Have a computer that was hit with the PrettyPark.worm.
It has change registry value from "%1" %* to files32.vxd"%1" %*
No exe will fire up because of this. Is there a way to edit the Registry without RegEdit? The path in Windows is Start\run\regedit\HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command

(you might want to try www.mcafee.com!!)

Here's how to remove it (read it all, somewhere at the bottom is how you can do it with MS-DOS)

Removal Instructions
The order to remove this trojan is complicated by the depth to which the trojan hooks the operating system. The following procedure should remove the Trojan. With Windows 95/98, the registry can be loaded and edited using the program named REGEDIT while in Windows NT, you use REGEDT32

1) Identify and note the files associated with this trojan as detected by the scanner - do not remove the trojan at this time. If you have already removed the trojan, you will not be able to run REGEDIT steps below on the affected system. Proceed instead to step 11 listed below.

2) Open an MS-DOS prompt via the menu or click on START|RUN and type COMMAND and then

3) At the prompt, type START COMMAND and press and then start Regedit in Windows 95/98 by typing REGEDIT or in Windows NT type REGEDT32 and press

4) Remove references to the trojan from these keys of the registry

HKEY_CLASSES_ROOT\exefile\shell\open\command\
HKEY_LOCAL_MACHINE\exefile\CLASSES\exefile\shell\open\command\

(If this exists)
HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command

They should contain only the value not including brackets ["%1" %*].

5) If applicable, remove any keys that run the main trojan under

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\

And

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

6) If applicable, delete the registry key if it exists

HKEY_CLASSES_ROOT\.dl

and exit Regedit

7) If applicable, edit WIN.INI and remove the reference to the trojan from the run= line in the [windows] section.

8) If applicable, edit SYSTEM.INI and remove the reference to the trojan from the shell= line in the [boot] section. It should just contain the file EXPLORER.EXE.

9) Restart the system.

10) Delete the trojan program(s). If all is well the files should be deleted OK. If you get an error message saying that windows is unable to delete the file because it is in use, then you have made an error in the above procedure. Repeat steps 1 to 9 and try again.

11) In the event that the trojan was deleted before making the registry changes, it is still possible to repair the registry. You will need access to another computer, or at a minimum, access to MS-DOS on the affected system. Using MS-DOS edit, create a file called UNDO.REG with the following content (you can cut and paste):

REGEDIT4

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_LOCAL_MACHINE\exefile\CLASSES\exefile\shell\open\command]
@="\"%1\" %*"

12) Save this file to the Windows folder of the affected system as the file "UNDO.REG".

13) Click on START|RUN and type in UNDO.REG and press ENTER. The contents of UNDO.REG should be now imported to the registry.