking the newly-created Exe.reg  file and restarting, I was able to open all the programs normally again.

From there, I was able to use my malware-neutralizing tools.  At the end, I installed my three favorite tools:

 

Ubuntu MRT Instructions (translated to English).

3 Replies to “Using Ubuntu MRT to Fix Malware on a Windows Machine: *Nix Saves Windows”

Leave a Reply