Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

'Image File Execution Options: File not found' ?

Started by flat-erica , Jul 17 2011 09:38 PM

  • Please log in to reply

#1
flat-erica
Posted 17 July 2011 - 09:38 PM

flat-erica

    Member

  • Member
  • PipPip
  • 86 posts
I believe this is a Windows issue, hi-lited by Autoruns (system internals).

Based on the dates of my posts on geekstogo, my pc was 'cleansed' of a major problem around 25 September 2010.
The Autoruns report showed this under 'Image Hijacks':-


September 2010

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "Your Image File Name Here without a path" "Symbolic Debugger for Windows 2000" "Microsoft Corporation" "c:\windows\system32\ntsd.exe"


..which I believe was ok. Not sure what happened afterwards, but it changed to:-


9 November 2010

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "Your Image File Name Here without a path" "" "" "File not found: kîOw„û”8ðOw´w"

When pasted into Google, it looked like this: kîOw„û”
A list of sites did appear, all with weird symbols (including my one) in their listings!
Here's another example:-

11 November 2010

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "Your Image File Name Here without a path" "" "" "File not found: ƕ器ƕ愈ƕ粐Ȩ粑￿

Google's response was: 'Your search - ï¡„Æ•ï¨¸Æ•ïªˆÆ•î¤ ç² È©ç²‘ï¿¿ - did not match any documents.'

This Autorun entry still haunts me!
Today when I ran AR, there was '1/4' (a quarter symbol) at the end (wish I had taken a screenshot :) ), but it didn't show up in the text file here:-


17 July 2011 (today)

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "Your Image File Name Here without a path" "" "" "File not found: Ɨ器Ɨ愈Ɨ粐Ȩ粑￿

The strange thing is, when I used the Autoruns compare option, the entry showed in green: I believe this means that the entry had changed somehow, but I can't see where or how! (Sadly, I often forget to save as both .arn AND .txt files so April was my last saved text report to compare!)

I'm baffled.
I have Googled it a few times, but discovered very little - maybe perl language or something (doh?) If so, why?

On my pc, everything seems to be running fine so I'm not overly worried - yet!
I just know it's not quite right and it's niggling away at me! (Hmm.. had that feeling before did I not.. just before I joined geekstogo in fact! hmmm)
Ahem. Paranoia aside, what do you think? Should I worry?
Thanks in advance.
  • 0

Advertisements

#2
Macboatmaster
Posted 18 July 2011 - 09:12 AM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
You will notice that you had similar entries when your computer was examined by the Malware expert..

[2010/02/27 22:16:37 | 000,000,000 | ---D | M](C:\Documents and Settings\2harts\Application Data\???????sAppData) -- C:\Documents and Settings\2harts\Application Data\敎潲䍄敔灭慬整sAppData


You will probably be aware that this in autoruns means that the registry entry exists

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "Your Image File Name Here without a path" "" "" "File not found: Ɨ器Ɨ愈Ɨ粐Ȩ粑￿


But that the actual file cannot be found.

To be safe I suggest you go back to the Malware forum, following the procedure that you adopted when you posted there in September last year.
I notice that the advisor who helped you then kindly extended the invitation to PM him, if you did post again.

You could simply use autoruns to delete that registry key, but it is NOT the course of action that I think is the best.
I hope you are NOT still running that P2P program.
Good luck with it.

Edited by Macboatmaster, 18 July 2011 - 09:12 AM.

  • 0

#3
flat-erica
Posted 18 July 2011 - 03:33 PM

flat-erica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Thanks Macboatmaster. I think I get it - it's not a 'bad thing'.
And you are right - I shall do nothing for now.
I have pm'd my friend and await his valued response also.
As for the p2p thing, absolutely NOT! Got rid of that with the 'cleansing' :)

All is well! I just want to understand the above issue.
Cheers the noo.

Edited by flat-erica, 18 July 2011 - 03:39 PM.

  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP