Some tough malwares often after being removed leave unwanted entries in the registry which prevent you from opening Task Manager, hiding all Desktop icons and etc. In this article I’ll give you some tips to make your computer working again. Here are some common issues malware causes:

1. It is not possible execute any application (files with exe, com, bat, pif, hta extensions), there is dialog “Open with” or another error displayed instead

Because of the infection there were made changes to the shell\open\command registry keys. If these keys are changed, the malware will run each time that you run certain files.

The open command is controlled from these registries

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

[HKEY_CLASSES_ROOT\comfile\shell\open\command]

[HKEY_CLASSES_ROOT\batfile\shell\open\command]

[HKEY_CLASSES_ROOT\htafile\Shell\Open\Command]

[HKEY_CLASSES_ROOT\piffile\shell\open\command]

[HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command]

[HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command]

[HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command]

[HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command]

[HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command]

For example the bad value will look like (Default) = “malware.exe %1″ %*

The correct value is “%1″ %*. Here are 2 screenshots showing the malware value and the correct value.

In most cases if only exefile branch is affected you can rename c:\windows\regedit.exe to regedit.com, open the registry editor and manually change the vaules. If however the malware changed the settings also for .com files you can use this VBS script (the script affects exe/com/bat/pif/hta extensions) which will change the registry settings to the correct one.