redit is not a valid win32application?

[Guest]

Hi guys. I am running XP Pro with the latest SP2 updates.

I have a problem that has recently surfaced. If I attempt to run regedit. It
will not run - and creates the error message: "regedit is not a valid win32
application". Any ideas what may be wrong?

If I try to run regedt32.exe - that runs fine.I believe this is just an
emergency editor though?
Has one of my kids deleted or disabled something they shouldn't? Can I put
the error right?
Norton AV scans the computer as being clean BTW as does adaware and spybot,
so I don't think I am virused
Thanks...........

 

[Kerry Brown]

Hi guys. I am running XP Pro with the latest SP2 updates.

I have a problem that has recently surfaced. If I attempt to run
regedit. It will not run - and creates the error message: "regedit
is not a valid win32 application". Any ideas what may be wrong?

If I try to run regedt32.exe - that runs fine.I believe this is just
an emergency editor though?
Has one of my kids deleted or disabled something they shouldn't? Can
I put the error right?
Norton AV scans the computer as being clean BTW as does adaware and
spybot, so I don't think I am virused
Thanks...........

Regedt32.exe is just a shell that runs regedit.exe for backwards
compatibilty with Windows 2000. This means that there may be an extra copy
of regedit on your system. Some malware may cause these symptoms.
Regedit.exe is normally in your C:\Windows folder. Look to see if there any
files called regedit.com or regedit.bat or regedit.cmd in the Windows
folder. Make sure the regedit.exe file is from Microsoft. In Windows
Explorer browse to the Windows folder and hover the mouse cursor over
regedit.exe. You should see a box with the Company Name and file version
etc.

Kerry

 

[Guest]

Regedt32.exe is just a shell that runs regedit.exe for backwards
compatibilty with Windows 2000. This means that there may be an extra copy
of regedit on your system. Some malware may cause these symptoms.
Regedit.exe is normally in your C:\Windows folder. Look to see if there any
files called regedit.com or regedit.bat or regedit.cmd in the Windows
folder. Make sure the regedit.exe file is from Microsoft. In Windows
Explorer browse to the Windows folder and hover the mouse cursor over
regedit.exe. You should see a box with the Company Name and file version
etc.

Kerry

Thanks for the reply, Kerry.

The regedit file is located within the windows folder and it IS the
Microsoft version, properties state it is version: 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158).

I now find that if I double click the Regedit folder itself - it
actuallyopens the registry editor as it should, so I guess that bit must be
OK.

BUT, If I try to open it from the Run window located on the start menu - it
gives me the error message as previously described.

Any ideas please?

 

[Kerry Brown]

Thanks for the reply, Kerry.

The regedit file is located within the windows folder and it IS the
Microsoft version, properties state it is version: 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158).

I now find that if I double click the Regedit folder itself - it
actuallyopens the registry editor as it should, so I guess that bit
must be OK.

BUT, If I try to open it from the Run window located on the start
menu - it gives me the error message as previously described.

Any ideas please?

What happens if you type the full path in the run window? e.g.
C:\Windows\regedit.exe Then try C:\Windows\regedit without the .exe Report
back with the results.

Kerry

 

[Guest]

What happens if you type the full path in the run window? e.g.
C:\Windows\regedit.exe Then try C:\Windows\regedit without the .exe Report
back with the results.

Kerry

LOL - This is so weird - it runs fine when I do that. Either
C:\Windows\regedit or C:\Windows\regedit .exe opens the registry as it should

It used to run by just entering "regedit" in the same window - maybe
Microsoft have just updated things?

 

[Kerry Brown]

LOL - This is so weird - it runs fine when I do that. Either
C:\Windows\regedit or C:\Windows\regedit .exe opens the registry as
it should

It used to run by just entering "regedit" in the same window - maybe
Microsoft have just updated things?

You have another copy of a program called regedit.??? somewhere. This is
usually malware of some sort. Do a search for "regedit" making sure in the
advanced options you have it set to search hidden and system folders. The
legitimate files are:

regedit.exe in the Windows folder
regedit.chm in the Windows\Help folder
regedit.chw in the Windows\Help folder
regedit.hlp in the Windows\Help folder
possibly regedit.exe in the Windows\System32\dllcache folder

Anything else is suspect.

