October 26th, 2003, 03:14 AM
Ok guys i have done something stupid.I am running windows xp and i am playing with trojans and i changed a registry key and now all files with the .exe extension wont open a picture of the error is attached.The folder i edited was HKEY_CLASSES_ROOT\exefile\shell\open\command and changed the default tag to: ""%1" %*"nd Notepad wont open but previous text files on my desktop will open and i can modify that and change it into a .reg file.Whats the registry commands to change it back to default?.
Thank you i know people may think im stupid but im a newbie and im trying to learn more bout my system.
ps the place i got this command was off symantec virus report and i was trying to get a trojan to start the same way could someone also explain if its symantec who got the command wrong or me the virus report is attached below
October 26th, 2003, 03:17 AM
Below is a attachment of the virus report i cannot add any attachments so ill tell u what the error says:
Error:Windows cannot find 'C:\WINDOWS\system32\notpad.exe'.Make sure you typed the name correctly,and then try again.To search for a file,click the Start button,and then click Search.
This happens on every .exe file i click on
October 26th, 2003, 03:54 AM
G'day Dominaterx, I have xp pro and went to
HKEY_CLASSES_ROOT\exefile\shell\open\command, and the default
was "%1"%* You said you changed yours to ""%1" %* slightly different
maybe try setting it to mine as i havn't changed anything. Anyways just a
thought, i don't really know that much sorry if this is wrong. TidaLphasE23......
October 26th, 2003, 03:58 AM
Ok First I would recommend that if your going to play with your Registry you get Reg Prot or any Registry controling program. It helps you when you make those mistakes.
Give me a sec to look at that log and I will tell you what I think.
Here is link that has Registry Prot on it. There are also some other Good Programs on there.
October 26th, 2003, 03:58 AM
The simplest thing to do at this point is to go into System Restore and put the system back a day or so, before the change was made. This will remove the registry change that was made and is causing your problem.
Start, Control Panel, (switch to category view if you aren't there already), Performance and Maintenance, System Restore.
From here, make sure the radio button for "Restore my system to an earlier time" is checked and click Next. Select a day from the calendar a day or two back. Click Next.
After the restore, reboot, and read the screen that pops up to make sure it succeeded.
You are back in business.
This, of course, assumes that you have System Restore active.
October 26th, 2003, 04:04 AM
Damn,sorry i think i got the wrong command i said i changed it too.Anyway i cannot get in the registry cuz i cannot open any file with the .exe extension so that means i cannot open the windows registry editor so what i need to do is create a .reg file which is an import that can import the default command back in too the registry but i dunno how to write registry files so i was hoping if someone here could help me..
October 26th, 2003, 04:08 AM
restart your computer in safemode and do the changes and also check if you have the Yaha worm. That worm doesn't alow you to open Regedit , task manager and other stuff
check the file notpad.exe for virus, or did you misspelled it (notepad.exe)?
Windows Registry Editor Version 5.00
here is the reg file that has the above code and if you need to make more changes to the registry yo can edit the reg file and merge the changes to youre registry
it didn't let me upload the reg file but here is in txt change it to .reg
October 26th, 2003, 01:06 PM
A bit to one side, but I recommend that you get hold of an old ex-company desktop. You do not need anything fancy for security research.
My point is that it is not a good idea to experiment on your main machine, you need a "labrat"
preferably with a fairly small HDD as you can expect to be doing some reformatting
I would suggest a PII/PIII running between 450 and 666MHz, 256 of RAM and maybe NT 4.0 as the OS. I do NOT recomment 9x/Me as these are intrinsically weak OSes, and you will not learn as much. NT4 is not much different from Win2k, apart from about £100 in the price
I would also suggest that you give your machine a thorough "delouse", as you appear to have let one of these things loose so to speak?
October 27th, 2003, 02:31 AM
Thanks for all ur help,I could'nt even open files in safe mode,so i did a reinstall.Its ok thru i keep backups but yes i would like a machine to practise on.Im from the uk where can i get some cheap computers?(dont say auction site i dont trust them i want a cheap one from dell or a big company like that i am looking to spend around £100-£150.00 im from the uk could anyone help me look on uk sites?.Second for my virus research i am doing i want a programme that can change the icon pichures in win xp i have seen these before but cannot find them now can neone help?.
October 27th, 2003, 03:48 AM
Look up the art of dumpster diving.
Getting back here though. I alsways get my play boxes from companies that have upgraded and have a few old boxes laying around. Ask the IT guys at your work, companies usually have one or two laying in a closet.
What I do is setup the box, and make a ghost image of the initial install. Once I'm done screwing it up, I can restore it from the ghost image in about 5 minutes. Norton's Ghost makes it really handy to just screw up boxes left and right.
cheers and have fun learning...