Click here to Skip to main content
13,297,266 members (71,110 online)
Click here to Skip to main content
Add your own
alternative version


23 bookmarked
Posted 14 Jan 2001

Watch Out!

, 14 Jan 2001
Rate this:
Please Sign up or sign in to vote.
How can one stop you from running an application on your system


You people may have already received an application from your friend (or will receive it in the next few days). If you run that application on your system, you will no longer be able to run any application on your system thereafter. You will certainly try to logoff/logon, restart, shutdown your system but with no success in running any application. Another point which I should mention here is that it will not stop you from running applications that are associated with file type, e.g. txt file double clicking that file will open Notepad.

When you click any shortcut or type the .exe name in start/run, you will see a Message Box with greetings. That also adds an icon in your system tray.

Some sharp guys want to see the Registry for curing the system, but oops!, you can't run Regedit.exe because it is an application too.

Now I would like to discuss what that application actually does with our system. It does two things:

  1. Force the .exe file to be open with its own file (possibly WinTask.exe). If you try to run .exe files, system looks for that application. And that application just displays a message box.
  2. Every time when user will login/restart system, it run its own .exe file to make sure it is the first step. Just by making its own string value name "Win32BaseServiceMOD" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

The second step is straight forward. But I would like to discuss the first step in more detail.

File Class

The terms file association and file class essentially mean the same thing. A file association or file class consists of all the files that have the same filename extension. File classes are created with the registry. Once a file class has been created, you can customize the behavior of its files. For instance, you can specify the application used to open the file when it is double-clicked, you can replace the standard file icon with a custom icon or add items to the context menu. For more details, look for topic "Creating a File Association" in MSDN.

This virus like application changes the application associated with the EXE files by changing the default value of the key, HKEY_CLASSES_ROOT\exefile\shell\open with its application name.

Now the simple solution is to change that value to "%1"%*. But how? You can't run the Regeidt.exe. Don't worry, another solution is there, make a new .reg file with text:


Then double click this file to make changes in the Windows Registry.

Run Regedit.exe and look for the key mentioned in the second step. Delete value name "Win32BaseServicesMOD".

Now you are in the same position as you were before running that virus like application.


  • 14th January, 2001: Initial post


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Mumtaz Zaheer
Web Developer
Pakistan Pakistan
Mumtaz Zaheer is working as Senior System Analyst with Information Architects, Pakistan (

You may also be interested in...

Comments and Discussions

QuestionHow .exe can run under Windows as .com Pin
Jonathan Russell16-Oct-04 1:43
subeditorJonathan Russell16-Oct-04 1:43 
GeneralNavidad virus Pin
Michael Dunn14-Jan-01 23:15
memberMichael Dunn14-Jan-01 23:15 
GeneralRe: Navidad virus Pin
Mumtaz Zaheer15-Jan-01 20:28
memberMumtaz Zaheer15-Jan-01 20:28 
GeneralRe: Navidad virus Pin
Gennady Oster22-Jan-01 5:28
memberGennady Oster22-Jan-01 5:28 
GeneralRe: Navidad virus Pin
Mumtaz Zaheer22-Jan-01 19:22
memberMumtaz Zaheer22-Jan-01 19:22 
GeneralRe: Navidad virus Pin
Gennady Oster22-Jan-01 21:18
memberGennady Oster22-Jan-01 21:18 
GeneralRe: Navidad virus Pin
Anonymous22-Jan-01 23:55
memberAnonymous22-Jan-01 23:55 
GeneralRe: Navidad virus Pin
Mumtaz Zaheer23-Jan-01 6:26
memberMumtaz Zaheer23-Jan-01 6:26 
Generaldrat trojan, posible solution ... Pin
Anonymous26-Jun-02 0:44
memberAnonymous26-Jun-02 0:44 
i`ve encountered the same problem when i`ve got infected with the dRAT trojan horse, it modified the registry so .exe or .com would execute trough the body of the trojan wich taked an inofensive name win32.exe i think, don`t remember exactly, i succeded removing it from dos, restaurating a saved version of the registry .. now i`m thinking, notepad is .exe too .. but it runs and opens the .txt document .. what if we asociate a strange extension .ajz for example with regedit.exe .. it will open right, even for the error .. is just a thought ..
GeneralMore renamings Pin
cygnus13-Aug-02 21:29
membercygnus13-Aug-02 21:29 
GeneralRe: More renamings Pin
SuperKoko23-Jan-05 11:03
memberSuperKoko23-Jan-05 11:03 
GeneralRe: drat trojan, posible solution ... Pin
saqib chuadhry14-Jul-06 1:16
membersaqib chuadhry14-Jul-06 1:16 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.171207.1 | Last Updated 15 Jan 2001
Article Copyright 2001 by Mumtaz Zaheer
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid