• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 290
  • Last Modified:

Can not OPen .EXE files

One of my friends brought me his computer ( W2K pro, SP1)... He had a slew of viruses and spyware... I would have just brown it away and installed SP4, but he has a lot of software where he has lost the media and can't reinstall.

One of the first hurtles was that all .EXE files were disabled... sort of how Navidad virus works except the .EXE was reassociated with notepad, so all you got was binary junk when you tried to run anything.

I copied regedit.exe to regedit.com and was able to set HKEY_CLASSES_ROOT_/.exe back to:      exefile           (from notepad.exe 1%)
and set HKEY_CLASSES_ROOT/exefile/shell/open/command to:        "%1" %*

Now, whenever I try to open an .EXE file, all I get is the "File Download" dialog warning Box..."Some files can harm your computer... YadahYadahYadah.. The bottom line is My choices are OPEN  ( which just relaunches another instance of the dialog box), Save ( Which is useless when you want to open an executable), Cancel ( again, not a real useful choice), and More Info...

Anyone have any idea what the registry fix is for this?   I have tried registry mechanic with no success.  ( again, by renaming an .exe to a .com... not a good idea, I know, but any port in a storm...).

Thanks !
1 Solution
Are you able to drop the reg entries for the exefile class and below?
AdminAssociatesAuthor Commented:
I'm sorry... I don't understand your question.  Am I able to DROP the reg entries for the exefile class and below?  I'm sorry if I'm being dense, but I don't know what you mean...

 I was able to run regedit by renaming it to a .COM file, and  set HKEY_CLASSES_ROOT/.exe to read    exefile      and  HKEY_CLASSES_ROOT/exefile/shell/open/command to    "%1" %*

Other then that, I don't know where else to go.  That's what I am asking.

Download Hijackthis and rename it with a .com extension and scan your system with it.
Make sure that all startup entries are enabled so they show up in the log.

Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

Sounds like the same problem I'm having. Except I mistakenly added "REG_SZ" in front of the "%1"%* for the value. Now I can't get into the registry editor at all !!!!!!!

My spyware entry in the exefile\shell\open\command was "msvcrt.exe"  every time I opened a progam it started the "svchost" in a dos window and the program I want fails to open. And I get the "file not found make sure path and libraries" ...yada yada .... when I delete the msvcrt file and try again.

I don't think Hijack will work?? I can't get it to run except with a safe boot with a command prompt. Then CTRL\ALT\DEL to get to task manager then using the run command from there. Now even that won't work.

I'll post my own problem but if anyone finds a way for me to get back into the registry let me know on the post Subject line: Registry Problem - MSVCRT.EXE. Remember "no EXE files run" so loading software is not an option.
Thank you for the points, very much appreciated.
I meant for us to look at the log.

Is your problem resolved? If so, would you mind posting a final comment about the solution in order to help future database searchers, that would be great thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now