If you’re a ‘techie type’ and you’re anything like me, then you are probably constantly getting calls for computer help from friends and family all over the place. And probably also just like you, keeping food on the table and a roof overhead keeps me as quite a busy guy.? But all of those concerns somehow come to a screeching halt when Mother Dearest sends you a email message that says something like this:
Honey, I know you’re busy, but I’m having major computer problems and I can’t do any work! I understand if you can’t get to it for a while, but just let me know. If so, I’ll have to call Geek Squad.
NOOOOOOOOOOOOOOOOOOOOOO! You and I both surely know one true thing: Friends don’t let friends, and sons don’t let mothers, call Geek Squad to solve their tech issues!
This actually happened to me today. Fortunately for my mom, although I’m busy, I love her too much to let her throw her money down the drain only to worsen the issues that are crippling her computer. Since I live in Redding, Northern California and my mom lives hundreds of miles away in the Long Beach area, putting hands on her computer in person just isn’t an option. In most cases, I have been able to solve her minor problems using any garden variety remote desktop utility (for example, Windows Remote Desktop, RealVNC, LogMeIn, etc.). But in this particular case, things got just a wee bit trickier.
How to remotely remove the infamous ‘Xp Home Security’ malware virus
My mom’s vintage Dell running Windows XP SP3 somehow got infected with the famous ‘XP Home Security 2011’ pseudo anti-virus (but really virus) malware. Like many PC infections of this type, it’s preventing me from running my favorite virus and malware removal tool: Malwarebytes’ Anti-Malware.
OK, Kyler… get to the point! How do I run MBAM if the virus is preventing me from opening it? And remotely?!? (Hint: Safe Mode!)
Just a little Googling just now revealed that my favorite easy-to-use remote desktop utility LogMeIn (which is also famously free for personal use) will permit you to remotely restart a computer into Safe Mode With Networking and with LogMeIn ready for remote control! Windows Safe Mode is what you will need to reboot the computer into before you can run Malwarebytes’ Anti-Malware without the malware and/or virus causing it to be killed before running. Once remotely booted into Safe Mode With Networking, you’ll be able to remotely run this or other virus/malware removal tools to get your job done.
How to do this:
- Have LogMeIn installed on the remote computer and running (see LogMeIn.com for details on this)
- Connect to your infected remote computer
- On the left sidebar of the initial remote computer page, click on ‘Preferences’
- Click ‘Advanced Settings’
- Under ‘Reboot Options’, click on ‘View Reboot Options’
- Choose ‘Safe Mode Reboot’
- Be sure that any bootable media is removed from the remote computer (OS CDs, boot discs, floppies, etc.)
- If you are ready for the remote computer to reboot, click on ‘OK’
The remote computer will reboot and, after about a normal boot cycle’s delay and almost like a magical miracle, the remote computer will become available again in your list of LogMeIn computers. You can then reconnect, initial remote control and git er dunn!
If you are in the Nampa, ID area and need help with healing your computer of viruses or mal-ware, or other Mac or Windows issues, please feel free to contact me to arrange a service call in your home or business.
I just dealt with that virus as well and it was a particularly nasty one. I have one question as I am looking at purchasing a LogMeIn license. How do you run the LogMeIn app on the infected computer. The one I was working on had no file association with .exe, .msi, or .com so I was unable to run anything even after I got rid of it until I fixed the registry. I was not able to do much at all in normal boot mode due to the popups. Were you able to run and work in normal mode?
Chris,
Sorry for the delayed response. Have you already figured this issue out?
I would say that putting the executable on a CD or a USB drive would be the way to run it in Windows Safe Mode. Make sure that you boot the computer in ‘Safe Mode with Networking’.
Let me know if you’d like further assistance. -Kyler
Getting a program to run when the .com, .msi, and .exe extensions have been hijacked is a little tricky, but typically this works:
Method 1:
If you get an “open with” box when attempting to open a particular program, then tell it to open with itself. If this is your symptom you can launch cmd.exe with itself and then launch anything from it. Also, you may be able to go to safe mode and get this box
1) Start > Run > Cmd
2) In the “Open With” box, click the “Browse” button
3) Navigate to C:\Windows\System32\cmd.exe and click open
4) This will bring you back to the “Open With” box, click Open on this window.
5) navigate to the location of the file you would like to open (using cd command), and type in its filename.
———-
Important note:
If you’re feeling adventurous, you can have the person working the computer open regedit and modify:
HKEY_CLASSES_ROOT\exefile\shell\open\command\default –it should be “%1 “%*
and
HKEY_CURRENT_USER\.exe\shell\open\command\default –it should be “%1 “%*
(from your post it looks like you knew about these keys)
————————–
Method 2:
Identify a program that does open, and rename the executable you are trying to run to that name. Examples of programs that typically still work: iexplore.exe (for internet explorer) explorer.exe (for the windows ui), winlogon.exe, and csrss.exe.
Method 3:
Use compatibility mode. When you run a program using Windows compatibility options it essentially runs the program in an emulated or virtualized environment and most times this environment is unaffected by the extension hijacks.
Kyler! Thanks for the tip! I didn’t know that the free version of logmein could reboot into safe mode remotely! Now I can let Malwarebytes work its magic on this stupid “Live Security Platinum.” You just saved me about 3 hours of driving! Aloha!
Jim, I’m glad that it worked for you! I was really happy to have found it myself. Godspeed!