Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

exeregfix.reg What does it do?


  • Please log in to reply
3 replies to this topic

#1 jch2

jch2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 28 March 2011 - 10:14 PM

When searching for a fix for a rogue security malware I was told to download (from 2-sypware.com or 2-viruses.com) and run exeregfix.reg as part of the fix. What does this do?

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:31 AM

Posted 28 March 2011 - 10:19 PM

It repairs several Windows Registry entries which block you from running executable files (.exe files). It's a fairly common tactic employed by malware to prevent you from running anything that might be used to help remove the malware (like anti-malware scanners and loggers.)

#3 jch2

jch2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 28 March 2011 - 10:41 PM

Any specifics? I ran it and was wondering what specific changes were made to my registry. Anything I need to go back and undo or clear out? I don't think it helped actually. The malware was still active after I ran it and I had to perform other steps to fix the problem.

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:31 AM

Posted 28 March 2011 - 10:51 PM

exeregfix.reg is a text file. You can open it in Notepad to see what it does:
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

Basically what it does is remove several entries which override the default action that is used when you double-click on an EXE file. If those entries don't exist, if the infection is using a different method for blocking exe files from running then exeregfix.reg has no effect.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users