Go Back   Technibble Forums > General Computers > Tech-to-Tech Computer Help

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 04-06-2011, 02:25 PM
ajc196's Avatar
ajc196 ajc196 is offline
 
Join Date: Apr 2010
Posts: 319
ajc196 is an unknown quantity at this point
Default Different Kind of EXE Corruption Today

I've come across the broken .exe's plenty of times, but I have one today that is somewhat different.

Rather than broken .exe associations that open the "open with..." dialog box, everything now opens as an Internet Explorer download. This happens for more than .exe's too, including .reg, .bat, etc. So the few manually fixes I've found on other forums cannot run correctly, even by trying to merge .reg files through the right click context menu. Therefore, even in safe mode, I can't run the command prompt, System Restore, Regedit, anything at all. So my usual fixes and methods are inapplicable. Task manager can at least open, and you can kill iexplore.exe and even explorer.exe. But when you try to restart Explorer, it just pulls up the IE download prompt again. At that point, I have to restart to get Explorer/the desktop to come back up. Again, both normal and safe mode do this.

The system came back clean (found nothing) with the Avast Rescue CD and MSE/SAS/MBAM scans with the HDD hot-swapped to my bench system.

Any ideas?

Last edited by ajc196; 04-06-2011 at 02:46 PM.
Reply With Quote
  #2  
Old 04-06-2011, 02:49 PM
ZenTree ZenTree is offline
 
Join Date: Aug 2010
Location: UK
Posts: 616
ZenTree will become famous soon enough
Default

Use a winpe bootable environment, load the offline registry files from the infected computer and then import the registry fix into the imported registry
Reply With Quote
  #3  
Old 04-06-2011, 03:16 PM
SmithFamilyDesigns's Avatar
SmithFamilyDesigns SmithFamilyDesigns is offline
 
Join Date: Apr 2011
Location: Phoenix
Posts: 289
SmithFamilyDesigns is an unknown quantity at this point
Default

I dont know if this has been covered anywhere on the forums,
But if thats happening in xp, you can run an exe by right clicking, run as, and just uncheck the "protect ... data execution" (sorry, dont remember exact wording).

Once I'm able to post in the tech section, i have a reg fix for that.

Sent from my HTC Vision using Tapatalk
__________________
"Never argue with a fool; onlookers may not be able to tell the difference."

http://www.SmithFamilyDesigns.com
Reply With Quote
  #4  
Old 04-06-2011, 03:27 PM
ajc196's Avatar
ajc196 ajc196 is offline
 
Join Date: Apr 2010
Posts: 319
ajc196 is an unknown quantity at this point
Default

Forgot that important part, sorry. The machine is on Vista x86.
Reply With Quote
  #5  
Old 04-06-2011, 03:57 PM
ajc196's Avatar
ajc196 ajc196 is offline
 
Join Date: Apr 2010
Posts: 319
ajc196 is an unknown quantity at this point
Default

Quote:
Originally Posted by ZenTree View Post
Use a winpe bootable environment, load the offline registry files from the infected computer and then import the registry fix into the imported registry
Registry Editor PE in Hirens worked like a charm attacking it that way. Thanks!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:08 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.