System.BrokenFileAssociation.Setting

[fallenstar21]

I had a virus on my computer and I ran SUPERAntiSpyware in safe mode and it found this: System.BrokenFileAssociation.Setting . It took care of the problems I was having but now every time I run the scanner it stills finds this and says that its going to quarantine it. But the next time I run a scan it still shows up. What should I do to get rid of it once and for all? Any suggestions?

[Seth]

Welcome to the SAS forum.

Please post your latest SAS scan log for review.

The Log is found in SAS's Preferences-->Statistics/Logs. Open the log then copy and paste the log in your reply.

[fallenstar21]

I ran the scan today and as usual its still coming up. Heres the log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 04/19/2011 at 12:14 PM

Application Version : 4.50.1002

Core Rules Database Version : 6797

Trace Rules Database Version: 4609

Scan type : Quick Scan

Total Scan Time : 00:29:53

Memory items scanned : 494

Memory threats detected : 0

Registry items scanned : 1994

Registry threats detected : 1

File items scanned : 8830

File threats detected : 12

System.BrokenFileAssociation

HKCR\.exe

Adware.Tracking Cookie

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@revsci[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@atdmt[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@2o7[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@ads.cnn[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@advertising[2].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@r1-ads.ace.advertising[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@mediabrandsww[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@doubleclick[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@collective-media[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@media6degrees[2].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@casalemedia[1].txt

C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@ru4[1].txt

[Seth]

Please update SAS by right clicking on the SAS icon in the System Tray/Notification Area and choosing "Check For Updates".

Run a quick scan once the update completes. If HKCR\.exe is still detected, open a Customer Support Request and diagnostics can be run on your computer by the SAS developers.

[vcomet]

Hello I am having this same issue even after running that WinXP exe file assoc reg file.

Thanks for any help in this matter!

Here is my latest scan log..

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 05/05/2011 at 05:13 PM

Application Version : 4.51.1000

Core Rules Database Version : 6997

Trace Rules Database Version: 4809

Scan type : Custom Scan

Total Scan Time : 00:08:16

Memory items scanned : 337

Memory threats detected : 0

Registry items scanned : 7677

Registry threats detected : 1

File items scanned : 569

File threats detected : 1

System.BrokenFileAssociation

HKCR\.exe

[SAS Customer Service]

Hello I am having this same issue even after running that WinXP exe file assoc reg file.

Thanks for any help in this matter!

Here is my latest scan log..

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 05/05/2011 at 05:13 PM

Application Version : 4.51.1000

Core Rules Database Version : 6997

Trace Rules Database Version: 4809

Scan type : Custom Scan

Total Scan Time : 00:08:16

Memory items scanned : 337

Memory threats detected : 0

Registry items scanned : 7677

Registry threats detected : 1

File items scanned : 569

File threats detected : 1

System.BrokenFileAssociation

HKCR\.exe

Please trust and allow that detection upon your next scan.

[vcomet]

Thanks for the reply!

Before I make the alert a false positive I decided to check the registry to see if that key HKEY_CLASSES_ROOT\.exe was ok.

Thanks to SAS for drawing attention to that key because I noticed a path in one of the sub keys was pointing to a old malware file nwv.exe (WinXP fake anti-virus).

Here is a screenshot of those keys do I just delete that path to nwv.exe and keep %1" %* as the string?

I am not sure if the other keys are fine in those screenshots?

http://img821.imageshack.us/img821/337/regexe.gif

Thanks again for any help!

[Irving Mainway]

I just had this problem - for the very first time. Multiple scans with latest updates all summer.

I just reported the false positive to SuperSAS and allowed it.

SUPERAntiSpyware Scan Log

Generated 08/09/2011 at 12:26 PM

Application Version : 4.55.1000

Core Rules Database Version : 7536

Trace Rules Database Version: 5348

Scan type : Complete Scan

Total Scan Time : 00:57:20

Memory items scanned : 580

Memory threats detected : 0

Registry items scanned : 6830

Registry threats detected : 1

File items scanned : 30185

File threats detected : 0

System.BrokenFileAssociation

HKCR\.exe

[bobbie2836]

I'm running into the System.BrokenCommand, too. SAS finds it every time (HKCR\.exe) - and quarantines it. Then I can open at least some of the .exe files. But as soon as I reboot, I can't open any .exe files again, until I run SAS.

The only reason I can even run SAS is that I re-named it from .exe to .com.

The computer is Windows XP Home Premium.

This seems to have started when XP Security Center 2011 appeared. Also it looks like there is a Trojan: DOS/Alureon.A on that computer.

Any thoughts?

Bobbie2836

[Seth]

- Run the SAS .exe fix: http://www.superanti..._FixEXEfile.com

- Update SAS by right clicking the SAS icon in the System Tray/ and choose "Check for updates".

- Following the update, run SAS and if the HKCR EXE appears, then Trust/Allow it.

[SAS_Dave]

Thanks for the reply!

Before I make the alert a false positive I decided to check the registry to see if that key HKEY_CLASSES_ROOT\.exe was ok.

Thanks to SAS for drawing attention to that key because I noticed a path in one of the sub keys was pointing to a old malware file nwv.exe (WinXP fake anti-virus).

Here is a screenshot of those keys do I just delete that path to nwv.exe and keep %1" %* as the string?

I am not sure if the other keys are fine in those screenshots?

http://img821.imageshack.us/img821/337/regexe.gif

Thanks again for any help!

Thank you for the screenshot, it looks like SUPERAntiSpyware was not able to write to that key to correct it(maybe permissions issue?). Yes, the "normal" value should be: "%1" %* Thanks again for the follow up post.