cannot open a WMV

Billy Murdoch · Post by **Billy Murdoch** » 11 Jun 2010 3:44 am

Until yesterday I was able to open WMV files sent in E mails.
Now when I click on them nothing happens.
Any ideas?
Billy

Jack Stoner · Post by **Jack Stoner** » 11 Jun 2010 4:05 am

Did you update anything? or delete anything?

Since it worked OK, use the System Restore and restore the PC back to a date when it did work, that should take care of it.

System Restore can be accessed from Start/Programs/Accessories/System Tools. System Restore will not delete any user data or e-mails.

Wiz Feinberg · Post by **Wiz Feinberg** » 11 Jun 2010 8:10 am

Reboot your PC and try again. If you run System Restore to a date prior to Patch Tuesday you could accidentally wipe out this week's Windows Updates.

Jack Stoner · Post by **Jack Stoner** » 11 Jun 2010 9:35 am

Wiz, that could be the problem, an update. The updates can always be downloaded and installed again.

Billy Murdoch · Post by **Billy Murdoch** » 12 Jun 2010 1:06 am

Thanks Gents for the help.
I still have the problem after resetting.
Thinking back,I did inadvertantly download "Bear Share" thinking I was downloading a song.
I had not really wanted a "share music thing" so a little while later I uninstalled Bear share.I cannot seem to get rid of the bear share toolbar even though I have deleted everything I see referring to bear share.I wonder if it has set the wmv to play on their player?
Best regards
Billy

richard burton · Post by **richard burton** » 12 Jun 2010 1:46 am

Why can't you right-click on the file and tell it to open with Windows Media Player, regardless of whatever player is set as the default?

Billy Murdoch · Post by **Billy Murdoch** » 12 Jun 2010 5:10 am

Richard,
When I right click and then click "Open" nothing happens !
Billy

Post by **Dave Mudgett** » 12 Jun 2010 6:06 am

If you google bearshare, you'll see that the free version installs the Zango adware program. A great many sites and spyware programs label bearshare as adware/spyware. You may have to go through a more involved spyware/malware removal process to completely rid yourself of this thing. Googling bearshare gave links to threads outlining that process in the first several hits - obviously this has been a problem for some time. Personally, I don't really trust any peer-to-peer file sharing programs, and apparently that's what bearshare is. When you downloaded bearshare, it was undoubtedly a .exe file - that would be a very good clue that you should not open it without investigating it very carefully. If you use the windoze default of not showing file types, I strongly suggest you change it so those file types show. That option is in the Folder Options/View tab.

You also may need to reset the filetype association. Perhaps, when bearshare installed, it reset the file association to automatically open wmv files (and perhaps other file types), and when you uninstalled it, you lost the file association. On winxp, probably the easiest way to do this is to right click a wmv file, click open, and hopefully an "Open With" dialog box comes up. If it does, either select the program you'd like to use among those given, or if it isn't given there, hit the browse button and navigate to it. Then make sure the "Always use the selected program to open this kind of file" box is checked, click OK. If this doesn't work, you'll probably need to go to Folder Options/File Types tab and reset it there. There may be differences in procedure for other windoze OSs, but it ought to be similar.

Andy Sandoval · Post by **Andy Sandoval** » 12 Jun 2010 7:08 am

Try what Richard suggested. Right click on the file and choose "open with" than choose what you want to open it with and check the box below that says "always use the selected program to open this type of file". This will reasign a default player.

Wiz Feinberg · Post by **Wiz Feinberg** » 12 Jun 2010 8:23 am

Since you have installed spyware on your computer you will have to also install an anti-spyware tool that recognizes Zango and removes its various toolbars, files and settings. Try Malwarebytes Anti-Malware first. If that doesn't remove Zango, download Spybot Search and Destroy.

After you download and install either program, run a check for updates and apply all protections available to you. Then, run a system scan to detect and remove the spyware and adware infections.

Billy Murdoch · Post by **Billy Murdoch** » 13 Jun 2010 6:50 am

Thanks everyone for Your help.
The problem seems to have been fixed.
I did also notice that My broadband connection was slower than normal and got some advice from My provider.I am now up to speed and able to see all WMV's
Best regards
Billy

Wiz Feinberg · Post by **Wiz Feinberg** » 13 Jun 2010 7:16 am

Billy Murdoch wrote:Thanks everyone for Your help.
The problem seems to have been fixed.
I did also notice that My broadband connection was slower than normal and got some advice from My provider.I am now up to speed and able to see all WMV's
Best regards
Billy

How was it fixed? Did you use one of my recommendations?

Billy Murdoch · Post by **Billy Murdoch** » 13 Jun 2010 10:32 am

Wiz,
I tried Anti-malware first but after the initial scan it only removes about 20 of the many problems it finds then promts You to buy the full version.
A family friend suggested deleting and re-installing windows media player which then gave me the option of having media player the default player for WMV's.
At the same time I had noticed a slowing down of My download speed and after switching off the modem and re-starting after 30 seconds I returned to the expected download speed.
Having said all that I am not absolutely sure which operation cured My problem.I tend to think it was the reduction in the download speed.
Thanks again for Your help.
Billy

Wiz Feinberg · Post by **Wiz Feinberg** » 13 Jun 2010 12:06 pm

Billy Murdoch wrote:Wiz,
I tried Anti-malware first but after the initial scan it only removes about 20 of the many problems it finds then prompts You to buy the full version.
Billy

Billy;
Something is wrong with that statement. Malwarebytes Anti-Malware sets no limits on how many infections it will remove, whether you have the free or paid version. It is the same program, just additional features get unlocked if you pay for it. I use it every time I disinfect a customer's computer and sometimes MBAM will detect and remove dozens of malware infections, at no cost and without any prompts to buy a license.

So, I think I should ask you where you downloaded Malwarebytes Anti-Malware? Did you use the link I provided in my previous reply? Or, did you search the web and click on a poisoned search result??? There are many fake anti-malware programs the pretend to be a name brand, but are not. You may have in fact downloaded another malware infection, if it demands payment to remove over 20 threats.

Billy Murdoch · Post by **Billy Murdoch** » 13 Jun 2010 1:22 pm

Hi Wiz
I used the link You posted.
Billy

I have just run it again and it fixed 15 errors and prompted Me to buy the full version to fix the remaining errors.

Wiz Feinberg · Post by **Wiz Feinberg** » 13 Jun 2010 9:54 pm

Billy Murdoch wrote:Hi Wiz
I used the link You posted.
Billy

I have just run it again and it fixed 15 errors and prompted Me to buy the full version to fix the remaining errors.

Billy;
Please do me a favor and open Malwarebytes Anti-Malware on your PC, then click on the tab labeled "About." Tell me the exact program and copyright name and version number shown on the About page.

I have never seen the real MBAM ask anybody to register to remove more threats.

When you downloaded the program through the link on my website, was it from http://www.malwarebytes.org/mbam.php?

I would also like to ask you to open your HOSTS file in Notepad to see if DNS poisoning has been performed by the malware you installed earlier. Navigate to C:\Windows\System32\Drivers\etc\. You will find a file in that folder named HOSTS. Right click on it and choose Open With, then select Notepad. Look for any entries listing malwarebytes.org, or Microsoft, or any other security company website by name. Let me know if you find anything like that in HOSTS.

To remove poisoned DNS entries from HOSTS, simply highlight and delete them, then Save As (all files) HOSTS. If Windows adds a .txt extension, remove it by renaming the file to just HOSTS.

Wiz Feinberg · Post by **Wiz Feinberg** » 13 Jun 2010 10:02 pm

In case any of you are wondering where I am going with this line of questioning, Billy's computer had been compromised. There are a lot of malware families that will redirect the people trying to remove infections so that they end up downloading rogue security programs, instead of the real ones. This is called DNS poisoning and cam be easily done by modifying the HOSTS file on a Windows PC.

Billy Murdoch · Post by **Billy Murdoch** » 14 Jun 2010 12:31 am

Hi again Wiz,
When I booted My computer this morning a scan began running and when finished I was again prompted to buy the full version to fix all errors.
I had thought I deleted the application yesyerday.
However I went once again using the link You gave Me and again I had the same results.
When I click the About tab I get only....
Advanced Registry Optimiser 2010 6.0
Trial Version.
There are no other relevant numbers
This had been downloaded from the aforementioned link and It was from CNET.
More to follow as I progress with Your instructions
Billy

Mitch Drumm · Post by **Mitch Drumm** » 14 Jun 2010 12:59 am

Billy:

Advanced Registry Optimizer is likely bogus and a result of your infection. When you click the about tab in Malware Bytes, you should see something like this:

And I don't think Malware Bytes should run just because you boot your computer. Your infection has taken over and is forcing itself on you by running every time you boot, showing you that message, and hoping you are foolish enough to send them money or call them. DON'T DO THAT.

I'd guess your infection prevented you from installing the legit Malware Bytes or is preventing you from running it.

Try booting into Safe Mode (access by f8 or maybe f11 when you reboot). The screen will look goofy, but you should be able to access Malware Bytes from there and run it.

From safe mode, can you then see a screen like the above when you go to the "about" tab??

If you see a screen like the above, you should be in the legit Malware Bytes and should be able to run it.

I've run it dozens of times and have NEVER been asked to buy anything.

If you can't get to a screen like the above, wait for more advice from Wiz. Something's still got hold of your PC.

You can also try the other program Wiz mentioned (Super Anti Spyware). It works well and is very similar to Malware Bytes.

Billy Murdoch · Post by **Billy Murdoch** » 14 Jun 2010 1:46 am

[quote]Navigate to C:\Windows\System32\Drivers\etc\.

This will illustrate My knowledge of computers.
I have been trying without success to locate this folder.
I click start then I have tried "search" and also "Run" but I am getting nowhere.
Thanks
Billy

Mitch Drumm · Post by **Mitch Drumm** » 14 Jun 2010 2:13 am

You don't need to use search or run.

Just use Windows Explorer.

Start with C and then the subdivision Windows and then its subdivision System 32 and then its subdivision Drivers and then its subdivision Etc.

Notice the Hosts file on the right side. That is what Wiz is referring to.

Wiz Feinberg · Post by **Wiz Feinberg** » 14 Jun 2010 8:18 am

Billy;
Your PC has been hijacked by a rogue optimizer and probably other companion applications, all designed to scare you into paying to obtain results. These programs come from Russia and the Ukraine. They were written by programmers who work for Russian criminals in Saint Petersburg, Russia.

Since the rogue registry optimizer has taken control of your PC, you have to follow a different path to carry on the fight. You need to decide whether you have the parts to fight this thing yourself, or whether you should take the PC to a service depot and let them reinstall Windows for you. Your data files would be at risk during that process, so they would need to be backed up to a thumb drive.

If you choose to enter this fight you can proceed here, with my suggestions below, or go to the Malwarebytes help forums, or the BleedingComputer forums. You would need to sign up for a membership and open a new topic about your problem in the Malware Removal forum. Do not post your problem in another person's topic, or you will be booted off the forums.

We are not a malware removal forum, they are. The best suggestions I can offer to you are as follows.

Download a fresh copy of "Malwarebytes' Anti-Malware" (exact spelling) from the company itself, at: http://www.malwarebytes.org/mbam.php.
If malware blocks or redirects you when you try to download MBAM from malwarebytes.org, use the download links on Major Geeks
Save it to your desktop but do not attempt to open or run the file yet.
Reboot your PC into Safe Mode With Networking. To do this, restart, then begin tapping the F8 key constantly, until you get a black screen with much white text, called the Boot Menu. The second of the upper boot options is Safe Mode With Networking. Use the up/down arrow keys to highlight that option, then press Enter.
When your PC reboots into safe mode you will come to a Welcome Screen with two accounts displayed: your usual account and Administrator. For now go into your own account, supplying a password if you use one.
Accept the "You are in Safe Mode..." pop-up notice to continue.
Locate the file you downloaded from Malwarebytes.org. It should be named mbam-setup.exe
If that is not the file name, you were redirected to a hostile download site by your infected PC. In that case you must download it from a location unknown to the malware. See the alternate download link above.
IMPORTANT: Since malware is preventing the real MBAM from running you must rename the setup file before running it. With the actual MBAM setup file on your desktop, rename the file's prefix to a random name of your choosing. Leave the .exe part alone. E.g.: flubbydust.exe. Do not include "mbam" in the name or it may be blocked.
Double click on the renamed file and install MBAM. Accept the default setup options, including the option to update immediately and scan after setup completes.
At this point you will find out if your infector has a component that prevents security programs from executing. If MBAM closes instantly, rather than running a prolonged and successful malware scan, you have an anti-exe infector and will need to go to the Malwarebytes or Bleeding Computer forums, or have Windows reinstalled.
If MBAM runs it will find many infections, then halt and display a button on the bottom labeled "Show Results"
Click the button to open the results in a page of descriptions, all preceded by check boxes. Make sure everything is checked, then click the Fix Selected button.
Once the fixing is done you will get a pop-up notepad page showing the results of the scan and cleansing operation. Dismiss it for now. You may also get a pop-up notice that you should reboot and let MBAM scan as Windows restarts. Do so!

Chances are good that this will clean your PC of the rogue optimizer and its companions. This is because MBAM specifically targets rogue security programs. Continue running MBAM until no more infections are reported.

Once you enter normal Windows mode open MBAM and go to the Update tab and check for updates. Sometimes they are released multiple times daily. Since you probably don't know how you acquired the rogue optimizer infection, you need real time protection to prevent it from happening again. That is where paying to register MBAM comes in handy. Registering it turns on automatic updates, automatic scheduled scans, blocking of known malware before it installs, and what is knows as IP blocking (of known hostile locations serving malware). For $25 for life that it a great bargain and it really does remove ALL threats it identifies. You need realtime protection and automatic updating to stay protected from rogue downloads like the one you acquired. It also earns me a small commission ;-)

Billy Murdoch · Post by **Billy Murdoch** » 14 Jun 2010 8:29 am

Wiz,
Many thanks for taking the time to analise My problem.
Most of Your advice is well above My limited understanding but My nephew will know what it means and will help.
If I were to do nothing about this infection/intrusion,would it harm My computer?
Best regards
Billy

Wiz Feinberg · Post by **Wiz Feinberg** » 14 Jun 2010 9:26 am

Billy Murdoch wrote:If I were to do nothing about this infection/intrusion,would it harm My computer?
Best regards
Billy

YES! This is a Trojan infection that is fully capable of downloading additional components when ordered to do so by the criminals who wrote and dispensed this malware. The rogue program may contain rootkit capabilities, allowing the people behind the malware to do as they please with your PC. Right now they are trying to scare you into paying. Tomorrow the program could be instructed to encrypt all of your files until you pay a ransom, or else could download so many companion infections that the PC becomes unusable.

Furthermore, the malware is redirecting your attempts to go to security websites like malwarebytes.org and it may also prevent you from obtaining authentic Windows Updates, or Flash updates. It has modified your HOSTS file and possibly another system file that is referred to as the TCP/IP DNS Layer. I have fought these rogues and can tell you that this is a serious infection, not to be trifled with.