Jump to content

regedit

Guest elmarsa dice

By Guest elmarsa dice
in Windows XP

 Share

Recommended Posts

Guest elmarsa dice

Guest elmarsa dice

Posted
Posted

mpwxpg readers,

 

I greatly appreciate any help with the following problem. I have

checked the ms knowlege base and followed the directions given but

have not been able to resolve the problem.

The Problem:

My computer was infected by spyware trojans that disabled the Taskmgr

and Regedit utilities on the "computer administrator" desktop

(start>run>regedit or taskmgr). In both instances, when trying to run

the utilities I got the "regedit/taskmgr disabled by your

administrator" error message. Both utilities were still visible on

the guest desktop and in safe mode "administrator" but not in

"computer administrator". The trojans were contained in the antispy

spider and Wild Tangent links. I was able to remove all the malware

by using legitimate programs like McAfee and SuperAntiSpyware and a

lot of searching for unusual files and registry keys in safe mode. I

then went to the knowledge base and followed the directions for

removing the "register editing and TaskMgr disabled by your

administrator" error message. It worked ok for the task manager but

regedit is still disabled. I am able to modify the registry in safe

mode using the "administrator" desktop (start>run>regedit) but cannot

use it from the "computer administrator" desktop (start>run>regedit)

I have checked the permissions and they all seem to be consistant with

my other computer that was not infected. I also tried to install

service pack 3 that stalled on a "access denied" error during the

install process. I think this may be somehow related to the regedit

problem. I would greatly appreciate any help someone can give me to

resolve this problem.

  • Replies 6
  • Created
  • Last Reply

Popular Days

Popular Days

Guest db.·.. >

Guest db.·.. >

Posted
Posted

Re: regedit

 

infections usually corrupt

system files or replace

the genuine system files

with modified ones.

 

so even though the

antivirals may have

zapped the infected

files, the genuine

system files were not

replaced, thus you

are finding irregularities

with your system.

 

further, what you may

have discovered to be

dysfunctional in windows

may not be all and only

time will tell what else

you will be discovering.

 

therefore, i suggest to

simply do a "repair

installation" with your

windows setup cd.

 

the process is automated,

validating thousands of

systems files and replacing

the missing or corrupted ones

with the genuine ones from

the cd.

 

further, the "repair installation"

will delete all the old system

restore points and create a

brand new one.

 

this is beneficial because your

system may have long been

infected and old system restore

points will likely contain

the infection.

 

here is a link with more

info:

 

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

 

--

 

db·´¯`·...¸><)))º>

 

"elmarsa dice" <thewalrussaid@lycos.com> wrote in message

news:3ke6341nget68dqqsfljtkppelvccg242q@4ax.com...

> mpwxpg readers,

>

> I greatly appreciate any help with the following problem. I have

> checked the ms knowlege base and followed the directions given but

> have not been able to resolve the problem.

> The Problem:

> My computer was infected by spyware trojans that disabled the Taskmgr

> and Regedit utilities on the "computer administrator" desktop

> (start>run>regedit or taskmgr). In both instances, when trying to run

> the utilities I got the "regedit/taskmgr disabled by your

> administrator" error message. Both utilities were still visible on

> the guest desktop and in safe mode "administrator" but not in

> "computer administrator". The trojans were contained in the antispy

> spider and Wild Tangent links. I was able to remove all the malware

> by using legitimate programs like McAfee and SuperAntiSpyware and a

> lot of searching for unusual files and registry keys in safe mode. I

> then went to the knowledge base and followed the directions for

> removing the "register editing and TaskMgr disabled by your

> administrator" error message. It worked ok for the task manager but

> regedit is still disabled. I am able to modify the registry in safe

> mode using the "administrator" desktop (start>run>regedit) but cannot

> use it from the "computer administrator" desktop (start>run>regedit)

> I have checked the permissions and they all seem to be consistant with

> my other computer that was not infected. I also tried to install

> service pack 3 that stalled on a "access denied" error during the

> install process. I think this may be somehow related to the regedit

> problem. I would greatly appreciate any help someone can give me to

> resolve this problem.

Guest Malke

Guest Malke

Posted
Posted

Re: regedit

 

elmarsa dice wrote:

> mpwxpg readers,

>

> I greatly appreciate any help with the following problem. I have

> checked the ms knowlege base and followed the directions given but

> have not been able to resolve the problem.

> The Problem:

> My computer was infected by spyware trojans that disabled the Taskmgr

> and Regedit utilities on the "computer administrator" desktop

> (start>run>regedit or taskmgr). In both instances, when trying to run

> the utilities I got the "regedit/taskmgr disabled by your

> administrator" error message. Both utilities were still visible on

> the guest desktop and in safe mode "administrator" but not in

> "computer administrator". The trojans were contained in the antispy

> spider and Wild Tangent links. I was able to remove all the malware

> by using legitimate programs like McAfee and SuperAntiSpyware and a

> lot of searching for unusual files and registry keys in safe mode. I

> then went to the knowledge base and followed the directions for

> removing the "register editing and TaskMgr disabled by your

> administrator" error message. It worked ok for the task manager but

> regedit is still disabled. I am able to modify the registry in safe

> mode using the "administrator" desktop (start>run>regedit) but cannot

> use it from the "computer administrator" desktop (start>run>regedit)

> I have checked the permissions and they all seem to be consistant with

> my other computer that was not infected. I also tried to install

> service pack 3 that stalled on a "access denied" error during the

> install process. I think this may be somehow related to the regedit

> problem. I would greatly appreciate any help someone can give me to

> resolve this problem.

 

I'm sorry to tell you this but there is a strong probability that your

computer is still not clean. At this point, I urge you to get guided help

by choosing one of the following specialty forums. Register and read its

posting FAQ. You will generally be asked to:

 

1. Download and execute HiJack This! (HJT) -

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

 

2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word

wrap"

 

3. Download/run Deckard's System Scanner -

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

4. Save the scan results (Main.txt and Extra.txt)

 

5. And then post the contents of Main.txt and Extra.txt in your post at the

forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

 

http://aumha.org/downloads/hijackthis.zip

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn

http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another

tutorial

http://aumha.net/ - Click on the HijackThis forum. Read the announcement and

the stickies *first*.

http://www.atribune.org/forums/index.php?showforum=9

http://aumha.net/viewforum.php?f=30

http://www.bleepingcomputer.com/forums/forum22.html

http://castlecops.com/forum67.html

http://www.dslreports.com/forum/cleanup

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

http://gladiator-antivirus.com/forum/index.php?showforum=170

http://spywarewarrior.com/viewforum.php?f=5

http://forums.techguy.org/54-security/

 

 

Malke

--

MS-MVP

Elephant Boy Computers

http://www.elephantboycomputers.com

Don't Panic!

Guest pcbutts1 [MS MVP]

Guest pcbutts1 [MS MVP]

Posted
Posted

Re: regedit

 

What happens if you type regedit.exe instead of just regedit. If regedit.exe

works then search for and delete the file regedit.com, there is more to do

but first check to see if regedit.exe works.

 

 

--

Ignore posts made by the person called Leythos, he is a stalker who's been

obsessed with me for years ever since I spurned his advances towards me.

 

 

 

 

"elmarsa dice" <thewalrussaid@lycos.com> wrote in message

news:3ke6341nget68dqqsfljtkppelvccg242q@4ax.com...

> mpwxpg readers,

>

> I greatly appreciate any help with the following problem. I have

> checked the ms knowlege base and followed the directions given but

> have not been able to resolve the problem.

> The Problem:

> My computer was infected by spyware trojans that disabled the Taskmgr

> and Regedit utilities on the "computer administrator" desktop

> (start>run>regedit or taskmgr). In both instances, when trying to run

> the utilities I got the "regedit/taskmgr disabled by your

> administrator" error message. Both utilities were still visible on

> the guest desktop and in safe mode "administrator" but not in

> "computer administrator". The trojans were contained in the antispy

> spider and Wild Tangent links. I was able to remove all the malware

> by using legitimate programs like McAfee and SuperAntiSpyware and a

> lot of searching for unusual files and registry keys in safe mode. I

> then went to the knowledge base and followed the directions for

> removing the "register editing and TaskMgr disabled by your

> administrator" error message. It worked ok for the task manager but

> regedit is still disabled. I am able to modify the registry in safe

> mode using the "administrator" desktop (start>run>regedit) but cannot

> use it from the "computer administrator" desktop (start>run>regedit)

> I have checked the permissions and they all seem to be consistant with

> my other computer that was not infected. I also tried to install

> service pack 3 that stalled on a "access denied" error during the

> install process. I think this may be somehow related to the regedit

> problem. I would greatly appreciate any help someone can give me to

> resolve this problem.

Guest elmarsa dice

Guest elmarsa dice

Posted
Posted

Re: regedit

 

On Tue, 20 May 2008 18:11:15 -0700, "pcbutts1 [MS MVP]"

<pcbutts1@leythosthestalker.com> wrote:

>What happens if you type regedit.exe instead of just regedit. If regedit.exe

>works then search for and delete the file regedit.com, there is more to do

>but first check to see if regedit.exe works.

 

To all of you that offered help: Thank you very much. I tried the

simplest first, that from pcbutts1, and it didn't work.

Guest pcbutts1 [MS MVP]

Guest pcbutts1 [MS MVP]

Posted
Posted

Re: regedit

 

Did you get the same error or a different one? What about regedit.com did

you search and find that? The reason I'm asking is because malware will

replace regedit.exe with the bad regedit.com which sounds like what happened

to you.

 

 

--

Ignore posts made by the person called Leythos, he is a stalker who's been

obsessed with me for years ever since I spurned his advances towards me.

 

 

 

 

"elmarsa dice" <thewalrussaid@lycos.com> wrote in message

news:69l83414tor0vrvf73rlrvmd0kndp6d29p@4ax.com...

> On Tue, 20 May 2008 18:11:15 -0700, "pcbutts1 [MS MVP]"

> <pcbutts1@leythosthestalker.com> wrote:

>

>>What happens if you type regedit.exe instead of just regedit. If

>>regedit.exe

>>works then search for and delete the file regedit.com, there is more to do

>>but first check to see if regedit.exe works.

>

> To all of you that offered help: Thank you very much. I tried the

> simplest first, that from pcbutts1, and it didn't work.

Guest elmarsa dice

Guest elmarsa dice

Posted
Posted

Re: regedit

 

On Wed, 21 May 2008 14:31:09 -0700, "pcbutts1 [MS MVP]"

<pcbutts1@leythosthestalker.com> wrote:

>Did you get the same error or a different one? What about regedit.com did

>you search and find that? The reason I'm asking is because malware will

>replace regedit.exe with the bad regedit.com which sounds like what happened

>to you.

 

I didn't find regedit.com but I did find something called

Regedit.exe-2AE3423E.pf as a search result. I found the file and

deleted it, rebooted without effect.

I kept trying different things and finally found that the permissions

on the regedit file were incorrect. Correcting them solved the

problem.

Thank you all again for the advice. I learned something new today.

 Share
Go to topic listing
×
×
  • Create New...