I recommend you try another antivirus and antispyware scan with a different
program.

http://www.ewido.net/en/

http://www.webroot.com/

http://housecall.trendmicro.com/

There are some very good malware removal tools here:

http://www.ik-cs.com/got-a-virus.htm

Kerry

 

[Wesley Vogel]

Do a search for regedit.* on your machine.

Type: regedit.* in the Search for files or folders named box.

That will find all regedit files on your machine.

See this first...
HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;302347

If you find a file called regedit.com that is *not* in a folder named
C:\EmergencyUtils that was created by purposely going here...

xp_emegencyutil.exe - Creates usable copies of REGEDIT, MSCONFIG and Task
Manger
http://www.dougknox.com/xp/utils/xp_emerutils.htm

then you have a trojan/virus/worm.

I.e. C:\Windows\system\REGEDIT.COM

Typing regedit in Start | Run with a REGEDIT.COM file in existence,
REGEDIT.COM will try to open first, before regedit.exe.

REGEDIT.COM is not a normal Windows XP file. It is either a
trojan/virus/worm or a file that you created on purpose by going to Doug
Knox's website.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

You have another copy of a program called regedit.??? somewhere. This is
usually malware of some sort. Do a search for "regedit" making sure in the
advanced options you have it set to search hidden and system folders. The
legitimate files are:

regedit.exe in the Windows folder
regedit.chm in the Windows\Help folder
regedit.chw in the Windows\Help folder
regedit.hlp in the Windows\Help folder
possibly regedit.exe in the Windows\System32\dllcache folder

Anything else is suspect.

I recommend you try another antivirus and antispyware scan with a different
program.

http://www.ewido.net/en/

http://www.webroot.com/

http://housecall.trendmicro.com/

There are some very good malware removal tools here:

http://www.ik-cs.com/got-a-virus.htm

Kerry

Thanks for the help Kerry. Regedit appears in the following places
C:\windows - 143kb Modified 04/08/2004
c:\windows\$NtservicePackUninstall$ - 131kb modified 29/8/2002
c:\windows\system32 - 0kb modified 28/02/2006
c:\windows\servicepackfiles\i386 - 143kb date modified 04/08/2004
c:windows\system32\dllcache - 131kb date modified 29/08/2004

Two more entries - these puzzle me, dunno if they are genuine or not?

c;\windows\SoftwareDistribution\download\16b2c96a0c41f4dfdb4d3cc228a4f819 -
143kb date modified 04/08/2004

and
C:\Windows\SoftwareDistribution\download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10 - 143kb date modified 04/08/2004

All are applications. What do you think?

 

[Guest]

You have another copy of a program called regedit.??? somewhere. This is
usually malware of some sort. Do a search for "regedit" making sure in the
advanced options you have it set to search hidden and system folders. The
legitimate files are:

regedit.exe in the Windows folder
regedit.chm in the Windows\Help folder
regedit.chw in the Windows\Help folder
regedit.hlp in the Windows\Help folder
possibly regedit.exe in the Windows\System32\dllcache folder

Anything else is suspect.

I recommend you try another antivirus and antispyware scan with a different
program.

http://www.ewido.net/en/

http://www.webroot.com/

http://housecall.trendmicro.com/

There are some very good malware removal tools here:

http://www.ik-cs.com/got-a-virus.htm

Kerry

I should add that they all mouse over as being genuine Microsoft files -
except the zero kb regedit file listed in c:\windows\system32 - that is just
listed as a MS-DOS file - no mention of Microsoft..........

 

[Kerry Brown]

Thanks for the help Kerry. Regedit appears in the following places
C:\windows - 143kb Modified 04/08/2004
c:\windows\$NtservicePackUninstall$ - 131kb modified 29/8/2002
c:\windows\system32 - 0kb modified 28/02/2006
c:\windows\servicepackfiles\i386 - 143kb date modified 04/08/2004
c:windows\system32\dllcache - 131kb date modified 29/08/2004

Two more entries - these puzzle me, dunno if they are genuine or not?

c;\windows\SoftwareDistribution\download\16b2c96a0c41f4dfdb4d3cc228a4f819
- 143kb date modified 04/08/2004

and
C:\Windows\SoftwareDistribution\download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10
- 143kb date modified 04/08/2004

All are applications. What do you think?

Those are folders are part of Windows updates. Should be OK. You should do a
scan for malware.

Kerry

 

[Kerry Brown]

I should add that they all mouse over as being genuine Microsoft
files - except the zero kb regedit file listed in c:\windows\system32
- that is just listed as a MS-DOS file - no mention of
Microsoft..........

I missed that one reading tor post. Delete it or rename it. It is the most
likely culprit. It is likely the 0 kb file will return or you will not be
able to delete or rename it.

Scan your computer for malware. It is likely you are infected with
something.

Kerry

 

[Guest]

absolutely Thanks to both for your help - Wesley you were spot on mate.

The zero KB regedit file in my system folder was a .com file. I simply
renamed it and the application opened as it should.

I will leave it renamed just to make sure the system stays stable and delete
it tomorrow.

How the hell that junk got into my PC I cannot fathom.

I have Norton 2005 AV and update it regularly. I scan my entire system
weekly.

I use Zone Alarm Pro. I use Adaware Pro, I use Spybot - all are updated and
run regularly.

Just goes to show - never be complacent.

Thank you both very very much.

 

[Rick \Nutcase\ Rogers]

See if regedit.com exists in the \windows\system32 folder. If so, delete it.
Then restart into safe mode and run a full system scan with your preferred
antivirus software.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Windows help - www.rickrogers.org

 

[Kerry Brown]

absolutely Thanks to both for your help - Wesley you were spot on
mate.

The zero KB regedit file in my system folder was a .com file. I simply
renamed it and the application opened as it should.

I will leave it renamed just to make sure the system stays stable and
delete it tomorrow.

How the hell that junk got into my PC I cannot fathom.

I have Norton 2005 AV and update it regularly. I scan my entire system
weekly.

I use Zone Alarm Pro. I use Adaware Pro, I use Spybot - all are
updated and run regularly.

Just goes to show - never be complacent.

Thank you both very very much.

Your welcome. Scan your computer with different software. The file didn't
appear out of nowhere, something put it there. No single antivirus or
antispyware prorgam will catch everything. It may be that Norton caught the
malware and that was just a leftover remnant. It wouldn't hurt to check with
other programs to be sure.

Kerry

 

[Wesley Vogel]

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html


Do a search for the *.com files mentioned above.

I believe that these are the legitimate Windows XP *.com files.

In C:\WINDOWS\system32\ or %windir%\system32\
chcp.com (Change CodePage Utility)
command.com (MS-DOS Prompt)
diskcomp.com (Disk Comparison Utility)
diskcopy.com (Disk Copy Utility)
edit.com (MS-DOS Editor)
format.com (Disk Format Utility)
graftabl.com (Graftabl Utility)
graphics.com (graphics for compatibility with MS-DOS files)
kb16.com (16-bit keyboard mapping utility, previously known as the Keyb.com
utility)
loadfix.com (loadfix)
mode.com (DOS Device MODE Utility)
more.com (More Utility)
tree.com (Tree Walk Utility)
win.com (WIN.COM for compatibility??? WIN.COM was the executable file
used to load Microsoft Windows 3.1, 3.11, 95 and 98. I have no idea what it
does in XP.)
NTDETECT.COM (NTDETECT detects installed hardware components when XP boots.)

You may have more legitimate .com files such as WZ.COM (WinZip running DOS
program). C:\Program Files\WinZip\WZ.COM or %programfiles%\WZ.COM

COM extension, is short for Command and is an executable file like .EXE only
smaller. Supposed to be less than 64K in size.

When you run a command that does not contain an extension, Cmd.exe uses the
value of the PATHEXT environment variable to determine which extensions to
look for and in what order. The default value for the PATHEXT variable is:

..COM;.EXE;.BAT;.CMD

The Run command uses the same rule.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In