My Windows 2008 Server R2 recently got infected with Win32/MewsSpy
I was able to find the virus with the anti Virus program but as one of the issues of the virus is that it renames most file extensions to .Lnk
Is there I tool I can use to get the registry restored to its original before the infection?
It is possible that the device has a value set for the extension under: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk
If it has a UserChoice value, you could try backing up your registry first, and then remove that UserChoice key. This may cause appropriate associations.
I have found at least one other instance where a user indicated they had a similar issue which was caused by the *.exe extension being unregistered by the virus.
Retrieving data ...