0

I have a problem on win XP where every command I run including cmd and msconfig do not run but open as text files for editing. This happened after I manually tried removing the New Folder.exe virus due to the failure of my antivirus to deal with it.

I cannot run cmd unless I go to the exe itself and select the "run as" option from the right click menu. I have tried the properties with no avail. It must be a registry error but I am not sure what entry needs fixing.

9
Contributors
16
Replies
19
Views
6 Years
Discussion Span
Last Post by gerbil
0

A program with an extension of .msi is a "Microsoft Installer" when you right click it can you select anything to in the "Open With..." menu?

Also in the start menu search 'default' without the quotes then hit enter.

Click on the 'Associate a file type or protocol with a program' option.

Scroll down and find .msi, whats the default program? It should be Windows Installer

0

Actually, its very possible that you have 2 anti-Malware programs running in the background. I had this a couple of times on client's computers. Superantispyware and Malwarebytes don't seem to be at all compatible with each other. (These were both installed on both client computers that this occured). Remove one of these (or any other types----never run 2 on any PC or laptop). The problem seems to be that one or the other "sees" the opposition and changes the registry value for .exe files, thinking that its a virus.

If this fails, do as Jac0b suggests, change the extension from ".exe" to ".cmd".

If all else fails, BACK UP your registry and then download and run (double-click) this little reg file----FixReg


As always, report back if you can.


NB----Forgot to mention, if you HAVE 2 anti-malware programs installed, DO reboot after removing one, XP "should" fix the offending entry itself

Edited by Browne77: n/a

0

Adding to that. 2 Antivirus does not work together also. Have you try following our suggestion above. Hope you resolev this problem soon and all the best to you.

0

Hijack trojans often cause this problem. Use Malewarebytes as Jack0b suggested. Boot into safe mode with networking. Download Malwarebyes (or download from another computer). You may have to rename the Malwarebytes executable from .exe to .com. After installing Malwarebytes make sure you run the updater until you get an indication that it is up to date then run a full scan. Reboot into safe mode again and run another full scan. Boot normally and run another full scan.

Good Luck.

0

Hey guys thanks for the response! I don't have much access to the web so I apologize for not responding sooner.

I cannot run cmd commands as those also open as text files. I am trying malwarebytes now and will post if it works or not. But I don't really have my hopes up since I already tried removing it with my antivirus. I will remove it manually.

I will try the registry fix now.

0

Hey guys thanks for the response! I don't have much access to the web so I apologize for not responding sooner.

I cannot run cmd commands as those also open as text files. I am trying malwarebytes now and will post if it works or not. But I don't really have my hopes up since I already tried removing it with my antivirus. I will remove it manually.

I will try the registry fix now.

Well if you can't access any exe files normally and can't run cmd, you can boot into safe mode with command prompt. If you're lucky, you might get an open command prompt running and you can input any key that is needed to repair your problem...

I'm not very good with using cmd so I can't give any good tips to repair your computer... Use this command if you have a windows xp cd

sfc /scannow

Also have you try to open exe files in safe mode and/or in different account?

0

Have you tried Combofix to get rid of the nasty beast? Much recommended.

Edited by jholland1964: file link removed

0

Have you tried Combofix to get rid of the nasty beast? Much recommended.

ComboFix should not be used without any proper guidance. Wrong setup could cost you another reinstall of windows. Surely you don't want that... Even though it was recommended, it's better to avoid using it.

Edited by jholland1964: file link removed

0

ComboFix should not be used without any proper guidance. Wrong setup could cost you another reinstall of windows. Surely you don't want that... Even though it was recommended, it's better to avoid using it.

Quite right, lost the run of myself, just assumed that one would know the risks...If using ComboFix, read first!

Edited by jholland1964: file link removed.

0

Have you tried Combofix to get rid of the nasty beast? Much recommended.

VERY BAD Advice. Combofix is a removal tool for VERY SPECIFIC infections and should NOT be used EVER unless directed to do so by a helper in a Malware Removal forum and this is NOT a malware removal forum and it most certainly would NOT be recommended in this case. The poster has already damaged key files on the machine by taking incorrect steps.

Edited by jholland1964: n/a

0

Cannot open cmd window [shell], or exes in the explorer shell.... you blokes need to check my earlier post. You can use Task Manager [yes, yet another shell] to open the cmd shell. How? Open TM with Ctrl-Shift-Esc, then press Ctrl-New Task ... a cmd instance will open.
Monitors, can we do Jude for trespass...? Tsk.. the very nerve....

0

This is unbelievable. Neither malwarebytes nor the registry fix worked to solve the issue. The there was no msi entry in the default menu.

When posting a reply for things like combofix please be specific I am a Linux user and haven't dabbled with windows for a while(this being one of the reasons why) so I am not really aware of these tools. I will try posting in the malware forums, I thought it was just a simple registry fix which is why I posted it here. Thanks to all who replied but this is gonna take much more work than I thought.

If anyone does have a different solution please post it here this problem is getting ridiculous.

0

One other thing, I don't kow how common it is for malware to use this key in registry, but I know some do... when a process is started the OS checks this key for additional information re flags etc, but it is very possible to use the key to start another process.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
A valid subkey would be similar to this one:
\udtapi.dll Name:CheckAppHelp Value:REG_DWORD 0x1
But you can put in an entry thus:
\msconfig.exe Name:Debugger Value:grogon.exe .... and trying to run msconfig will actually start grogon.exe, which may or may not exist in your sys, be malware, etc. Or you can use a Value:notepad.exe ...
\msconfig.exe Name:Debugger Value:notepad.exe .... which will open a text file with msconfig as content.
Check that key for such Debugger = notepad.exe entries under the subkeys for exes that will not run in your sys, and delete those Debugger entries.
Or do this, and we will check the results with you [post them.. :)]:
==Please copy the text in the box to a Notepad [format/wordwrap unchecked] and save as showkey.bat to your desktop; dclick it to run, then post the file showkey.txt

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s >>c:\showkey.txt
start c:\showkey.txt
pause

Edited by gerbil: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.