HKEY_CLASSES_ROOT

Discussion in 'adware, spyware & hijack cleaning' started by sbsd, Jul 14, 2004.

Thread Status:
Not open for further replies.
  1. sbsd

    sbsd Registered Member

    Joined:
    Jul 3, 2004
    Posts:
    17
    Hi

    I have had a problem for a long time. The case is that if I do a scan with Spybot S&D on a XP account that is limited, it finds a MySearch file. But if I do a Spybot S&D scan on a XP account that is administrator it never finds the MySearch file.

    The thing is, with the limited account, S&D isn´t able to delete the MySearch file until a restart. If I do a restart, and scan again, it once again finds the MySearch file. It always comes back.

    Now I have searched on the Internet for MySearch and found information. The website said if I had any of these registry items (or something) I should delete it. One of those items was this:

    HKEY_CLASSES_ROOT\clsid\{014da6c9-189f-421a-88cd-07cfe51cff10}


    I then saw on my Spybot S&D log that the MySearch file was the exact same thing!!
    And now I have found out that I can delete it by going to Start->Run->regedit.

    If I then go to the HKEY_CLASSES_ROOT folder, and then into the "clsid" folder and I finally can see the folder called {014da6c9-189f-421a-88cd-07cfe51cff10}.
    Inside that folder is a file.

    What I wonder is if I should delete the folder named {014da6c9-189f-421a-88cd-07cfe51cff10} by right clicking on it and chose delete? Is it safe? Or will my computer break down?

    Thanks.

    p.s. I have already gotten help with my HiJackThis log and there was nothing more to do with it according to the guy who helped me, all I wonder is if I can delete the registry items as I have described above without braking my computer?
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Yes it is; it doesn't belong on your computer. However you NEED to make sure that the ONLY thing you delete is that {014da6c9-189f-421a-88cd-07cfe51cff10} subkey (subfolder) in HKEY_CLASSES_ROOT\CLSID.

    I suggest you create a System Restore point before proceding. There's no Recycle Bin in the Registry; what you remove is gone forever, which is why you can't be careful enough when editing it.
     
  3. sbsd

    sbsd Registered Member

    Joined:
    Jul 3, 2004
    Posts:
    17
    Thanks. I just have another quick question before I delete it. In the folder {014da6c9-189f-421a-88cd-07cfe51cff10} there is another folder called InprocServer32, is that a problem? Or doesn´t it matter, if that get deleted as well?
     
    Last edited: Jul 15, 2004
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Nope, the entire {014da6c9-189f-421a-88cd-07cfe51cff10} "folder" can be deleted. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.