WUGNET, the Windows User Group Network
Your Complete Resource Center for "The Best" in Shareware, Computing Tips and Support, Windows Industry News... and much more!
Home Forums Shareware Windows Tips Hot Offers FREE Newsletters Arcade Contact Us About Partners
Search WUGNET: RSS Feeds RSS Feeds Advertise with WUGNET    |    Shareware eBooks
HomeHome FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

can't remove entries from registry

  
   Home -> Windows Other -> Registry RSS
Next:  RUNDLL: An exception occured while trying to run  
Author Message
Jeff

External


Since: May 23, 2005
Posts: 4



(Msg. 1) Posted: Wed Jun 15, 2005 10:32 am
Post subject: can't remove entries from registry
Archived from groups: microsoft>public>windowsnt>registry (more info?)
I'm trying to clean up after a virus infection on an XP Pro SP2 machine. I
have a list of all the registry entries added by the virus, and want to
manually delete them. I can find them easily enough, but when I try to
delete them I get an 'unable to delete all occurrences' message (or words
very similar!).

I'm not very experienced in editing the registry - I usually use a util to
keep it tuned - and I know how dangerous it can be. But although I've
removed the virus exe from the machine, and prevented firewall_anti from
loading or running, I still have all these registry entries that I'd like to
get rid of. What's the right way to do it please? I'm right-clicking the
reg entry concerned and choosing delete. Edit/Delete gives me the same
message. As I say, I have what seems like an accurate list of the reg
entries made by the virus (from Sophos).

Any pointers greatly appreciated, thanks
Back to top
Login to vote
Calvin

External


Since: Feb 23, 2004
Posts: 794



(Msg. 2) Posted: Thu Jun 16, 2005 8:21 am
Post subject: Re: can't remove entries from registry [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Jeff,

I'm more experienced with NT4, but these comments should apply equally to XP:

Most people are unaware of it, but NT actually has security settings on registry
settings, just like it does on files on a NTFS volume. When you try to delete
one of the registry entries and get a refusal from the system, it is likely that
the virus has set the permissions to prevent you from deleting it.

With the offending registry key highlighted, select 'Security > Permissions'
from the menu and set the permissions back to 'Everyone - Full Control', then
you will be allowed to delete it. Be aware that you may need to tick the box for
'replace on all sub-keys' as well, if the key you are trying to delete has
subkeys underneath it - a locked key further down the branch you are trying to
kill will cause the same 'refused' symptoms you described.

Use extreme care of course !

Hope this helps,

Calvin.
Back to top
Login to vote
Display posts from previous:   
       Home -> Windows Other -> Registry All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum
Categories:
 Windows XP
 Windows Vista
  Windows Other
 Office
 Office Other
 Security
 WinRAR
  • Home |
  • Shareware |
  • Windows Tips |
  • Hot Offers |
  • FREE Newsletters |
  • Arcade |
  • Forums |
  • eBooks |
  • About WUGNET |
  • Partners |
  • Contact

  • WUGNET Privacy Policy |
  • Link to WUGNET