Registry problem
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Registry problem

  1. #1
    Member
    Join Date
    Feb 2003
    Posts
    47

    Registry problem

    Ok guys i have done something stupid.I am running windows xp and i am playing with trojans and i changed a registry key and now all files with the .exe extension wont open a picture of the error is attached.The folder i edited was HKEY_CLASSES_ROOT\exefile\shell\open\command and changed the default tag to: ""%1" %*"nd Notepad wont open but previous text files on my desktop will open and i can modify that and change it into a .reg file.Whats the registry commands to change it back to default?.

    Thank you i know people may think im stupid but im a newbie and im trying to learn more bout my system.

    ps the place i got this command was off symantec virus report and i was trying to get a trojan to start the same way could someone also explain if its symantec who got the command wrong or me the virus report is attached below

  2. #2
    Member
    Join Date
    Feb 2003
    Posts
    47
    Below is a attachment of the virus report i cannot add any attachments so ill tell u what the error says:

    Header:C:\WINDOWS\system32\notpad.exe
    Error:Windows cannot find 'C:\WINDOWS\system32\notpad.exe'.Make sure you typed the name correctly,and then try again.To search for a file,click the Start button,and then click Search.


    This happens on every .exe file i click on

  3. #3
    Banned
    Join Date
    Jul 2003
    Posts
    374
    G'day Dominaterx, I have xp pro and went to
    HKEY_CLASSES_ROOT\exefile\shell\open\command, and the default
    was "%1"%* You said you changed yours to ""%1" %* slightly different
    maybe try setting it to mine as i havn't changed anything. Anyways just a
    thought, i don't really know that much sorry if this is wrong. TidaLphasE23......

  4. #4
    Banned
    Join Date
    Jun 2003
    Posts
    1,302
    Ok First I would recommend that if your going to play with your Registry you get Reg Prot or any Registry controling program. It helps you when you make those mistakes.

    Give me a sec to look at that log and I will tell you what I think.

    Here is link that has Registry Prot on it. There are also some other Good Programs on there.
    http://www.oldgoat.org.uk/compu/links.htm

  5. #5
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    The simplest thing to do at this point is to go into System Restore and put the system back a day or so, before the change was made. This will remove the registry change that was made and is causing your problem.

    Start, Control Panel, (switch to category view if you aren't there already), Performance and Maintenance, System Restore.

    From here, make sure the radio button for "Restore my system to an earlier time" is checked and click Next. Select a day from the calendar a day or two back. Click Next.

    After the restore, reboot, and read the screen that pops up to make sure it succeeded.

    You are back in business.

    This, of course, assumes that you have System Restore active.

  6. #6
    Member
    Join Date
    Feb 2003
    Posts
    47
    Damn,sorry i think i got the wrong command i said i changed it too.Anyway i cannot get in the registry cuz i cannot open any file with the .exe extension so that means i cannot open the windows registry editor so what i need to do is create a .reg file which is an import that can import the default command back in too the registry but i dunno how to write registry files so i was hoping if someone here could help me..

  7. #7
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    restart your computer in safemode and do the changes and also check if you have the Yaha worm. That worm doesn't alow you to open Regedit , task manager and other stuff

    http://securityresponse.symantec.com...oval.tool.html

    EDIT------
    check the file notpad.exe for virus, or did you misspelled it (notepad.exe)?

    *****

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"



    **************************
    here is the reg file that has the above code and if you need to make more changes to the registry yo can edit the reg file and merge the changes to youre registry

    ****************************
    it didn't let me upload the reg file but here is in txt change it to .reg

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Dominaterx,

    A bit to one side, but I recommend that you get hold of an old ex-company desktop. You do not need anything fancy for security research.

    My point is that it is not a good idea to experiment on your main machine, you need a "labrat"
    preferably with a fairly small HDD as you can expect to be doing some reformatting

    I would suggest a PII/PIII running between 450 and 666MHz, 256 of RAM and maybe NT 4.0 as the OS. I do NOT recomment 9x/Me as these are intrinsically weak OSes, and you will not learn as much. NT4 is not much different from Win2k, apart from about 100 in the price

    I would also suggest that you give your machine a thorough "delouse", as you appear to have let one of these things loose so to speak?

    Good luck

  9. #9
    Member
    Join Date
    Feb 2003
    Posts
    47
    Thanks for all ur help,I could'nt even open files in safe mode,so i did a reinstall.Its ok thru i keep backups but yes i would like a machine to practise on.Im from the uk where can i get some cheap computers?(dont say auction site i dont trust them i want a cheap one from dell or a big company like that i am looking to spend around 100-150.00 im from the uk could anyone help me look on uk sites?.Second for my virus research i am doing i want a programme that can change the icon pichures in win xp i have seen these before but cannot find them now can neone help?.

  10. #10
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    Look up the art of dumpster diving.

    Getting back here though. I alsways get my play boxes from companies that have upgraded and have a few old boxes laying around. Ask the IT guys at your work, companies usually have one or two laying in a closet.

    What I do is setup the box, and make a ghost image of the initial install. Once I'm done screwing it up, I can restore it from the ghost image in about 5 minutes. Norton's Ghost makes it really handy to just screw up boxes left and right.

    cheers and have fun learning...

    xmadd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •