fallenstar21 Report post Posted April 18, 2011 I had a virus on my computer and I ran SUPERAntiSpyware in safe mode and it found this: System.BrokenFileAssociation.Setting . It took care of the problems I was having but now every time I run the scanner it stills finds this and says that its going to quarantine it. But the next time I run a scan it still shows up. What should I do to get rid of it once and for all? Any suggestions? Share this post Link to post Share on other sites
Seth Report post Posted April 18, 2011 Welcome to the SAS forum. Please post your latest SAS scan log for review. The Log is found in SAS's Preferences-->Statistics/Logs. Open the log then copy and paste the log in your reply. Share this post Link to post Share on other sites
fallenstar21 Report post Posted April 19, 2011 I ran the scan today and as usual its still coming up. Heres the log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 04/19/2011 at 12:14 PM Application Version : 4.50.1002 Core Rules Database Version : 6797 Trace Rules Database Version: 4609 Scan type : Quick Scan Total Scan Time : 00:29:53 Memory items scanned : 494 Memory threats detected : 0 Registry items scanned : 1994 Registry threats detected : 1 File items scanned : 8830 File threats detected : 12 System.BrokenFileAssociation HKCR\.exe Adware.Tracking Cookie C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@revsci[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@atdmt[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@2o7[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@ads.cnn[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@advertising[2].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@r1-ads.ace.advertising[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@mediabrandsww[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@doubleclick[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@collective-media[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@media6degrees[2].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@casalemedia[1].txt C:\Documents and Settings\2FalleNstaR1\Cookies\2fallenstar1@ru4[1].txt Share this post Link to post Share on other sites
Seth Report post Posted April 19, 2011 Please update SAS by right clicking on the SAS icon in the System Tray/Notification Area and choosing "Check For Updates". Run a quick scan once the update completes. If HKCR\.exe is still detected, open a Customer Support Request and diagnostics can be run on your computer by the SAS developers. Share this post Link to post Share on other sites
vcomet Report post Posted May 5, 2011 Hello I am having this same issue even after running that WinXP exe file assoc reg file. Thanks for any help in this matter! Here is my latest scan log.. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/05/2011 at 05:13 PM Application Version : 4.51.1000 Core Rules Database Version : 6997 Trace Rules Database Version: 4809 Scan type : Custom Scan Total Scan Time : 00:08:16 Memory items scanned : 337 Memory threats detected : 0 Registry items scanned : 7677 Registry threats detected : 1 File items scanned : 569 File threats detected : 1 System.BrokenFileAssociation HKCR\.exe Share this post Link to post Share on other sites
SAS Customer Service Report post Posted May 6, 2011 Hello I am having this same issue even after running that WinXP exe file assoc reg file. Thanks for any help in this matter! Here is my latest scan log.. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/05/2011 at 05:13 PM Application Version : 4.51.1000 Core Rules Database Version : 6997 Trace Rules Database Version: 4809 Scan type : Custom Scan Total Scan Time : 00:08:16 Memory items scanned : 337 Memory threats detected : 0 Registry items scanned : 7677 Registry threats detected : 1 File items scanned : 569 File threats detected : 1 System.BrokenFileAssociation HKCR\.exe Please trust and allow that detection upon your next scan. Share this post Link to post Share on other sites
vcomet Report post Posted May 8, 2011 Thanks for the reply! Before I make the alert a false positive I decided to check the registry to see if that key HKEY_CLASSES_ROOT\.exe was ok. Thanks to SAS for drawing attention to that key because I noticed a path in one of the sub keys was pointing to a old malware file nwv.exe (WinXP fake anti-virus). Here is a screenshot of those keys do I just delete that path to nwv.exe and keep %1" %* as the string? I am not sure if the other keys are fine in those screenshots? http://img821.imageshack.us/img821/337/regexe.gif Thanks again for any help! Share this post Link to post Share on other sites
Irving Mainway Report post Posted August 9, 2011 I just had this problem - for the very first time. Multiple scans with latest updates all summer. I just reported the false positive to SuperSAS and allowed it. SUPERAntiSpyware Scan Log Generated 08/09/2011 at 12:26 PM Application Version : 4.55.1000 Core Rules Database Version : 7536 Trace Rules Database Version: 5348 Scan type : Complete Scan Total Scan Time : 00:57:20 Memory items scanned : 580 Memory threats detected : 0 Registry items scanned : 6830 Registry threats detected : 1 File items scanned : 30185 File threats detected : 0 System.BrokenFileAssociation HKCR\.exe Share this post Link to post Share on other sites
bobbie2836 Report post Posted August 12, 2011 I'm running into the System.BrokenCommand, too. SAS finds it every time (HKCR\.exe) - and quarantines it. Then I can open at least some of the .exe files. But as soon as I reboot, I can't open any .exe files again, until I run SAS. The only reason I can even run SAS is that I re-named it from .exe to .com. The computer is Windows XP Home Premium. This seems to have started when XP Security Center 2011 appeared. Also it looks like there is a Trojan: DOS/Alureon.A on that computer. Any thoughts? Bobbie2836 Share this post Link to post Share on other sites
Seth Report post Posted August 12, 2011 - Run the SAS .exe fix: http://www.superanti..._FixEXEfile.com - Update SAS by right clicking the SAS icon in the System Tray/ and choose "Check for updates". - Following the update, run SAS and if the HKCR EXE appears, then Trust/Allow it. Share this post Link to post Share on other sites
SAS_Dave Report post Posted August 12, 2011 Thanks for the reply! Before I make the alert a false positive I decided to check the registry to see if that key HKEY_CLASSES_ROOT\.exe was ok. Thanks to SAS for drawing attention to that key because I noticed a path in one of the sub keys was pointing to a old malware file nwv.exe (WinXP fake anti-virus). Here is a screenshot of those keys do I just delete that path to nwv.exe and keep %1" %* as the string? I am not sure if the other keys are fine in those screenshots? http://img821.imageshack.us/img821/337/regexe.gif Thanks again for any help! Thank you for the screenshot, it looks like SUPERAntiSpyware was not able to write to that key to correct it(maybe permissions issue?). Yes, the "normal" value should be: "%1" %* Thanks again for the follow up post. Share this post Link to post Share on other sites
