TechSpot

REGedit wont open

By popozuda52
Feb 23, 2006
  1. :mad: Basicly when i try to install mcafee firewall it comes up with an error "regedit is not a valid win32 application" so i checked to see if i could run regedit by typing it into run an guess what same error.
    Annoying thing is when i type regedit.exe it works :mad: :evil:

    anyone got any ideas i would be really greatfull

    thanx

    mike
     
  2. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Can you run other programs withoiut the .exe suffix? It could be you have a fake regedit(.com) file somewhere or you have lost the ability to run .exe file without specifying the extension.
     
  3. popozuda52

    popozuda52 TS Rookie Topic Starter

    i can still run other programs without the .exe i.e msconfig or things like msword work thru "run" but REGedit wont without adding the .exe,

    ran virus scan and spyware scan an both came back ok an thats about as far as i can go technically on my own lol anyone brighter then me got any idea???
     
  4. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Search your computer for "regedit.*". It should come up with only regedit.exe in the Windows folder plus help files and prefetch/dllcache entries. Make sure you search from system folders etc.

    Install filemon from Sysinternals and run it. Set the filter to "regedit" and run "regedit" from Run dialog. Filemon should show you what files are loaded from where.
     
  5. popozuda52

    popozuda52 TS Rookie Topic Starter

    k i got file monitor ran it with the filter on but to b honest wit u i have no idea wat i should b looking for, do u want me to post a copy of the output from file monitor??
     
  6. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Sure.. Post the output (if it's not outrageously long).
     
  7. popozuda52

    popozuda52 TS Rookie Topic Starter

    21:57:00 explorer.exe:2336 DIRECTORY C:\Documents and Settings\mike\ NO SUCH FILE FileBothDirectoryInformation: regedit"*
    21:57:00 explorer.exe:2336 DIRECTORY C:\Documents and Settings\mike\ NO SUCH FILE FileBothDirectoryInformation: regedit"*
    21:57:00 explorer.exe:2336 DIRECTORY C:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformation: regedit"*
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Attributes: HS
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Attributes: HS
    21:57:00 explorer.exe:2336 DIRECTORY C:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformation: regedit.com
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Attributes: HS
    21:57:00 explorer.exe:2336 DIRECTORY C:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformation: regedit.com
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Attributes: HS
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Attributes: HS
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com:Zone.Identifier NOT FOUND Attributes: Error
    21:57:00 explorer.exe:2336 DIRECTORY C:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformation: regedit.com
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Attributes: HS
    21:57:00 explorer.exe:2336 OPEN C:\WINDOWS\system32\regedit.com SUCCESS Options: Open Access: All
    21:57:00 McShield.exe:2560 OPEN C:\WINDOWS\system32\regedit.com SUCCESS Options: Open Access: All
    21:57:00 McShield.exe:2560 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileBasicInformation
    21:57:00 McShield.exe:2560 SET INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileBasicInformation
    21:57:00 McShield.exe:2560 CLOSE C:\WINDOWS\system32\regedit.com SUCCESS
    21:57:00 McShield.exe:2560 OPEN C:\WINDOWS\system32\regedit.com SUCCESS Options: Open Access: All
    21:57:00 McShield.exe:2560 SET INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileBasicInformation
    21:57:00 McShield.exe:2560 CLOSE C:\WINDOWS\system32\regedit.com SUCCESS
    21:57:00 McShield.exe:2560 OPEN C:\WINDOWS\system32\regedit.com SUCCESS Options: Open Access: All
    21:57:00 McShield.exe:2560 SET INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileBasicInformation
    21:57:00 McShield.exe:2560 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileStandardInformation
    21:57:00 McShield.exe:2560 CLOSE C:\WINDOWS\system32\regedit.com SUCCESS
    21:57:00 McShield.exe:2560 OPEN C:\WINDOWS\system32\regedit.com SUCCESS Options: Open Access: All
    21:57:00 McShield.exe:2560 SET INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileBasicInformation
    21:57:00 McShield.exe:2560 CLOSE C:\WINDOWS\system32\regedit.com SUCCESS
    21:57:00 McShield.exe:2560 OPEN C:\WINDOWS\system32\regedit.com SUCCESS Options: Open Access: All
    21:57:00 McShield.exe:2560 SET INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileBasicInformation
    21:57:00 McShield.exe:2560 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileBasicInformation
    21:57:00 McShield.exe:2560 CLOSE C:\WINDOWS\system32\regedit.com SUCCESS
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Length: 0
    21:57:00 explorer.exe:2336 READ C:\WINDOWS\system32\regedit.com END OF FILE Offset: 0 Length: 4096
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS FileNameInformation
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Attributes: HS
    21:57:00 explorer.exe:2336 DIRECTORY C:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformation: regedit.com
    21:57:00 explorer.exe:2336 QUERY INFORMATION C:\WINDOWS\system32\regedit.com SUCCESS Length: 0
    21:57:00 explorer.exe:2336 CLOSE C:\WINDOWS\system32\regedit.com SUCCESS
     
  8. popozuda52

    popozuda52 TS Rookie Topic Starter

    lol there you go, hope it makes sum sort of sense to u
     
  9. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    There you go.. You have regedit.com in windows\system32 that takes priority over the real regedit.exe. This is most certainly malicious software!

    Delete the regedit.com file immedately. Scan your computer with a different antivirus/antispywae - your current ones are obviously useless. Always update the virus and spyware definitions before scanning your computer.
     
  10. popozuda52

    popozuda52 TS Rookie Topic Starter

    lol i have scanned it wit avg pro an mcafee an both find nothin, anyways you got any recomendations for AV software? supposing i do delete regedit.com dont i need to replace the file??

    thanx for your help so far btw
     
  11. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Are your antivirus definitions up to date? It could be a custom piece of malware that hasn't appeared on the radar of AV makers or doesn't cliassify as a virus for them.. What antispyware did you use?

    It's a fake file and shouldn't be there, deleting it won't hurt anything.
     
  12. popozuda52

    popozuda52 TS Rookie Topic Starter

    i use search an destroy and lavasoft pro, i ran a spyware scan on lavasoft an it pulled up sum mtu things so deleted them and went to search for regedit.com, guess wat it aint there so go to run type regedit an hey presto it works anyways run file monitor to see if i can spot a change from the last time and before i even run regedit it comes up wit this:

    20:52:40 explorer.exe:2408 QUERY INFORMATION C:\WINDOWS\system32\regedit.com NOT FOUND Attributes: Error
    20:52:40 explorer.exe:2408 QUERY INFORMATION C:\WINDOWS\system32\regedit.com NOT FOUND Attributes: Error
    20:52:40 explorer.exe:2408 QUERY INFORMATION C:\WINDOWS\system32\regedit.com NOT FOUND Attributes: Error
    any idea how i can find out what is searching for the regedit.com file cause i guess it aint helping my system performance, seeing as though filemon has recorded it over and over 400 times in the las 2 mins lol
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  14. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Filemon says, it is explorer.exe trying to open that file. So you either have an infected Explorer or (more likely), the regedit.com location is written somewhere in Explorer configuration in the system registry. Search for it and remove any references.
     
  15. popozuda52

    popozuda52 TS Rookie Topic Starter

    seem to have fixed it wooo lol followed the links u posted howard an have only done half of em but regedit opens up now an explorer no longer searches for regedit.com no idea wat it was but tis gone now anyway.

    gunna folow the rest of the fixes on the link an flush all the crap out my system

    thanx for all yr help

    mike
    :)
     
  16. yohann

    yohann TS Rookie

    Props to the RealBlackStuff

    hey there justhad the same problem as posted and found an answer in rbs's reply to seventhson last year.. my solution is goto system32 del regedit.com
    then to progam files here is wherei used realblackstuff's knowledge> find winupdates (or winupdate apparently) open del both files that are not "system" files then go to regedit (it will work after del the fake regedit file) and search winupdates or win update del all keys and data then reboot... regedit works taskmanager works and now able to del the system file winwhatever youre outta there... thank again this is a great site... :haha:
     
  17. popozuda52

    popozuda52 TS Rookie Topic Starter

    fixed

    soz for not postin for ages but got fed up of the laptop i had an took it back (it was a hp zd8000 btw) so if anyone is readin this stay far away from this laptop. gettin a sony vaio fe11s today so hopefully it's better then that was, still i did manage to sort all the reg stuff out b4 i swapped it so at least if it does happen again i'll no wat to do

    thanx all

    mike :haha:
     
  18. blindarkness

    blindarkness TS Rookie

    help please

    Hi
    i have had a similar problem as above. I have followed the steps recommended.
    regedit32.com does show up on FileMon however when i attempt to delete it, it cannot be found. how do i find it to delete it?

    also another related problem pertaining to not being able to find a file.
    whenever i run a scan on my system it scans a file called 'Complete' it is full of all kinds of .zip files and movies and stuff. i think it came from p2p software and its killing my memory but i cannot seem to locate it to delete it. i have even searched the hidden files.

    thanks in advance for the help
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...