Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Can't delete registry entry !! (suspected virus / trojan a..

 
   Security Forums (Home) -> General Discussions RSS
Next:  (UPDATE) MalwareBytes AntiMalware v1.30  
Author Message
Hari Hari Mau

External


Since: Oct 23, 2008
Posts: 1



(Msg. 1) Posted: Thu Oct 23, 2008 1:05 am
Post subject: Can't delete registry entry !! (suspected virus / trojan attack !)
Archived from groups: 24hoursupport>helpdesk, others (more info?)

Just now I did a scan on registry, and found some suspecting entries
there. So I use regedit trying to delete those entries.

Lo and behold, when I tried to delete those entries, I got the "Unable
to delete all specified values" error message, and they stay put !

The registry entries are located at HKEY_Local_Machine->System-
ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)

What can I do about these registries ?

How to delete them ???

Please help !!

 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
richard

External


Since: Oct 23, 2008
Posts: 1



(Msg. 2) Posted: Thu Oct 23, 2008 2:39 am
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack !) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On Thu, 23 Oct 2008 01:05:59 -0700 (PDT), Hari Hari Mau
<harimau.mau.DeleteThis@gmail.com> wrote:

>Just now I did a scan on registry, and found some suspecting entries
>there. So I use regedit trying to delete those entries.
>
>Lo and behold, when I tried to delete those entries, I got the "Unable
>to delete all specified values" error message, and they stay put !
>
>The registry entries are located at HKEY_Local_Machine->System-
>ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>
>What can I do about these registries ?
>
>How to delete them ???
>
>Please help !!


Most likely because they're in use.
Such as with the windows operating system.
Oh sure, you go right ahead and be big bad know it all technician and
just delete stuff you don't know squat about.
Don't come back and ask how come my system just crashed.

First, ya might want to do a search on the web for those keys and find
out what they're all about.
Or at least the program it mentions.

This is probably the number one cause of why windows user have
problems. They don't know enough and they think they're gonna get
ahead and delete stuff they know nothing about.

I have found that in the past anyway, regedit leaves behind a lot of
stuff that is related to MS in any way. Even though it's ancient
history. Suggest you try other cleaners and might want to try out
"hijackthis".

 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
ASCII

External


Since: Jul 02, 2008
Posts: 7



(Msg. 3) Posted: Thu Oct 23, 2008 4:23 am
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack !) [Login to view extended thread Info.]
Imported from groups: alt>comp>virus (more info?)

Back to top
Login to vote
gregg

External


Since: Oct 23, 2008
Posts: 1



(Msg. 4) Posted: Thu Oct 23, 2008 8:26 am
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack [Login to view extended thread Info.]
Archived from groups: 24hoursupport>helpdesk, others (more info?)

On Thu, 23 Oct 2008 01:05:59 -0700, Hari Hari Mau wrote:

> Just now I did a scan on registry, and found some suspecting entries
> there. So I use regedit trying to delete those entries.
>
> Lo and behold, when I tried to delete those entries, I got the "Unable
> to delete all specified values" error message, and they stay put !
>
> The registry entries are located at HKEY_Local_Machine->System-
> ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>
> What can I do about these registries ?
>
> How to delete them ???
>
> Please help !!

Sorry, I am running Linux and I don't have a Registry or an Anti-Virus.
 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
Damian

External


Since: Sep 17, 2006
Posts: 109



(Msg. 5) Posted: Thu Oct 23, 2008 10:03 am
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack !) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

gregg wrote:
>
> Sorry, I am running Linux

I'm so sorry. You must be pathetic.
 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
Unknown

External


Since: Sep 18, 2007
Posts: 6



(Msg. 6) Posted: Thu Oct 23, 2008 10:12 am
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack !) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

You may think you don't have a registry but you really have. It may not be
called a registry but it is there.
"gregg" <gregg.RemoveThis@NOSPAMsaneearth.org> wrote in message
news:gdpni711hmk@news1.newsguy.com...
> On Thu, 23 Oct 2008 01:05:59 -0700, Hari Hari Mau wrote:
>
>> Just now I did a scan on registry, and found some suspecting entries
>> there. So I use regedit trying to delete those entries.
>>
>> Lo and behold, when I tried to delete those entries, I got the "Unable
>> to delete all specified values" error message, and they stay put !
>>
>> The registry entries are located at HKEY_Local_Machine->System-
>> ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>>
>> What can I do about these registries ?
>>
>> How to delete them ???
>>
>> Please help !!
>
> Sorry, I am running Linux and I don't have a Registry or an Anti-Virus.
 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
Unknown

External


Since: Sep 18, 2007
Posts: 6



(Msg. 7) Posted: Thu Oct 23, 2008 1:54 pm
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack !) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Just try to create (write) any operating system without a registry. I would
venture to say 'impossible'.
Get a program listing for the program you want to find the registry for.
"Aardvark" <aardvark.DeleteThis@youllnever.know> wrote in message
news:073Mk.43232$WX2.33169@newsfe17.ams2...
> Moronic top-posting corrected:
>
>
> On Thu, 23 Oct 2008 10:12:49 -0500, Unknown wrote:
>
>> "gregg" <gregg.DeleteThis@NOSPAMsaneearth.org> wrote in message
>> news:gdpni711hmk@news1.newsguy.com...
>>> On Thu, 23 Oct 2008 01:05:59 -0700, Hari Hari Mau wrote:
>>>
>>>> Just now I did a scan on registry, and found some suspecting entries
>>>> there. So I use regedit trying to delete those entries.
>>>>
>>>> Lo and behold, when I tried to delete those entries, I got the "Unable
>>>> to delete all specified values" error message, and they stay put !
>>>>
>>>> The registry entries are located at HKEY_Local_Machine->System-
>>>> ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>>>>
>>>> What can I do about these registries ?
>>>>
>>>> How to delete them ???
>>>>
>>>> Please help !!
>>>
>>> Sorry, I am running Linux and I don't have a Registry or an Anti-Virus.
>
>> You may think you don't have a registry but you really have. It may not
>> be called a registry but it is there.
>
> Please do tell where I can find my registry and how to recognise this
> registry when I find it.
>
>
> --
> Liverpool. European City Of Culture 2008
> http://www.liverpool08.com
 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
freemont

External


Since: Oct 23, 2008
Posts: 1



(Msg. 8) Posted: Thu Oct 23, 2008 4:27 pm
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

top posting fixed
On Thu, 23 Oct 2008 13:54:18 -0500, Unknown writ:

> "Aardvark" <aardvark RemoveThis @youllnever.know> wrote in message
> news:073Mk.43232$WX2.33169@newsfe17.ams2...
>> Moronic top-posting corrected:
>>
>>
>> On Thu, 23 Oct 2008 10:12:49 -0500, Unknown wrote:
>>
>>> "gregg" <gregg RemoveThis @NOSPAMsaneearth.org> wrote in message
>>> news:gdpni711hmk@news1.newsguy.com...
>>>>
>>>> Sorry, I am running Linux and I don't have a Registry or an
>>>> Anti-Virus.
>>
>>> You may think you don't have a registry but you really have. It may
>>> not be called a registry but it is there.
>>
>> Please do tell where I can find my registry and how to recognise this
>> registry when I find it.

/etc? Only /etc isn't a database with cryptically-named "keys", it's a
collection of text files, so... So much for that comparison. Neutral

> Just try to create (write) any operating system without a registry. I
> would venture to say 'impossible'.

If you're creating a Windows operating system, sure.

--
"Because all you of Earth are idiots!"
¯`·.¸¸.·´¯`·-> freemont© <-·´¯`·.¸¸.·´¯
 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
David H. Lipman

External


Since: Jul 04, 2003
Posts: 1735



(Msg. 9) Posted: Thu Oct 23, 2008 5:32 pm
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack !) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

From: "Hari Hari Mau" <harimau.mau RemoveThis @gmail.com>

| Just now I did a scan on registry, and found some suspecting entries
| there. So I use regedit trying to delete those entries.

| Lo and behold, when I tried to delete those entries, I got the "Unable
| to delete all specified values" error message, and they stay put !

| The registry entries are located at HKEY_Local_Machine->System-
| ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)

| What can I do about these registries ?

| How to delete them ???

| Please help !!

The problem here is you have NOT properly identified the the registry entries.

correct would be...
Example:
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BADSOFTWARE

By using "LEGACY_xxxyyy" we don't know if this is a legitimate entries that should NOT be
removed or if they are justified to be removed.

*Willy nilly deleting Registry keys should NOT be performed.*

There are several possibilities as to WHY you can not remove the entries.

1. The Registry key is based upon a legitimate process that is currently running and/or
is protected.

2. The Registry key is based upon malicious code and the malware that created it, and
is present on the PC, is protecting the key from removal.

3. The Registry key is based upon malicious code and the malware that created it, has
changed permissions on the key.

4. The Registry key is using invalid characters such as the NUL character.

If it is #3, change of permissions, you can gain permissions back.

Using my above example...

Right-Click on "LEGACY_BADSOFTWARE" and choose "Permissions"
Highlight "Everyone" or "Administrator" or you account and check the box for Allow "Full
Control".
Now click on "Advanced"
Now un-check the box for; "Inherit from parent..."
and check the box; "Replace permission entries on all child objects..."

Hit; "Apply" and then "Ok"

Now try to delete "LEGACY_BADSOFTWARE".

Alternatively you may have to take ownership and do likewise.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
Pennywise

External


Since: Dec 18, 2006
Posts: 3



(Msg. 10) Posted: Fri Oct 24, 2008 11:10 pm
Post subject: Re: Can't delete registry entry !! (suspected virus / trojan attack !) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Hari Hari Mau <harimau.mau.RemoveThis@gmail.com> wrote:

>The registry entries are located at HKEY_Local_Machine->System-
>ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>
>What can I do about these registries ?

Don't worry about it. It's not only not your current control set it's
not even your back up one (ControlSet001).

--

enceladus_up_close
http://www.boston.com/bigpicture/2008/10/enceladus_up_close.html
 >> Stay informed about: Can't delete registry entry !! (suspected virus / trojan a.. 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Basic Trojan entry question - I'm one of the lucky ones that hasn't had problems with Trojans. I use a firewall, NAT, and keep all my comptuters updated, and of course I'm very careful in my web surfing. A friend of mine, however, is having trouble. He uses Norton, which he keeps..

Trojan virus found..cannot delete right now - I am running BitDefender's online virus scan. It has found msdom2.dll, in the \windows\system32\ folder, which is a trojan virus. Bitdefender could not delete it. Is there a way to delete it manually, without rebooting? I've tried unlocker, but it..

Disabled registry from new trojan - I recently had my computer infected with four trojans due to them being new and undetected by the majority of anti-virus programs. So I submitted them to AVG who confirmed they were trojans and updated their virus definitions. This removed the four..

Trojan Stuck in registry, System Restore Unavailble - Hiho, I have a Trojan. Packed. 9 and other spyware trapped in my WinXP registry and I can't get it out. It is intefering with my IE as well as all my other online programs (AOL, gaming, etc). Norton and SpyDoctor do nothing. Will a registry cleaner solv...

Trojan but can't delete - I have had a trojan but my anti-virus caught it. the folder where it is I can't delete it, it says that the program is being used by another program or person. Is there a way to remove this folder? I done a full virus scan and it found no others and..
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]