HKEY_CLASSES_ROOT

Discussion in 'adware, spyware & hijack cleaning' started by sbsd, Jul 14, 2004.

Thread Status:
Not open for further replies.
  1. sbsd

    sbsd Registered Member

    Joined:
    Jul 3, 2004
    Posts:
    17
    Hi

    I have had a problem for a long time. The case is that if I do a scan with Spybot S&D on a XP account that is limited, it finds a MySearch file. But if I do a Spybot S&D scan on a XP account that is administrator it never finds the MySearch file.

    The thing is, with the limited account, S&D isn´t able to delete the MySearch file until a restart. If I do a restart, and scan again, it once again finds the MySearch file. It always comes back.

    Now I have searched on the Internet for MySearch and found information. The website said if I had any of these registry items (or something) I should delete it. One of those items was this:

    HKEY_CLASSES_ROOT\clsid\{014da6c9-189f-421a-88cd-07cfe51cff10}


    I then saw on my Spybot S&D log that the MySearch file was the exact same thing!!
    And now I have found out that I can delete it by going to Start->Run->regedit.

    If I then go to the HKEY_CLASSES_ROOT folder, and then into the "clsid" folder and I finally can see the folder called {014da6c9-189f-421a-88cd-07cfe51cff10}.
    Inside that folder is a file.

    What I wonder is if I should delete the folder named {014da6c9-189f-421a-88cd-07cfe51cff10} by right clicking on it and chose delete? Is it safe? Or will my computer break down?

    Thanks.

    p.s. I have already gotten help with my HiJackThis log and there was nothing more to do with it according to the guy who helped me, all I wonder is if I can delete the registry items as I have described above without braking my computer?
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,351
    Location:
    The Netherlands
    Yes it is; it doesn't belong on your computer. However you NEED to make sure that the ONLY thing you delete is that {014da6c9-189f-421a-88cd-07cfe51cff10} subkey (subfolder) in HKEY_CLASSES_ROOT\CLSID.

    I suggest you create a System Restore point before proceding. There's no Recycle Bin in the Registry; what you remove is gone forever, which is why you can't be careful enough when editing it.
     
  3. sbsd

    sbsd Registered Member

    Joined:
    Jul 3, 2004
    Posts:
    17
    Thanks. I just have another quick question before I delete it. In the folder {014da6c9-189f-421a-88cd-07cfe51cff10} there is another folder called InprocServer32, is that a problem? Or doesn´t it matter, if that get deleted as well?
     
    Last edited: Jul 15, 2004
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,351
    Location:
    The Netherlands
    Nope, the entire {014da6c9-189f-421a-88cd-07cfe51cff10} "folder" can be deleted. :)
     
Thread Status:
Not open for further replies.