Click here to Skip to main content
15,870,297 members
Articles / Programming Languages / C++

Watch Out!

Rate me:
Please Sign up or sign in to vote.
4.24/5 (15 votes)
14 Jan 2001CPOL 99.2K   23   12
How can one stop you from running an application on your system

Introduction

You people may have already received an application from your friend (or will receive it in the next few days). If you run that application on your system, you will no longer be able to run any application on your system thereafter. You will certainly try to logoff/logon, restart, shutdown your system but with no success in running any application. Another point which I should mention here is that it will not stop you from running applications that are associated with file type, e.g. txt file double clicking that file will open Notepad.

When you click any shortcut or type the .exe name in start/run, you will see a Message Box with greetings. That also adds an icon in your system tray.

Some sharp guys want to see the Registry for curing the system, but oops!, you can't run Regedit.exe because it is an application too.

Now I would like to discuss what that application actually does with our system. It does two things:

  1. Force the .exe file to be open with its own file (possibly WinTask.exe). If you try to run .exe files, system looks for that application. And that application just displays a message box.
  2. Every time when user will login/restart system, it run its own .exe file to make sure it is the first step. Just by making its own string value name "Win32BaseServiceMOD" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

The second step is straight forward. But I would like to discuss the first step in more detail.

File Class

The terms file association and file class essentially mean the same thing. A file association or file class consists of all the files that have the same filename extension. File classes are created with the registry. Once a file class has been created, you can customize the behavior of its files. For instance, you can specify the application used to open the file when it is double-clicked, you can replace the standard file icon with a custom icon or add items to the context menu. For more details, look for topic "Creating a File Association" in MSDN.

This virus like application changes the application associated with the EXE files by changing the default value of the key, HKEY_CLASSES_ROOT\exefile\shell\open with its application name.

Now the simple solution is to change that value to "%1"%*. But how? You can't run the Regeidt.exe. Don't worry, another solution is there, make a new .reg file with text:

REGEDIT4
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
""="\"%1\"%*"

Then double click this file to make changes in the Windows Registry.

Run Regedit.exe and look for the key mentioned in the second step. Delete value name "Win32BaseServicesMOD".

Now you are in the same position as you were before running that virus like application.

History

  • 14th January, 2001: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Web Developer
Pakistan Pakistan
Mumtaz Zaheer is working as Senior System Analyst with Information Architects, Pakistan (http://www.info-architects.com/).

Comments and Discussions

 
GeneralRe: More renamings Pin
SuperKoko23-Jan-05 10:03
SuperKoko23-Jan-05 10:03 
GeneralRe: drat trojan, posible solution ... Pin
saqib chuadhry14-Jul-06 0:16
saqib chuadhry14-Jul-06 0:16 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.