Problems apparently related to lkq.exe virus

What can cause Windows to not know how to run a .exe file?

I seem to have picked up a program somehow called lkq.exe that impersonates a virus protection program. I found the file and changed the name so it couldn’t run, and am in the process of researching a more thorough cleansing method to wipe out any other footprints it may have.

Meantime I am unable to run several programs. I have a shortcut to Windows Explorer, and when I click it I am prompted for which application I want to use to open this file. But it is a .exe file. This is true of several other applications I am trying to run, including Spybot, and Microsoft Security Center (which normally start up at boot). I suspect that the virus has corrupted registry entries for some programs, but I am not knowledgeable enough about the registry to diagnose it.

What can cause Windows to not know how to run a .exe file?

Download to your desktop, and click on it to run the program, which will restore the file association with .exe files.

That worked like a charm! This is a solution to a problem I never even knew could happen. Do you have any idea what the root cause is?

It is an attempt by the virus to 1.) Protect itself by blocking any removal programs, and 2.) Scare you into believing your computer is seriously damaged so you will give them your credit card to make it stop.

It is extortion, pure and simple.

I am a programmer.

In Windows, file extensions (e.g. “.exe”) are associated with attributes in the operating system. Several files, such as .EXE, .COM, and .SCR, get “executed”, which means that the operating system treats the file as a piece of software to be RUN.

Other file extensions, such as .TXT, .DOC, .RTF, .HTM, etc. are registered as DATA file types, that hold computer data, such a text, a word processing document, music, etc., that is OPENED by a piece of software. That is why clicking on a .DOC file will frequently open your word processor.

You (or a hacker) can alter the ways that the operating system handles different file extensions.

Along those lines, if something like this ever hits you again, you can change a file’s extension from .exe to .com or .scr temporarily and it will usually get by whatever nasty hijacked it and allow you to run that program.

I am a programmer, too (well, I used to be before they turned me into a manager) :slight_smile: but I’m not a Windows programmer. It never occurred to me that what Windows does with a .exe is configurable. I know all about how it configures other extensions, but I didn’t know there was a setting you could tweak that make Windows unable to know what to do with .exe. I just figured that was hard-coded into the OS. (In Unix, in contrast, there is no concept of the OS understanding the semantics of extensions.)

If I wanted to reassociate (or completely disconnect) .exe on purpose, what would I do? Or is it a hack? Just curious as to what this thing does under the hood.