How to Remove PC MightyMax 2012

Today I came across this computer.  The main issue was that i was unable to open anything, or run any program.  The .exe extension was associated with wordpad.  Every time I was going to open any .exe file, it would open up notepad.

Another issues that was happening also, is that when I logged in, several about 30 wordpad windows would open up and start displaying random characters.  After closing all the windows, I was left off with nothing to be able to do.

Here is what I did to fix it:

  • This computer was infected with PC MightyMax 2012 malware/virus.  What this virus did is that it associated the .exe extension to wordpad, every time I tried to run a .exe program it tried to open them up with wordpad.  Also the programs that were to run when the computer started, were also opening with wordpad, that was all the wordpad windows that came up when the computer was powered up.
  • What I did is i went to the Start Menu, and went to PC MIghtyMax 2012 folder and selected Uninstall.  This went and removed some files.
  • Then I went to C:\ProgramFiles\PC MightyMax 2012\  and deleted the whole PC MIghtyMax 2012 folder.  I then went and restarted the computer.
  • After that I went and ran a registry repair, to fix the file association of .exe files.  I went to this page: http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html
  • Downloaded and ran this file to change the file association of the .exe extensions

 

Here are the contents of the reg file to make it and use it:

  1. Copy and Paste to notepad
  2. Save As: Default_EXE.reg
  3. Double click and Allow to edit the registry.
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\.exe]
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@=”{098f2470-bae0-11cd-b579-08002b30bfeb}”
[HKEY_CLASSES_ROOT\exefile]
@=”Application”
“EditFlags”=hex:38,07,00,00
“FriendlyTypeName”=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@=”%1″
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
“EditFlags”=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
“IsolatedCommand”=”\”%1\” %*”
[HKEY_CLASSES_ROOT\exefile\shell\runas]
“HasLUAShield”=””
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=”\”%1\” %*”
“IsolatedCommand”=”\”%1\” %*”
[HKEY_CLASSES_ROOT\exefile\shell\runasuser]
@=”@shell32.dll,-50944″
“Extended”=””
“SuppressionPolicyEx”=”{F211AA05-D4DF-4370-A2A0-9F19C09756A7}”
[HKEY_CLASSES_ROOT\exefile\shell\runasuser\command]
“DelegateExecute”=”{ea72d00e-4960-42fa-ba92-7792a7944c1d}”
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers]
@=”Compatibility”
[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\Compatibility]
@=”{1d27f844-3a1f-4410-85ac-14651078412d}”
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@=”{86C86720-42A0-1069-A2E8-08002B30309D}”
[-HKEY_CLASSES_ROOT\SystemFileAssociations\.exe]
[HKEY_CLASSES_ROOT\SystemFileAssociations\.exe]
“FullDetails”=”prop:System.PropGroup.Description;System.FileDescription;System.ItemTypeText;System.FileVersion;System.Software.ProductName;System.Software.ProductVersion;System.Copyright;*System.Category;*System.Comment;System.Size;System.DateModified;System.Language;*System.Trademarks;*System.OriginalFileName”
“InfoTip”=”prop:System.FileDescription;System.Company;System.FileVersion;System.DateCreated;System.Size”
“TileInfo”=”prop:System.FileDescription;System.Company;System.FileVersion;System.DateCreated;System.Size”
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
“exefile”=hex(0):
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\PersistentHandler]
@=”{098f2470-bae0-11cd-b579-08002b30bfeb}”

 After removing all this registry entries, I went and restarted the computer.  When the computer came back up, the notepad windows where gone and everything was restored to normal.  I then went and started an AVG Antivirus scan and removed several objects.  Then I went and started a scan with Malwarebytes, one of my favorite programs to remove malware.  After removing lots of malware objects the computer was clean and good to use.

Comments

So empty here ... leave a comment!

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar