# Please Help! XP won't run any programs!



## bearhorse (Sep 2, 2005)

I booted up my PC (XP Pro OS) and Ad-Aware warned me of unauthorized file access, so I said "no". I then said "no" to another 40+ unauthorized attempts to change/access file & registry settings. All desktop shortcuts then had a ".LNK" extension. I can find shortcut targets, but ".EXE" files don't work! 

I ran an Ad-Aware scan, but no malware or spyware was found. I ran a McAfee scan, but no virus found. Then, I cold-booted the machine, and no change.

The only thing I did manage to do was to accidentally change the ".LNK" associations to Netscape, with the side-effect that it allowed me to start a browser, so I could at least get on-line to this forum (dialer is not an ".EXE").

I downloaded CrapRemover and HijackThis, but neither of them will execute. In fact, no program that has a ".EXE" extension will execute from the START button, or explorer. 

What's worse is I can't run anything from the Control Panel, nor in the System Tools, and I can't get to a command prompt. 

When command got corrupted under 98, you could copy the system commands from another machine, but that doesn't seem the case in XP. Is there anything I can do, other than XP Pro re-install? 

Also, is there any way to break the (accidental) ".LNK" file association with Netscape? PLEASE HELP!!!


----------



## D_Trojanator (May 13, 2005)

Recently a friend had the WIN32/Parite Virus which takes over all .exe's and basically crashes your computer out of living.......he had to reformat xp........

Read this link about getting .exe's back, it may help....

Someone else will be able to give you a better insight, and it may be a completly different problem that may be easy to fix.

I was about to recommend backing everything up just in case, but it may be worthless.........

David :up:


----------



## WhitPhil (Oct 4, 2000)

Download the file in line 12 on this page called exefix.reg.

Double click on the file to correct the registry entries.


----------



## bearhorse (Sep 2, 2005)

No file to "download", just lines of code. Copied code lines into notepad and saved as "exefix.reg" (all files type, not txt) to system root.

Double clicked and got the following message that "Windows cannot open this file (exefix.reg), because it needed to know what program created it. 

Will exefix.reg run from a safe-mode command prompt? It seems I can get to that...


----------



## WhitPhil (Oct 4, 2000)

Hmmm, whatever virus/trojan you bumped into has done some major mucking with the registry!!

Try this.

From the bottom of this page download Regfile.inf and Fix-exec.inf.

Then, select the file, right mouse, install.


----------



## bearhorse (Sep 2, 2005)

Went to site
Clicked on each file listed (displayed code listings)
Right-clicked on each and saved (as "All files" type) to Root
Opened Explorer
Right-clicked on each saved file and selected "install"
Each reported "Windows cannot open this file: grpconv.exe"


It seems that anything that requires an ".EXE" extension hits that roadblock. Is it possible to go in and edit the registry manually from a safe-mode command prompt? If so, could the entries from the exefix.reg file be used?


----------



## D_Trojanator (May 13, 2005)

Name: GrpConv 

Filename: grpconv.exe 

Description: To facilitate the upgrade from Windows 3.1 to Win95/98, an executable file named GRPCONV.EXE is included with Win95/98. This file provides the translation of groups and group items to folders and links unless you need to access Win 3.1 Group files 

File Location: Unknown 

Startup Type: Currently being identified.


----------



## bearhorse (Sep 2, 2005)

Should attempting to install "Regfile.inf" or "Fix-exec.inf" cause GrpConv.exe to run on an XP system?


----------



## bearhorse (Sep 2, 2005)

Is there a way to manually input the individual line commands in the "regfile.inf" and "fix-exec.inf" files to accomplish the intended repairs, such as from a Safe-Mode command prompt?


----------



## WhitPhil (Oct 4, 2000)

Try running Explorer
Tools > Options > File Types
Scroll to and select INF
Advanced Button
*IF* there is an Install option, select it, Edit Button
In the application used to perform field, paste the following
*C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1*

** there is space between the DefaultInstall and 132

OK your way out.

If there is NOT an Install option, select NEW
and in the action field enter
*&Install*

and in the application field enter
*C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1*
Select the Use DDE field
In application, enter
*setupapi*
In topic, enter
*System*

OK your way out.

You said you can't get a command prompt?

Using Start > Run > Command
or
Start > Run > CMD


----------



## bearhorse (Sep 2, 2005)

There was an Install option. 
Pasted in the application used to perform from above. 
Got down to "OK your way out." and ok'd out to File Types screen. At that point, only option was to "Close" ("Apply" grayed out). 
Closed
Tried Start/Run/"command" : no file association
Tried Start/Run/"cmd" : no file association

Went back to "Advanced Button" instruction
Removed Install option
Ok'd out to File Types screen
Closed
Tried Start/Run/"command" : no file association
Tried Start/Run/"cmd" : no file association

Will next re-boot, and then...


----------



## WhitPhil (Oct 4, 2000)

Sorry.

The questions about getting to a command prompt were not related.

After changing the code in the install option, select the fix-exec.inf file, right mouse > install.


----------



## bearhorse (Sep 2, 2005)

Sorry for the delay (it's been a tough night). Things got steadily worse, then I lost USB hub (modem/mouse/internet connectivity) functionality.

In a nutshell:
-Booted to "Safe-Mode w/command prompt", then ran exefix.reg. It seemed to have completed, but still had no ".EXE" functionality, no USB, associations still wrong.

-However, I could now run System-Restore and did so back to a point about 3 months ago, which got me my desktop back. 

-Installed fix-exec.inf and RegFile.inf. I can get to a command prompt now! :up: 

-Also got USB func. back, and can run ".EXE" files now, but Netscape 7.1 blown. :down: 

-Used IE to download Firefox. Before I install, I'd like to see if there's a way to restore Netscape 7.1, or at least import its mailbox messages into Eudora, or whatever e-mail system there is for Firefox.  

Have to take today away from the computer, as my eyes look like peeled cherry tomatoes from the strain. But, I'll be back on tonight to try and finish this up...


----------



## WhitPhil (Oct 4, 2000)

It's unfortunate that you had to restore that far into the past. It means you will nned to reinstall anything in that period.

Are you currently running an Antivirus? If so, update the virus defs and do a full scan.

AND, get a second opinion from HouseCall

Before worrying about your browser and email, I would be concerned that your PC may still be infected.

Run HiJackThis, and post back the log into a new thread asking that it be reviewed. And, include a link to this thread as a reference. 
If it's clean, you need to ensure that you are running an active Antivirus, a firewall, and run other anti-spyware apps such as SpyWareBlaster.


----------



## D_Trojanator (May 13, 2005)

You might as well post it here as it's in the security forum, and me or someone else will take a look. Is that ok Phil? 
DAvid :up:


----------



## WhitPhil (Oct 4, 2000)

David:

That's fine. Just thought a new post would get more attention.


----------



## bearhorse (Sep 2, 2005)

Sorry! Didn't realize there were more messages after being told to move to security thread. I posted HJT log to a new thread (http://forums.techguy.org/showthread.php?p=2935735#post2935735), and followed member khazars' recommendations. Please review the thread and let me know if there is anything else I need to do, as well as my concerns at the bottom of its message #3.

Also, I'd like to find out how to mark this "solved", when this is all said and done...


----------



## D_Trojanator (May 13, 2005)

As the problem in this thread seems to have been *fixed*, we ask you to mark this thread as *solved*!

To do this please click on the *"thread tools"* button in the top right hand corner and click on *"solved"*

If you wish the thread to be re-opened at any time, please *PM* a _moderator_!
David


----------

