You are here: Home > Youtube Question: I Can’t Load Any .Exe After I Removed a Rogue Antivirus…

Youtube Question: I Can’t Load Any .Exe After I Removed a Rogue Antivirus…

Question: Help!!!  I can’t load any .exe after I removed a rogue anti-virus.  Is there a simple fix for this?

Answer: Yes, this is quite a common after effect of removing the latest generation of rogue anti-virus applications.  These rogues alter registry entries related to .exe’s.  If you would like to easily fix this issue then you may download this registry fix below and run it.

Fix Broken Exe

This .reg file contains:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”

[HKEY_CLASSES_ROOT.exePersistentHandler]
@=”{098f2470-bae0-11cd-b579-08002b30bfeb}”

[HKEY_CLASSES_ROOTexefile]
@=”Application”
“EditFlags”=hex:38,07,00,00
“TileInfo”=”prop:FileDescription;Company;FileVersion”
“InfoTip”=”prop:FileDescription;Company;FileVersion;Create;Size”

[HKEY_CLASSES_ROOTexefileDefaultIcon]
@=”%1″

[HKEY_CLASSES_ROOTexefileshell]

[HKEY_CLASSES_ROOTexefileshellopen]
“EditFlags”=hex:00,00,00,00

[HKEY_CLASSES_ROOTexefileshellopencommand]
@=””%1” %*”

[HKEY_CLASSES_ROOTexefileshellrunas]

[HKEY_CLASSES_ROOTexefileshellrunascommand]
@=””%1” %*”

[HKEY_CLASSES_ROOTexefileshellex]

[HKEY_CLASSES_ROOTexefileshellexDropHandler]
@=”{86C86720-42A0-1069-A2E8-08002B30309D}”

[HKEY_CLASSES_ROOTexefileshellexPropertySheetHandlers]

[HKEY_CLASSES_ROOTexefileshellexPropertySheetHandlersPEAnalyser]
@=”{09A63660-16F9-11d0-B1DF-004F56001CA7}”

[HKEY_CLASSES_ROOTexefileshellexPropertySheetHandlersPifProps]
@=”{86F19A00-42A0-1069-A2E9-08002B30309D}”

[HKEY_CLASSES_ROOTexefileshellexPropertySheetHandlersShimLayer Property Page]
@=”{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”

[HKEY_CLASSES_ROOTregfile]
@=”Registration Entries”
“EditFlags”=dword:00100000
“BrowserFlags”=dword:00000008

[HKEY_CLASSES_ROOTregfileDefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,
00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,
2c,00,31,00,00,00

[HKEY_CLASSES_ROOTregfileshell]
@=”open”

[HKEY_CLASSES_ROOTregfileshelledit]

[HKEY_CLASSES_ROOTregfileshelleditcommand]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,
54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,
00

[HKEY_CLASSES_ROOTregfileshellopen]
@=”Mer&ge”

[HKEY_CLASSES_ROOTregfileshellopencommand]
@=”regedit.exe ”%1”"

[HKEY_CLASSES_ROOTregfileshellprint]

[HKEY_CLASSES_ROOTregfileshellprintcommand]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,
54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,
00,25,00,31,00,00,00

[HKEY_CLASSES_ROOT.lnk]
@=”lnkfile”

[HKEY_CLASSES_ROOT.lnkShellEx]

[HKEY_CLASSES_ROOT.lnkShellEx{000214EE-0000-0000-C000-000000000046}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT.lnkShellEx{000214F9-0000-0000-C000-000000000046}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT.lnkShellEx{00021500-0000-0000-C000-000000000046}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT.lnkShellEx{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT.lnkShellNew]
“Command”=”rundll32.exe appwiz.cpl,NewLinkHere %1″

[HKEY_CLASSES_ROOTlnkfile]
@=”Shortcut”
“EditFlags”=dword:00000001
“IsShortcut”=”"
“NeverShowExt”=”"

