Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
General Vista Help and Support The general Windows Vista discussion forum, for topics not covered elsewhere. (microsoft.public.windows.vista.general) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
Programs won't start
I am trying to fix one of my wife's foreign students' laptops with Vista
Home Premium. It boots to the desktop, but no programs will execute: whatever I try to start, I get the box asking me what program I want to use to open it, even though it's an .exe program that I'm trying to start. The student says he clicked on an email even though it looked suspicious because he assumed that his antivirus software would catch it if it really was harmful -- but his antivirus software is out of date. The backup and Restore feature works but tells me that the last backup was two years ago. No System Restore Points are displayed. Is there something simple to try before I try a repair install from a "plain vanilla" Vista disk (i.e., one without Dell-specific drivers and other add-ons)? I have a Macrium Reflect Free boot disk I could use to backup all his personal data first -- in fact I have three such discs: one each based on Win XP, Win 7, and Linux. Advice? Perce |
|
|||
Programs won't start
"Percival P. Cassidy" wrote:
I am trying to fix one of my wife's foreign students' laptops with Vista Home Premium. It boots to the desktop, but no programs will execute: whatever I try to start, I get the box asking me what program I want to use to open it, even though it's an .exe program that I'm trying to start. There's nothing magical about the .exe extension when you click it in Explorer; the response is controlled by what the Registry calls for. H'mmm...I don't normally run Vista but I keep a VMware image of Enterprise handy for testing. Let's see what the Registry entries for a .EXE looks like... HKCR\.exe (default): REG_SZ exefile Content Type: REG_SZ application/x-msdownload HKCR\.exe\PersistentHandler (default): REG_SZ {098f2470-bae0-11cd-b579-08002b30bfeb} HKCR\exefile (default): REG_SZ Application EditFlags: REG_BINARY 38 07 00 00 FriendlyTypeName: REG_EXPAND_SZ @%SystemRoot%\System32\shell32.dll,-10156 HKCR\exefile\DefaultIcon (default): REG_SZ %1 HKCR\exefile\shell\open EditFlags: REG_BINARY 00 00 00 00 HKCR\exefile\shell\open\command (default): REG_SZ "%1" %* IsolatedCommand: REG_SZ "%1" %* HKCR\exefile\shell\runas\command (default): REG_SZ "%1" %* IsolatedCommand: REG_SZ "%1" %* HKCR\exefile\shellex\DropHandler (default): REG_SZ {86C86720-42A0-1069-A2E8-08002B30309D} HKCR\exefile\PropertySheetHandlers\ShimLayerProper tyPage (default): REG_SZ {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} No gurarantees - especially if you aren't familiar with editing the Registry - but you might want to compare the above to what's on the system your student has. I'm assuming that you have a bootable disk (such as the Vista installation disk) that you can use to look at his software hive. (HKCR is an alias for HKLM\SOftware\Classes, and when a system isn't running it's in the SOFTWARE hive in C:\Windows\System32\Config) The student says he clicked on an email even though it looked suspicious because he assumed that his antivirus software would catch it if it really was harmful -- but his antivirus software is out of date. Sigh. Signature-based antivirus is a useful but it is NOT even faintly close to being a cure-all, and the sophisticated malware writers (and they can be *extremely* sophisticated) have lots of ways to prevent their code from being detected based on a signature. A very good tool which monitors *behavior* is available free from Microsoft: EMET...but the user still must understand that no protections are invulnerable. If I was a betting man, I would put odds on a statement that the student was using an administrative account and had disabled UAC as well... Is there something simple to try before I try a repair install from a "plain vanilla" Vista disk (i.e., one without Dell-specific drivers and other add-ons)? I have a Macrium Reflect Free boot disk I could use to backup all his personal data first -- in fact I have three such discs: one each based on Win XP, Win 7, and Linux. Even if you can resurrect the system to the point where it knows what to do with a .exe file I would still *strongly* recommend that the student back up ALL the data he wants to keep, then *reformat* - repeat, REFORMAT - the disk and make a completely clean reinstall. Regardless of how it got there it's certain that the system has been compromised by malware, and we don't know where else the nasty code has put its hooks. Lots of malware has code that periodically checks to see if other parts have been cleaned up, and if so, reinfects them. And enable UAC. Yes, it's a major PITA, especially on Vista, but had it been enabled and/or he was using an unprivileged account there would have been an additional approval required before the malware could have done something to the system. Good luck...you'll need it. Joe |