Re: Windows Shell Problem ?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Ramesh [MVP] (ramesh_at_nojunkmails.com@mvps.org)
Date: 12/12/04

• Next message: Ramesh [MVP]: "Re: Windows Shell Problem ?"
• Previous message: &re: "Re: Sloooooooooooooowww Comptuer"
• In reply to: cquirke (MVP Win9x): "Re: Windows Shell Problem ?"
• Next in thread: Ramesh [MVP]: "Re: Windows Shell Problem ?"
• Reply: Ramesh [MVP]: "Re: Windows Shell Problem ?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sun, 12 Dec 2004 23:04:42 +0530

>> if you can't run Regedit (it's an .EXE, right?) then you copy Regedit.exe to SomeName.xxx, where xxx can be bat, com, cpl, pif etc.

Or, using RunAs from Command.

Example: "RUNAS /USER:Administrator C:\windows\regedit.exe"

Type-in the credentials.

-- 
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"cquirke (MVP Win9x)" <cquirkenews@nospam.mvps.org> wrote in message news:ot1nr090vcnhbpqbs4p9gm7jefd698cifr@4ax.com...
On Sat, 11 Dec 2004 09:22:52 -0500, "John Smith" <uh-uh@nowhere.com> 
>I hope you get an answer to this, because I have the same problem on my
>desktop. I posted to this group about it , but all I got was that I should
>reinstall/repair XP - which, as you have found out, won't work. Other than
>that, no one else has offered any kind of constructive advice.
Do a formal virus scan - you may have an exefile association stealer
on your hands; a tactic popular when RATs were going large.
Within the registry are two branches that affect file associations
(what happens when files of various types are "opened").  These are
combined as HKEY_CLASSES_ROOT when viewed via RegEdit.
The linkage is usually in two parts.  First there's the .ext (in this
case, .exe) that points to an aggregate file type (in this case,
should be exefile).  Then the aggregate defines what program is to be
used to run that file.  Now an .exe should run itself, via this line:
"%1" %*
That means, "run yourself and whatever parameters were thrown at you".
If you see something like this...
C:\eyykjq.exe  "%1" %*
...then there's a hostile .EXE that's now patched in to run before any
.exe you try to run, which allows the malware to get "air superiority"
from which it can strike down attempts to clean it.
If the malware file's deleted, without cleaning up this registry
intrusion, you may find no .EXE run - because the program "needed" to
run them is no longer there.
If you opted for NTFS because it was "more secure", well, this is
where you get stuck with the booby prize.  Off you go to...
http://cquirke.mvps.org/whatmos.htm
...where you will try to find something that can formally (i.e.
without running the malware first) scan and fix the PC.  Trend have a
good free cleaner; it catches more than Stinger, and can be used from
"Safe Command Only" (which isn't safe enough for everything).
If you're on FAT32, then it's easier - you can at least boot from a
DOS mode diskette and run one/all of these free (F-Prot) or
free-for-evaluation DOS-based av:
www.f-prot.com
www.nod32.com
www.sophos.com
First, scan but don't clean and save the log of what is found.
Research what you find for caveats; there may be traps that the wrong
clean-up method could fall into.  The clean as you can.
Once cleaned, you can turn to getting .exe files to work again.  That
can be easy if the malware just grabbed .exe -> exefile (typically as
I described, via patch-in to exefile's action).  Or it can be harder,
if the malware does things I won't elaborate on right now.
The usual fix is to manually repair the association via Regedit, and
if you can't run Regedit (it's an .EXE, right?) then you copy
Regedit.exe to SomeName.xxx, where xxx can be bat, com, cpl, pif etc.
If that doesn't work - and that can happen - then retry from other
user accounts (safe Mode is the first thing to try).  If no joy, say
so in your reply and we'll se if we can out-medieval the beast.
>-------------------- ----- ---- --- -- - -  -   -
  Running Windows-based av to kill active malware is like striking 
  a match to see if what you are standing in is water or petrol.
>-------------------- ----- ---- --- -- - -  -   -

---

• Next message: Ramesh [MVP]: "Re: Windows Shell Problem ?"
• Previous message: &re: "Re: Sloooooooooooooowww Comptuer"
• In reply to: cquirke (MVP Win9x): "Re: Windows Shell Problem ?"
• Next in thread: Ramesh [MVP]: "Re: Windows Shell Problem ?"
• Reply: Ramesh [MVP]: "Re: Windows Shell Problem ?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: some ? in windows register ... in the windows directory I found also a ".exe" with random ... Initially I suspected of some troubles caused by Windows ... Task Scheduler Task Objects. ... c:\windows\tasks is where malware sometimes likes to hide. ... (microsoft.public.windowsxp.basics) Re: Windows Shell Problem ? ... Now an .exe should run itself, ... If the malware file's deleted, ... "Safe Command Only". ... scan but don't clean and save the log of what is found. ... (microsoft.public.windowsxp.perform_maintain) Re: background instance.. ... exe can launched with different command line parameters.So based on the ... parameters i have to either create a dialog(which can again launch the ... UI Windows) or directly create some UI windows.First question is how ... (microsoft.public.vc.mfc) Re: background instance.. ... exe can launched with different command line parameters.So based on the ... parameters i have to either create a dialog(which can again launch the ... UI Windows) or directly create some UI windows.First question is how ... (microsoft.public.vc.language) background instance.. ... exe can launched with different command line parameters.So based on the ... parameters i have to either create a dialog(which can again launch the ... UI Windows) or directly create some UI windows.First question is how ... (microsoft.public.vc.mfc)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.perform_maintain  > 2004-12