WiseCleaner Think Tank
Encounter difficult computer problems?
All about maintenance and optimization of your Windows System.
Feb 23, 2021
Image File Execution Options refers to a new technology adopted by OSO virus for anti-virus software. Its effect is similar to file association. Through this technology, anti-virus software can also be put to death. It usually manifests as a regular program placed anywhere or after the system is repaired, there will be redirection or inoperability problems.
Let's assume a scenario to understand Image File Execution Options better. Suppose your child is addicted to games which leads to a decline in academic performance. You might think that it will be great if the game program does not run. Then, we can use Image File Execution Options technology to disable game software.
Before performing the following test, please make sure that your computer does not have antivirus software installed, because this technology is usually used by Trojan, so antivirus software will prohibit such operations.
Let’s take the Notepad program as an example.
Using the combine keys Win+R to open the Run window, enter regedit, and click OK to open the Registry Editor.
On the left side of the Registry Editor, navigate to the following registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Right-click the Image File Execution Options and select New -> Key, creating a New Key#1.
Rename the newly created file New Key#1 to notepad.exe.
Selected the newly key notepad.exe, right-click on the right window and select New -> String value, and create a New Value#1.
Change the name of New Value#1 to Debugger.
Double-click Debugger to pop up a dialog box, enter ntsd -d in the Value data text box, and click OK. Then the Image File Execution Options is done.
Now, let's try to open a text document and you will see this error message.
In fact, ntsd -d can also be replaced with other executable programs name, for example, WiseCare365.exe. Then Wise Care 365 will be opened when you try to open a text file.
If you do not have anti-virus software but cannot create a new key, then you need to set the permissions of the Image File Execution Options.
This method is more powerful. If you use this method on someone else's computer, it may cause someone to reinstall the system. So, be careful when using it!
As mentioned before, Trojan program usually uses image file execution options (IFEO) to change system settings. There is a problem: How to remove the incorrect Image File Execution Options? The answer is to delete the Debugger or fix the wrong associated program.
If you can open the Registry Editor, navigate to the following registry key, then delete the Debugger in the incorrect registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Of course, the registry cleaner in Wise Care 365and Wise Registry Cleaner can also remove image file execution options. The specific operations are as follows: