Can not OPen .EXE files

Posted on 2006-11-25
Last Modified: 2011-09-20
One of my friends brought me his computer ( W2K pro, SP1)... He had a slew of viruses and spyware... I would have just brown it away and installed SP4, but he has a lot of software where he has lost the media and can't reinstall.

One of the first hurtles was that all .EXE files were disabled... sort of how Navidad virus works except the .EXE was reassociated with notepad, so all you got was binary junk when you tried to run anything.

I copied regedit.exe to and was able to set HKEY_CLASSES_ROOT_/.exe back to:      exefile           (from notepad.exe 1%)
and set HKEY_CLASSES_ROOT/exefile/shell/open/command to:        "%1" %*

Now, whenever I try to open an .EXE file, all I get is the "File Download" dialog warning Box..."Some files can harm your computer... YadahYadahYadah.. The bottom line is My choices are OPEN  ( which just relaunches another instance of the dialog box), Save ( Which is useless when you want to open an executable), Cancel ( again, not a real useful choice), and More Info...

Anyone have any idea what the registry fix is for this?   I have tried registry mechanic with no success.  ( again, by renaming an .exe to a .com... not a good idea, I know, but any port in a storm...).

Thanks !
Question by:AdminAssociates

Expert Comment

ID: 18016417
Are you able to drop the reg entries for the exefile class and below?

Author Comment

ID: 18017217
I'm sorry... I don't understand your question.  Am I able to DROP the reg entries for the exefile class and below?  I'm sorry if I'm being dense, but I don't know what you mean...

 I was able to run regedit by renaming it to a .COM file, and  set HKEY_CLASSES_ROOT/.exe to read    exefile      and  HKEY_CLASSES_ROOT/exefile/shell/open/command to    "%1" %*

Other then that, I don't know where else to go.  That's what I am asking.

LVL 47

Accepted Solution

rpggamergirl earned 500 total points
ID: 18018775
Download Hijackthis and rename it with a .com extension and scan your system with it.
Make sure that all startup entries are enabled so they show up in the log.

Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> 
and click "Analyse", click "Save".  Then post the link to the saved list here.


Expert Comment

ID: 18037788
Sounds like the same problem I'm having. Except I mistakenly added "REG_SZ" in front of the "%1"%* for the value. Now I can't get into the registry editor at all !!!!!!!

My spyware entry in the exefile\shell\open\command was "msvcrt.exe"  every time I opened a progam it started the "svchost" in a dos window and the program I want fails to open. And I get the "file not found make sure path and libraries" ...yada yada .... when I delete the msvcrt file and try again.

I don't think Hijack will work?? I can't get it to run except with a safe boot with a command prompt. Then CTRL\ALT\DEL to get to task manager then using the run command from there. Now even that won't work.

I'll post my own problem but if anyone finds a way for me to get back into the registry let me know on the post Subject line: Registry Problem - MSVCRT.EXE. Remember "no EXE files run" so loading software is not an option.
LVL 47

Expert Comment

ID: 18162459
Thank you for the points, very much appreciated.
I meant for us to look at the log.

Is your problem resolved? If so, would you mind posting a final comment about the solution in order to help future database searchers, that would be great thanks!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2003 Terminal Server licenses 3 338
Sapphire RAGE 128 Pro 32M - Windows 2000 Driver 2 929
Windows 2000 Server Pagefile.sys Error 7 647
website 1 304
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
: Microsoft Office Collaborate for free and online versions of Microsoft  Word, Excel, Powerpoint, OneNote, Onedrive , Email, Calendar etc. In short we can say that Microsoft office is a suite of servers, applications and services developed by  Micr…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now