I'm stuck

alanvcole
alanvcole used Ask the Experts™
on
Customer brought in a computer that, whenever you attempted to run a .exe file it would load the AOL desktop manager and not recognize the file, of course.  I've had that happen before with spyware and was able to use .com programs to clean up the unit.  This one says that it doesn't know what program to use to open a .com file.  Ran AVG rescue Boot CD and it only found one minor spyware.  Pulled hard drive to another machine as a secondary drive and ran Malwarebytes with again minor infections and still had the same problem.   Tried to do a repair installation of XP "over the top" and get to the 34 minute left mark when "Windows cannot open this file File: rundll32.exe" error comes up.  Any thoughts? or am I looking at wiping the system clean and starting over?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
At this point easiest thing to be to back it up and wipe it. do a complete disk check first.
Kent DyerIT Security Analyst Senior

Commented:
Further to @jeb's response, do a CHKDSK /r which can take quite a while..

You may want to read up on ComboFix as it does detect RootKits as well as Malware and Virii..

I would start here: THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED

HTH,

Kent
Can you run regedit? If so look in your registry under hkey_classes_root\.exe

See if the value there for default is anything other than exefile.

If it is, you can try running this by copying it into notepad then saving it as fix.reg. Once saved double click fix.reg.

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]




How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Once you do the above you should at least be able to run malwarebytes or similar AV program to clean up.
Most Valuable Expert 2011
Top Expert 2011

Commented:
.EXE file assocation fix
http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

However, since you have started a repair, you might need to use that as a guide.....

While in the GUI setup, hit SHIFT+F10 (or F11), and in the CMD prompt, try this....

cd c:\windows
ren regedit.exe regedit.com

regedit.com

Then if regedit launches, use the .reg file to compare the registry keys.....

Actually, if this one exists, delete it.....

HKEY_CURRENT_USER\Software\Classes\.exe

Author

Commented:
problem is I am now stuck in a loop on the Windows reinstallation where I am not getting back into the windows system.

So, can't run programs on this machine - I could try running combofix on the second machine

I DID run CHKDSK /R and FIXBOOT with no results
Can you get into the recovery console? Then you can run the reg fix as a bat file?
Most Valuable Expert 2011
Top Expert 2011

Commented:
"problem is I am now stuck in a loop on the Windows reinstallation where I am not getting back into the windows system."

I was hoping you could use Regedit WHILE in the GUI Mode setup to check/repair the file associations......
Arman KhodabandeIT Manager and Consultant
Commented:
Here is another trick :
Go through windows repairing process once again and when you reach the "Installing devices"
State press "Right  Shift + F10"
A command prompt will popup for you.
Then run tha attached REG file or open registry and import it.
And then close all and let the repair end.
Then watch the result and tell me.
exefix.reg
Top Expert 2013

Commented:
>>  the 34 minute left mark when "Windows cannot open this file File: rundll32.exe" error comes up  <<  could be a bad cd, or a bad cd drive - clean it or try another drive

Author

Commented:
Ok, some progress to report

Was able to do the Shift F10 and got into the registry.  Changed the value for the key .exe from Asklimewire to exefile.  Windows proceeded past the 34 minute and installed.  It got stuck at the end with the Windows Logo and "please wait".  Waited an hour and rebooted.  System said I had to activate windows before getting into windows.  Clicked "OK" and a blank blue screen with the mouse pointer came up and I was unable to proceed any further.  Ran Chkdsk and redid the installation.  Same problems.  I CAN boot into safe mode with command prompt and run regedit.  Is there a way to bypass my issues using the registry?
Top Expert 2013

Commented:
LImewire??    one of the first i uninstall

Author

Commented:
@nobus

That is all fine and good - doesn't do anything to help solve the problem

Author

Commented:
Ok, no answers?  Maybe more points will help
Most Valuable Expert 2011
Top Expert 2011

Commented:
Windows (xp) cound not start because the following file is missing or corrupt   \windows\system32\config\system
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_25203206.html

Disregard the title... I would restore the OS back to a time before this repair was started, and THEN use the reg fix to handle the .EXE associations issue....
Arman KhodabandeIT Manager and Consultant
Commented:
with this situation you'de better have a clean install of xp.
Do you have any good reason for being persistent to keep the current installation?

Try the following as a last chance :
Safe mode >> Start menu >> Run >> Type in : "SFC /scannow"
And put your windows xp installation cd in drive.

Then if it finds a bad file it replaces it from cd !!!

P.s. Do you get that "Wait screen" with windows logo, every time you bootup?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial