That is a common technique that malware likes to use to have executable files run something else (or prevent them from running) (Its actually a built in feature of windows)
2 ways to fix this:
-Rename the file to something else
OR
Go here in the registry(regedit) - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Then find the key with the name of the executable (in your case it is msconfig.exe)
Look in that key for a value called Debugger (Usually is a REG_SZ). Once you delete that it will work.
Just curious, what is in the Debugger key?
My guess is it is either garbage (like a 0, or the path to some non-existing executable that was used to run the malware application, but was previously removed)
You could replicate this behavior pretty simply. Example using Task Manager:
Go here: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
(You will probably need to create the taskmgr.exe key under Image File Execution Options)
Then add a REG_SZ value called Debugger.
Change the data of that value to a 0. Now do Win+R --> Taskmgr (see the results?)
Or instead of a 0, change it to services.exe. Do the same. (Notice it doesn't run? That is because services.exe checks to see if it is already running, and terminates)
OR change it to calc.exe. Do the same (See now when you type in taskmgr.exe or click on it in system32, then Calculator will run instead?)
Basically it is a built in way that Windows allows debuggers to run on applications (which need to be executed first), so they built the checking mechanism for the Image File Execution Options key, into one of its internal APIs (System function): CreateProcess
The reason why explorer.exe (the run dialog) says that it failed when trying to run the executable that you specified/clicked on, is because it only reports back what was given in. So if the debugger key was present for that image file (like msconfig.exe, taskmgr.exe, rstrui.exe, cmd.exe, etc) then when explorer executes that file, it called CreateProcess. Explorer doesn't know what CreateProcess does internally other than its return status (like success or fail, and sometimes a good reason why). But really CreateProcess is trying to execute "0" instead (if a 0 was in that debugger reg value), in which case it fails, tells explorer of this status, and explorer says "hey, what you typed in did work because no file was found. Sorry"
Haha.
BTW, I would recommend you use Autoruns instead of Msconfig, and Process Explorer instead of Task manager:
Autoruns -
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Process Explorer -
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Also, if for some chance that no debugger key is present for the msconfig.exe key within Image File Execution Options, then that means there is some existing malware on your system that is hooking(monitoring) system functions like Create Process to prevent it from succeeding based on what ever rules its developer setup (like preventing specific file names, paths, etc)
To remove that would take a lot more work to do
Facebook
Twitter
Instagram