Tag Archives | registry entries

Youtube Question: I Can’t Load Any .Exe After I Removed a Rogue Antivirus…

Question: Help!!!  I can’t load any .exe after I removed a rogue anti-virus.  Is there a simple fix for this?

Answer: Yes, this is quite a common after effect of removing the latest generation of rogue anti-virus applications.  These rogues alter registry entries related to .exe’s.  If you would like to easily fix this issue then you may download this registry fix below and run it.

Fix Broken Exe

This .reg file contains:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@=”{098f2470-bae0-11cd-b579-08002b30bfeb}”

[HKEY_CLASSES_ROOT\exefile]
@=”Application”
“EditFlags”=hex:38,07,00,00
“TileInfo”=”prop:FileDescription;Company;FileVersion”
“InfoTip”=”prop:FileDescription;Company;FileVersion;Create;Size”

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@=”%1″

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
“EditFlags”=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@=”{86C86720-42A0-1069-A2E8-08002B30309D}”

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@=”{09A63660-16F9-11d0-B1DF-004F56001CA7}”

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@=”{86F19A00-42A0-1069-A2E9-08002B30309D}”

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@=”{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”

[HKEY_CLASSES_ROOT\regfile]
@=”Registration Entries”
“EditFlags”=dword:00100000
“BrowserFlags”=dword:00000008

[HKEY_CLASSES_ROOT\regfile\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\
2c,00,31,00,00,00

[HKEY_CLASSES_ROOT\regfile\shell]
@=”open”

[HKEY_CLASSES_ROOT\regfile\shell\edit]

[HKEY_CLASSES_ROOT\regfile\shell\edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\
00

[HKEY_CLASSES_ROOT\regfile\shell\open]
@=”Mer&ge”

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@=”regedit.exe \”%1\””

[HKEY_CLASSES_ROOT\regfile\shell\print]

[HKEY_CLASSES_ROOT\regfile\shell\print\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\
00,25,00,31,00,00,00

[HKEY_CLASSES_ROOT\.lnk]
@=”lnkfile”

[HKEY_CLASSES_ROOT\.lnk\ShellEx]

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\.lnk\ShellNew]
“Command”=”rundll32.exe appwiz.cpl,NewLinkHere %1″

[HKEY_CLASSES_ROOT\lnkfile]
@=”Shortcut”
“EditFlags”=dword:00000001
“IsShortcut”=””
“NeverShowExt”=””

[HKEY_CLASSES_ROOT\lnkfile\CLSID]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]
@=”{750fdf0e-2a26-11d1-a3ea-080036587f03}”

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@=”{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}]
@=”Shortcut”

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32]
@=”shell32.dll”
“ThreadingModel”=”Apartment”

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler]
@=”{00021401-0000-0000-C000-000000000046}”

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID]
@=”lnkfile”

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]

Continue Reading · 15

GeSWall 2.8 Prevention Review

GeSWall 2.8 is a free intrusion prevention system (not an antivirus) that can protect your PC from anything without requiring daily updates (like a typical antivirus application).

GeSWall prevents intentional or unintentional downloads from modifying your operating system in any damaging way, and by damaging I mean downloads that may:

  • create registry entries
  • modify registry entries
  • create files
  • modify files
  • access confidential folders like My Documents
  • log keystrokes
  • inject code into processes

Per GeSWall’s website:

The generic rules for an isolated application are that the application:

1. Can read but cannot modify trusted resources.
2. Cannot read or modify confidential resources.
3. May create new untrusted resources, e.g. files.
4. May read or modify untrusted resources.

Check out my review of GeSWall here:

httpvh://www.youtube.com/watch?v=PBKNHBl-yos

Continue Reading · 6

Comodo Internet Security 3.5 Prevention Tests

Recently I tested Comodo Internet Security‘s Antivirus and Defense+ modules against 8 malicious URL’s.  The results were fantastic.  Comodo’s Denfense+ (HIPS module) was able to identify and halt malicious files and registry entries from being created.

Below are few pro’s and Con’s for Comodo Internet Security 3.5

Pro’s:

  • It’s Free – You can download Comodo Internet Security here.
  • Includes – a firewall (one of the best software firewalls), realtime antivirus and an amazing HIPS engine.
  • Automatic free updates.
  • Small memory footprint (for me at least).

Con’s:

  • needs a larger list of whitlisted applications.
  • no heuristics (I believe they are adding this soon).
  • HIPS and Firewall modules require the user to know if the request is either legit or malicious.  This is not Comodo’s fault of course, however they could simplify the users experience and protection by adding (and maintaining) a massive list of whitelisted applications.

Part 1:

httpv://www.youtube.com/watch?v=yVs16zyXSV0

Part 2:

httpv://www.youtube.com/watch?v=-gdIlKPcShE

Continue Reading · 9