Click here to Skip to main content
13,189,324 members (69,867 online)
Click here to Skip to main content
Add your own
alternative version


23 bookmarked
Posted 14 Jan 2001

Watch Out!

, 14 Jan 2001
Rate this:
Please Sign up or sign in to vote.
How can one stop you from running an application on your system


You people may have already received an application from your friend (or will receive it in the next few days). If you run that application on your system, you will no longer be able to run any application on your system thereafter. You will certainly try to logoff/logon, restart, shutdown your system but with no success in running any application. Another point which I should mention here is that it will not stop you from running applications that are associated with file type, e.g. txt file double clicking that file will open Notepad.

When you click any shortcut or type the .exe name in start/run, you will see a Message Box with greetings. That also adds an icon in your system tray.

Some sharp guys want to see the Registry for curing the system, but oops!, you can't run Regedit.exe because it is an application too.

Now I would like to discuss what that application actually does with our system. It does two things:

  1. Force the .exe file to be open with its own file (possibly WinTask.exe). If you try to run .exe files, system looks for that application. And that application just displays a message box.
  2. Every time when user will login/restart system, it run its own .exe file to make sure it is the first step. Just by making its own string value name "Win32BaseServiceMOD" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

The second step is straight forward. But I would like to discuss the first step in more detail.

File Class

The terms file association and file class essentially mean the same thing. A file association or file class consists of all the files that have the same filename extension. File classes are created with the registry. Once a file class has been created, you can customize the behavior of its files. For instance, you can specify the application used to open the file when it is double-clicked, you can replace the standard file icon with a custom icon or add items to the context menu. For more details, look for topic "Creating a File Association" in MSDN.

This virus like application changes the application associated with the EXE files by changing the default value of the key, HKEY_CLASSES_ROOT\exefile\shell\open with its application name.

Now the simple solution is to change that value to "%1"%*. But how? You can't run the Regeidt.exe. Don't worry, another solution is there, make a new .reg file with text:


Then double click this file to make changes in the Windows Registry.

Run Regedit.exe and look for the key mentioned in the second step. Delete value name "Win32BaseServicesMOD".

Now you are in the same position as you were before running that virus like application.


  • 14th January, 2001: Initial post


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Mumtaz Zaheer
Web Developer
Pakistan Pakistan
Mumtaz Zaheer is working as Senior System Analyst with Information Architects, Pakistan (

You may also be interested in...

Comments and Discussions

QuestionHow .exe can run under Windows as .com Pin
Jonathan Russell16-Oct-04 0:43
subeditorJonathan Russell16-Oct-04 0:43 
GeneralNavidad virus Pin
Michael Dunn14-Jan-01 22:15
memberMichael Dunn14-Jan-01 22:15 
GeneralRe: Navidad virus Pin
Mumtaz Zaheer15-Jan-01 19:28
memberMumtaz Zaheer15-Jan-01 19:28 
GeneralRe: Navidad virus Pin
Gennady Oster22-Jan-01 4:28
memberGennady Oster22-Jan-01 4:28 
GeneralRe: Navidad virus Pin
Mumtaz Zaheer22-Jan-01 18:22
memberMumtaz Zaheer22-Jan-01 18:22 
GeneralRe: Navidad virus Pin
Gennady Oster22-Jan-01 20:18
memberGennady Oster22-Jan-01 20:18 
GeneralRe: Navidad virus Pin
Anonymous22-Jan-01 22:55
memberAnonymous22-Jan-01 22:55 
GeneralRe: Navidad virus Pin
Mumtaz Zaheer23-Jan-01 5:26
memberMumtaz Zaheer23-Jan-01 5:26 
Generaldrat trojan, posible solution ... Pin
Anonymous25-Jun-02 23:44
memberAnonymous25-Jun-02 23:44 
GeneralMore renamings Pin
cygnus13-Aug-02 20:29
membercygnus13-Aug-02 20:29 
GeneralRe: More renamings Pin
SuperKoko23-Jan-05 10:03
memberSuperKoko23-Jan-05 10:03 
An other method (more complicated), but really fun.

Because launching a dos or console application from a command line needs to redirect standard output to the console, in this case, windows does not use the default association to open the .exe or .com
Moreover .pif links permits to change various options like the font size of the window, and don't use default association.
You can launch from command.pif.
You can use a dos hex editor to modify regedit.exe PE optional header and change the application to a console application.
For regedit.exe version 4.10.1998, changing byte 9E24 from 02 to 03 transform the application to a console application.
Now, you can execute the new version of regedit.exe without any problem and change associations like you want !
GeneralRe: drat trojan, posible solution ... Pin
saqib chuadhry14-Jul-06 0:16
membersaqib chuadhry14-Jul-06 0:16 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.171016.2 | Last Updated 15 Jan 2001
Article Copyright 2001 by Mumtaz Zaheer
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid