As part of their routine, many worms and Trojans make changes to the registry. Some of them change one or more of the shell\open\command keys. If these keys are changed, the worm or Trojan will run each time that you run certain files.
For example, if the \exefile\shell\open\command key is changed, the threat will run each time that you run any .exe file. This may also stop you from running the Registry Editor to try to fix this.
They may also change a registry value so that you cannot run the Registry Editor at all.
WARNING: Do not use this tool unless you need to.
Follow these steps:
1: Download the file
UnHookExec.inf and save it to your Windows desktop.
(If you cannot connect to the Internet from the infected computer, download to an uninfected computer then save it to a floppy disk. Then take the floppy disk and insert it in the floppy disk drive of the infected computer.)
Note: The tool has a .inf file extension.
2: Locate the download file, either on the Windows desktop or the floppy disk.
3: Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)
4: Follow any other instructions for the threat that you are trying to remove