7

We have a user who is unable to open some .exe files by any means except for right-clicking on the file and selecting "Run as...", and specifying login info.

I've tried opening the file a number of ways. By default, it should be launched by another program, however I've also tried double-clicking it to open it, and starting it from the command prompt using start MyFile.exe

When trying to launch an executable, nothing appears to happen. The program does not appear in Task Manager and nothing appears to be getting started up at all.

But I still get EventId 592 in the EventManager saying "A new process has been created" and specifying the executable's name, and immediately afterwards there is EventId 593 saying "A process has exited" for the executable.

Right-clicking the file and using "Run as..." does not work if I choose the "Current user" radio option, however specifying "The following user" option and filling in the credentials for the current user works fine.

All the programs that are failing to open begin with a 3rd login control and use a 3rd party control library, however not all programs that start with that login control or use that 3rd party control library are failing to open.

What can cause this behavior, and what do I need to do to fix it?

Rachel
  • 405
  • 5
  • 20
  • Out of curiosity, are you on a domain and is this issue on a local machine or over terminal services? – Dave Mar 13 '13 at 14:17
  • @DaveRook The PC is part of our network domain, however it is a standalone computer and running applications locally. The problem occurs regardless of which profile is used to login to the machine. – Rachel Mar 13 '13 at 14:23
  • I wonder if this is a problem that it requires AD information, doesn't access it but the Run As performs some sort of look up – Dave Mar 13 '13 at 14:25
  • @Rachel - Just because you are logging into the local profile and even if that profile is an administrator does not mean you have all administrator powers since its a network domain account. This sounds like a configuration problem on the domain side. – Ramhound Mar 13 '13 at 14:40
  • @Ramhound The problem occurs when logged in as the domain administrator as well. In addition, it worked fine last week and the problem only started happening after cleaning some malware off the PC. My problem is I don't have any idea where to look to try and fix this. I'm currently investigating the possibly of some kind of missing AD info causing the problem, based on Dave Rook's comment above. – Rachel Mar 13 '13 at 14:47
  • Have you tried running SFC /SCANNOW to replace any damaged or corrupted system files? – CharlieRB Mar 13 '13 at 14:50
  • 1
    @Rachel - You had malware on this system? Why are you not using a restored configuration for the pc? – Ramhound Mar 13 '13 at 14:52
  • @CharlieRB Yes I did this morning, however it was asking for the Windows CD to repair a few files and I don't have access to that at the moment. One of my biggest problems is the PC is located at another branch, so I don't have physical access to the machine and have to wait until the users get in so I can instruct them to find the Windows CD and insert it. Do you think the problem could be with a corrupt system file? – Rachel Mar 13 '13 at 14:53
  • @Ramhound No restore points are configured for this machine as far as I know. – Rachel Mar 13 '13 at 14:55
  • 3
    @Rachel - You don't have a standard configuration image? I am trying to suggest you nuke the current image. Clearly the malware did more damage then you thought. I would ran sfc /scannow before you do anything. You need to repair those files before we can give you any other suggestions. Send a digital image of a system disk have somebody in the remote office burn the disk, then use that disk to repair the system files. – Ramhound Mar 13 '13 at 15:00
  • @Ramhound I would be more than happy to nuke this machine... the only reason I haven't so far is because I don't have physical access to it. We don't have an IT staff member on location there so I'm trying all other alternative I can think of first. – Rachel Mar 13 '13 at 15:04

1 Answers1

2

First thing that comes to mind is that a virus/trojan hijacked the .exe class by inserting a wrapper executable, and when you removed that virus, you lost that wrapper. I would check registry key HKEY_CLASSES_ROOT.exe entry and see if anything funny is going on there, possibly restoring it from another windows installation.

Tuncay Göncüoğlu
  • 174
  • 3
    This by far is the most evil thing about windows. You can write a registry entry and disable EVERY DAMN EXECUTABLE by putting a wrapper around it and running malware instead. – Rich Homolka Mar 13 '13 at 17:37
  • Thanks, but I checked both exefile and .exe against another XP machine and neither have anything unusual – Rachel Mar 14 '13 at 12:01