Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more


Can't run .exe .lnk or .com files

Posted on 2004-09-13
Medium Priority
Last Modified: 2012-05-05
Here a challange that has been left to linger before. Six months have passed. Are we wiser today?...

I have exactly the same problem as seen before in the question with almost the identical title (this text is from the former e-mail):

" Booted PC and all shortcuts and program menu items have icons changed to default icons and names changed to *.lnk, etc.  Double clicking shortcut or .exe or .com file invokes the windows dialog box 'Windows cannot open this file' and invites an association to be defined.

PC seems OK otherwise.  Some program (e.g. Outlook) shortcuts not modified.  Can run some programs by 'backdoor'; e.g. can run IE6 by clicking on the 'web' option in the 'cannot open file' dialog box."

This question was never answered with a working solution!

Seems to be the result of a serious virus attack. BOOM! Black screen... (not blue). Autoreboot. And suddenly almost nothing works. Antivirus and Firewall was in place and working when it happend ?!?

There are worms that do this kind of thing. But I have never seen anything as bad as this:

cannot run exe-files
cannot run com-files
cannot run reg-files
cannot run .lnk-files (they are pointing in the wrong "direction"..)

Will not boot to ANY of the safe modes (restarts automatically) - not even command promt.

I tried the solutions to the sirc-worm, but they cannot be used because renaming exe-files to com does not work.

There are no system... sam... hives... files that I trust to be in working condition.

The upside: I can make dual boot to WIN98. And I can boot to WIN98 floppy. And I am NOT using the NSFT-file system. I can log-on as a user or administrator and I can go to the internet with iExpl. or Mozilla.

For now I have moved the harddrive to another machine and made sure there is no (longer? any) virus present (checked, double cheked, 3x, 4x...).

What I need is to be able to edit the registry from a working machine or disk setup and somehow reset the registry to its "default" settings. Just getting to edit the registry would be a great first move!

Would really, really, really hate to have to do a clean reinstal on this machine.

Right now downloading a Linux iso.-file so I can at least save the data.

Question by:maiaibing
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 59

Expert Comment

ID: 12050027
Too bad you don't have WinXP as the other system; it is possible to do "offline" registry editing in WinXP directly with Regedit, but I don't believe it is possible in Win98  (however, I am away from a Win98 machine right now so cannot say for sure...) Anyway, try this:
Windows Registry File Viewer 2.0  
 Viewer for standalone files containing Windows registry hives (e.g. NTUSER.DAT, SYSTEM.1ST, SAM, etc.).
It features extended registry searching, registry dumping and exporting to REGEDIT4 format and detailed key information including security (NT) and hash values.
For NT registry value of type REG_RESOURCE_LIST here's Resource information in Data View.
 Target platforms
 MS Windows 9x, MS Windows ME, MS Windows NT 4.x, MS Windows 2000, MS Windows XP, MS Windows Server 2003
LVL 59

Expert Comment

ID: 12050045
What you download is a program called wrf_trial.exe.  I haven't yet had a  chance to try it.  Don't know if you can do editing; from the name alone, it seems you can only view, export, etc.  However, if you can export, then you can edit the exported registry file in a regular text editor like Notepad, then try importing back into the affected registry...

Author Comment

ID: 12058417
OK-I can reach out and feel those bytes crawling - thank you very much for the tip.

I am now looking at the different system files.

I can export the different file info fro the viewer by sending it to a a "dump"-file that reflects the information in the system file. But I only get this ".dmp"-file, that I can ave and read in Notebook - but which is a txt-only file.

1) How do I transform the txt-info to a new registry system file?
2) Which are the files I need to make sure to "clean out" (that is: what are ALL the names of the files that make up the info I see in RegEdit? I have covered the SYSTEM and SAM files so far.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 12058496
IMPORTANT! also says I can export to REGEDIT4 file format. Maybe that can help out in creating a useable file for editing in Notebbok inorder to make new XP system files?

Author Comment

ID: 12058740
Suddenly thought time this could be my solution:

"Accepted Answer from CrazyOne
Date: 10/04/2003 09:55PM PDT

Open regedit
Click on the HKEY_LOCAL_MACHINE hive
Go to menu File > Load Hive
And look for and load all or selected hives from the...
If they are XP hives TheDrive\WINDOWS\system32\config
If they are Win2000 hives TheDrive\WINNT\system32\config

and these are the hives


I also  have the dead system HHD mounted on another XP machine now and can read the disks files. But the solution above does not seem to work for me, because when I try to access the SYSTEM hive in G:\windows\system32\config\ I get an "access denied" error message.

I am missing something?
LVL 59

Accepted Solution

LeeTutor earned 1000 total points
ID: 12060571
All right, now that you are editing the offline registry on an XP machine, I will quote below what I copied and edited from several answers by an XPert named OBdA:

Boot up in a parallel copy of XP.


If the information you want to access was in HKEY_CURRENT_USER: Highlight HKEY_USERS, choose "Load hive" from the File menu, open

C:\Documents and settings\<UserProfileName>\ntuser.dat.

When asked for a name, choose "OldProfile" (or whatever other easily remembered name you choose).  Access/backup the keys you're interested in. Once you're done, highlight the "OldProfile" key, choose "Unload hive" from the file menu.

If the information you want to access was in HKEY_LOCAL_MACHINE\System or in HKEY_LOCAL_MACHINE\Software: Highlight HKEY_LOCAL_MACHINE, choose "Load hive" from the File menu, open




(no extension). When asked for a name, choose "OldSystem" or "OldSoftware" (or whatever). Access/backup the keys you're interested in. Once you're done, highlight the "OldSystem" or "OldSoftware" key, choose "Unload hive" from the file menu.
LVL 59

Expert Comment

ID: 12060581
If you are getting access denied, you may have to try this:;en-us;308418
HOW TO: Set, View, Change, or Remove File and Folder Permissions in Windows XP

Author Comment

ID: 12068494
Thanks - I'm at it just now.

Now sure it was a virus. The default exefile key has been changed (and then some).

Maybe something new? It defeats all worn/trojan tools I have found on the net so far, like Symantecs reset registry default tool.

It has even removed the right click option of installing non-exe/com-files!


Author Comment

ID: 12097346
I am closing this question now. Allthough it was not solved I give LeeTutor 500 pts. for getting me almost accross the finishing line. In the end I could not evaluate wheather or not I had cleaned out all posible changes made by the virus in the various registry files. So I went for a complete reinstall.

The only way I could get all the way into the registry file was through a bootable Linux disk called - and made by - "Knoppix". Great tool!

On 16 September (about a week after the attack) Microsoft set out a security update that should take care of the problem for now. However I have still to see any anti-virus site post a tool that can handle this kind of attack...

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article ( first and run the tool TDSSKiller ( to get rid of the infection. Once done, and if the …
cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question