Can not OPen .EXE files

Posted on 2006-11-25
Medium Priority
Last Modified: 2011-09-20
One of my friends brought me his computer ( W2K pro, SP1)... He had a slew of viruses and spyware... I would have just brown it away and installed SP4, but he has a lot of software where he has lost the media and can't reinstall.

One of the first hurtles was that all .EXE files were disabled... sort of how Navidad virus works except the .EXE was reassociated with notepad, so all you got was binary junk when you tried to run anything.

I copied regedit.exe to regedit.com and was able to set HKEY_CLASSES_ROOT_/.exe back to:      exefile           (from notepad.exe 1%)
and set HKEY_CLASSES_ROOT/exefile/shell/open/command to:        "%1" %*

Now, whenever I try to open an .EXE file, all I get is the "File Download" dialog warning Box..."Some files can harm your computer... YadahYadahYadah.. The bottom line is My choices are OPEN  ( which just relaunches another instance of the dialog box), Save ( Which is useless when you want to open an executable), Cancel ( again, not a real useful choice), and More Info...

Anyone have any idea what the registry fix is for this?   I have tried registry mechanic with no success.  ( again, by renaming an .exe to a .com... not a good idea, I know, but any port in a storm...).

Thanks !
Question by:AdminAssociates
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 18016417
Are you able to drop the reg entries for the exefile class and below?

Author Comment

ID: 18017217
I'm sorry... I don't understand your question.  Am I able to DROP the reg entries for the exefile class and below?  I'm sorry if I'm being dense, but I don't know what you mean...

 I was able to run regedit by renaming it to a .COM file, and  set HKEY_CLASSES_ROOT/.exe to read    exefile      and  HKEY_CLASSES_ROOT/exefile/shell/open/command to    "%1" %*

Other then that, I don't know where else to go.  That's what I am asking.

LVL 47

Accepted Solution

rpggamergirl earned 1500 total points
ID: 18018775
Download Hijackthis and rename it with a .com extension and scan your system with it.
Make sure that all startup entries are enabled so they show up in the log.

Please download HijackThis 1.99.1
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.


Expert Comment

ID: 18037788
Sounds like the same problem I'm having. Except I mistakenly added "REG_SZ" in front of the "%1"%* for the value. Now I can't get into the registry editor at all !!!!!!!

My spyware entry in the exefile\shell\open\command was "msvcrt.exe"  every time I opened a progam it started the "svchost" in a dos window and the program I want fails to open. And I get the "file not found make sure path and libraries" ...yada yada .... when I delete the msvcrt file and try again.

I don't think Hijack will work?? I can't get it to run except with a safe boot with a command prompt. Then CTRL\ALT\DEL to get to task manager then using the run command from there. Now even that won't work.

I'll post my own problem but if anyone finds a way for me to get back into the registry let me know on the post Subject line: Registry Problem - MSVCRT.EXE. Remember "no EXE files run" so loading software is not an option.
LVL 47

Expert Comment

ID: 18162459
Thank you for the points, very much appreciated.
I meant for us to look at the log.

Is your problem resolved? If so, would you mind posting a final comment about the solution in order to help future database searchers, that would be great thanks!

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
New style of hardware planning for Microsoft Exchange server.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question