From: "Hari Hari Mau" <harimau.mau RemoveThis @gmail.com>
| Just now I did a scan on registry, and found some suspecting entries
| there. So I use regedit trying to delete those entries.
| Lo and behold, when I tried to delete those entries, I got the "Unable
| to delete all specified values" error message, and they stay put !
| The registry entries are located at HKEY_Local_Machine->System-
| ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
| What can I do about these registries ?
| How to delete them ???
| Please help !!
The problem here is you have NOT properly identified the the registry entries.
correct would be...
By using "LEGACY_xxxyyy" we don't know if this is a legitimate entries that should NOT be
removed or if they are justified to be removed.
*Willy nilly deleting Registry keys should NOT be performed.*
There are several possibilities as to WHY you can not remove the entries.
1. The Registry key is based upon a legitimate process that is currently running and/or
2. The Registry key is based upon malicious code and the malware that created it, and
is present on the PC, is protecting the key from removal.
3. The Registry key is based upon malicious code and the malware that created it, has
changed permissions on the key.
4. The Registry key is using invalid characters such as the NUL character.
If it is #3, change of permissions, you can gain permissions back.
Using my above example...
Right-Click on "LEGACY_BADSOFTWARE" and choose "Permissions"
Highlight "Everyone" or "Administrator" or you account and check the box for Allow "Full
Now click on "Advanced"
Now un-check the box for; "Inherit from parent..."
and check the box; "Replace permission entries on all child objects..."
Hit; "Apply" and then "Ok"
Now try to delete "LEGACY_BADSOFTWARE".
Alternatively you may have to take ownership and do likewise.
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a..