Malware Changes to shell\open\command

Malware can load from a variety of different places on your PC. In addition to the more common modifications to Windows auto start entry points, malware may leverage the shell open command. This allows it to register itself as the handler for certain file types and thus the virus, worm or Trojan loads when any of these file types are called. If the malware is deleted before the registry edits have been corrected, the system will not load Windows properly (or at all), because the 'handler' specified in the registry for these file types no longer exists. (The 2001 Sircam worm was one of the earliest examples of widespread malware using this technique). Here's how to identify and correct malware changes to the shell\open\command.