New Kind of EXE Corruption

[ajc196]

I've come across the broken .exe's plenty of times, but I have one today that is somewhat different.

Rather than broken .exe associations that open the "open with..." dialog box, everything now opens as an Internet Explorer download. This happens for more than .exe's too, including .reg, .bat, etc. So the few manually fixes I've found on other forums cannot run correctly, even by trying to merge .reg files through the right click context menu. Therefore, even in safe mode, I can't run the command prompt, System Restore, Regedit, anything at all. So my usual fixes and methods are inapplicable. Task manager can at least open, and you can kill iexplore.exe and even explorer.exe. But when you try to restart Explorer, it just pulls up the IE download prompt again. At that point, I have to restart to get Explorer/the desktop to come back up. Again, both normal and safe mode do this.

The system came back clean (found nothing) with the Avast Rescue CD and MSE/SAS/MBAM scans with the HDD hot-swapped to my bench system.

Any ideas?

[ZenTree]

Use a winpe bootable environment, load the offline registry files from the infected computer and then import the registry fix into the imported registry

[SmithFamilyDesigns]

I dont know if this has been covered anywhere on the forums,
But if thats happening in xp, you can run an exe by right clicking, run as, and just uncheck the "protect ... data execution" (sorry, dont remember exact wording).

Once I'm able to post in the tech section, i have a reg fix for that.

Sent from my HTC Vision using Tapatalk

[ajc196]

Forgot that important part, sorry. The machine is on Vista x86.

[ajc196]

Quote:

Originally Posted by ZenTree

Use a winpe bootable environment, load the offline registry files from the infected computer and then import the registry fix into the imported registry

Registry Editor PE in Hirens worked like a charm attacking it that way. Thanks!