windows

Using Ubuntu MRT to Fix Malware on a Windows Machine: *Nix Saves Windows

Jacob Salmela

May 24, 2014 • 1 min read

A family member brought me their malware-infested machine. It was the worst infection I had seen in a while. First off, this device had some annoying malware, including:

Not surprisingly, all the Web plugins were out-of-date. And on top of everything else, Windows Media Player opened every .exe file. Even when I tried running some malware scanners or built-in components like the Command Prompt, Windows Media Player (WMP) would just open. Even the auto-start programs would spawn multiple instances of WMP. You really could not do anything from Windows–not even get online.

I downloaded the Ubuntu MRT (Malware Removal Toolkit) on a Mac and burned it to a CD using Disk Utility. After booting the Windows machine to the LiveCD, I was able to mount the Windows partition and run a malware scan on it.

It ended up not fixing the problem, but I was able to create a Exe.reg file containing the following:

[-HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe] [HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe] [HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList] [HKEY_CURRENT_-- USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids] "exefile"=hex(0):

After saving this to the Windows partition, I shutdown the LiveCD and booted back into Windows. After double-clicking the newly-created Exe.reg file and restarting, I was able to open all the programs normally again.

From there, I was able to use my malware-neutralizing tools. At the end, I installed my three favorite tools:

Microsoft Security Essentials Avast
CrashPlan
TeamViewer (so I can offer help remotely in the future).

Ubuntu MRT Instructions (translated to English).

Sign up for more like this.