Programs won't start

  • Thread starter Thread starter Percival P. Cassidy
  • Start date Start date
P

Percival P. Cassidy

I am trying to fix one of my wife's foreign students' laptops with Vista
Home Premium. It boots to the desktop, but no programs will execute:
whatever I try to start, I get the box asking me what program I want to
use to open it, even though it's an .exe program that I'm trying to start.

The student says he clicked on an email even though it looked suspicious
because he assumed that his antivirus software would catch it if it
really was harmful -- but his antivirus software is out of date.

The backup and Restore feature works but tells me that the last backup
was two years ago. No System Restore Points are displayed.

Is there something simple to try before I try a repair install from a
"plain vanilla" Vista disk (i.e., one without Dell-specific drivers and
other add-ons)? I have a Macrium Reflect Free boot disk I could use to
backup all his personal data first -- in fact I have three such discs:
one each based on Win XP, Win 7, and Linux.

Advice?

Perce
 
Percival P. Cassidy said:
I am trying to fix one of my wife's foreign students' laptops with Vista
Home Premium. It boots to the desktop, but no programs will execute:
whatever I try to start, I get the box asking me what program I want to use
to open it, even though it's an .exe program that I'm trying to start.

There's nothing magical about the .exe extension when you click it in
Explorer; the response is controlled by what the Registry calls for.

H'mmm...I don't normally run Vista but I keep a VMware image of Enterprise
handy for testing. Let's see what the Registry entries for a .EXE looks
like...

HKCR\.exe
(default): REG_SZ exefile
Content Type: REG_SZ application/x-msdownload
HKCR\.exe\PersistentHandler
(default): REG_SZ {098f2470-bae0-11cd-b579-08002b30bfeb}

HKCR\exefile
(default): REG_SZ Application
EditFlags: REG_BINARY 38 07 00 00
FriendlyTypeName: REG_EXPAND_SZ
@%SystemRoot%\System32\shell32.dll,-10156
HKCR\exefile\DefaultIcon
(default): REG_SZ %1
HKCR\exefile\shell\open
EditFlags: REG_BINARY 00 00 00 00
HKCR\exefile\shell\open\command
(default): REG_SZ "%1" %*
IsolatedCommand: REG_SZ "%1" %*
HKCR\exefile\shell\runas\command
(default): REG_SZ "%1" %*
IsolatedCommand: REG_SZ "%1" %*
HKCR\exefile\shellex\DropHandler
(default): REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D}
HKCR\exefile\PropertySheetHandlers\ShimLayerPropertyPage
(default): REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}


No gurarantees - especially if you aren't familiar with editing the
Registry - but you might want to compare the above to what's on the system
your student has. I'm assuming that you have a bootable disk (such as the
Vista installation disk) that you can use to look at his software hive.
(HKCR is an alias for HKLM\SOftware\Classes, and when a system isn't running
it's in the SOFTWARE hive in C:\Windows\System32\Config)


The student says he clicked on an email even though it looked suspicious
because he assumed that his antivirus software would catch it if it really
was harmful -- but his antivirus software is out of date.

Sigh. Signature-based antivirus is a useful but it is NOT even faintly
close to being a cure-all, and the sophisticated malware writers (and they
can be *extremely* sophisticated) have lots of ways to prevent their code
from being detected based on a signature. A very good tool which monitors
*behavior* is available free from Microsoft: EMET...but the user still must
understand that no protections are invulnerable. If I was a betting man, I
would put odds on a statement that the student was using an administrative
account and had disabled UAC as well...


Is there something simple to try before I try a repair install from a
"plain vanilla" Vista disk (i.e., one without Dell-specific drivers and
other add-ons)? I have a Macrium Reflect Free boot disk I could use to
backup all his personal data first -- in fact I have three such discs: one
each based on Win XP, Win 7, and Linux.


Even if you can resurrect the system to the point where it knows what to do
with a .exe file I would still *strongly* recommend that the student back up
ALL the data he wants to keep, then *reformat* - repeat, REFORMAT - the disk
and make a completely clean reinstall. Regardless of how it got there it's
certain that the system has been compromised by malware, and we don't know
where else the nasty code has put its hooks. Lots of malware has code that
periodically checks to see if other parts have been cleaned up, and if so,
reinfects them.

And enable UAC. Yes, it's a major PITA, especially on Vista, but had it
been enabled and/or he was using an unprivileged account there would have
been an additional approval required before the malware could have done
something to the system.

Good luck...you'll need it.

Joe
 
Back
Top