[HKEY_CLASSES_ROOTlnkfileCLSID]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOTlnkfileshellex]

[HKEY_CLASSES_ROOTlnkfileshellexContextMenuHandlers]

[HKEY_CLASSES_ROOTlnkfileshellexContextMenuHandlersOffline Files]
@=”{750fdf0e-2a26-11d1-a3ea-080036587f03}”

[HKEY_CLASSES_ROOTlnkfileshellexContextMenuHandlers{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOTlnkfileshellexDropHandler]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOTlnkfileshellexIconHandler]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOTlnkfileshellexPropertySheetHandlers]

[HKEY_CLASSES_ROOTlnkfileshellexPropertySheetHandlersShimLayer Property Page]
@=”{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}]
@=”Shortcut”

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}InProcServer32]
@=”shell32.dll”
“ThreadingModel”=”Apartment”

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}PersistentAddinsRegistered]

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}PersistentAddinsRegistered{89BCB740-6119-101A-BCB7-00DD010655AF}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}PersistentHandler]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}ProgID]
@=”lnkfile”

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}shellex]

[HKEY_CLASSES_ROOTCLSID{00021401-0000-0000-C000-000000000046}shellexMayChangeDefaultMenu]



, , , , ,

  • Jack

    I just ran your .reg file, but it wouldn’t run due to registry permission errors. One workaround that I’ve found to repair .exe loading errors, is to rename the .exe to .com until I can run malware tools. Most malware creators have forgotten about the old DOS days when both endings were (and still are) interchangeable.

  • SophosLOVER

    Thanks Matt! My friend needs this!!

  • me

    use avz tool and find where it says in menu bar at top @run application as trusted.
    worked for me
    problem ocurs from gen.2.pack trojan
    i had it for 2 weeks now
    got rid of it
    a suqared and SAS

  • Newbie Fixer

    Hey Matt… W00T First post!!! Nice article. I just fixed a guys registry using this, he had a nice supply of rogues to keep him occupied. I mentioned anti-virus, and he looked at me like he had no clue…. Shows what people are used to the regular world being like…

  • Andy

    Is this registry fix limited to any specific version of Windows, and will it work for both 32 and 64-bit operating systems?

  • malwarekilla

    @Jack – Hm, good to know, I haven’t seen that one yet.

  • malwarekilla

    @SophosLOVER & Newbie Fixer – cool, glad I could help!

  • Cody

    lol this would have been useful last week. D:

  • http://www.youtube.com/4darkaces Zachery

    Wow! This would definitely be very useful. =D You should compile all of your registry fixes and post them in the Toolkit section of your blog. Put them in an archive for users to download and run from a USB drive. =P

  • Tweak

    Although the reg fix will work almost every time I have had a few times when it would not work but the .com version from this site: http://windowsxp.mvps.org/exefile.htm worked on those rare occasions, just thought someone might find this helpful sometime.

    • malwarekilla

      @Tweak – yeah, I ran into that twice this week.

  • Tweak

    Well then Matt I am happy to contribute, although that is a pretty old one (2006) I have used it VERY recently and never has it failed, I actually stopped using the reg file method since I know this does right. Took me a few days to get the info posted here cause I forgot how I came across it, might have to get on aim or skype or something sometime and get/give some nice toolkit setup options. Great site, keep-up the nice work bud!

  • Justin

    I just helped some person out on yahoo answers and they told me it worked so thanks matt :D

  • Des

    I’d love to b able to use this but I tryed sorting out my syst
    in safe mode, now my computer restarts
    telling me it didn’t work and won’t start in any mode… Suggestions welcome

    and when I could get to the load up couldn’t get the net to load any webpages

    :/

  • seniormoment

    I have seen a lot of these kinds of fixed, but they are INCONSISTENT, in other words, since the fixes are inconsistent, I view them with a certain amount of suspicion. Also, I have never seen an “explanation” for these fixes, i.e. what each registry entry does or doesn’t do


Remove-Malware Traffic Stats