Registry question...

Discussion in 'privacy problems' started by erikguy, Jan 27, 2006.

Thread Status:
Not open for further replies.
  1. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    My dear Wilders friends, it's been a while since I've asked a question like this but here goes.... Is there a way to tell what process is holding which registry keys? And if so how? A friend of mine had a serious malware infection on her computer and so far I've removed almost all of it but Spybot still reports these two keys by CMD Service. It tells me to scan at start-up but no matter how many times I do this I'm just not successful. Also, is there a way to scrub a reg key/value regardless of whether it's being held in memory or not? I really like Spybot's shredder for this reason but it obviously only works for files. Thank you in advance for your help.
     
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi erikguy.

    For finding out what is accessing the registry,try this http://www.sysinternals.com/Utilities/Regmon.html

    Have you tried booting into safe mode to edit the registry?
    Or with some keys,you have to modify the permissions,keys like HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_...
    You have to right-click on the key in question,select 'permissions',and then highlight 'everyone' in the top pane,then put a tick in the 'allow' 'full control' box.
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    If all else fails, one method I have used is to backup the registry with ERUNT and edit the backup registry hives it saves using something like RegdatXP. After saving your changes, use ERUNT's restore function to swap the hives you edited.

    Nick
     
  4. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Hey!! Not a bad idea, Nick!! Thanks, you're awesome.
     
  5. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    I just thought of something... I know I've seen good registry editors as replacements for the regular built-in RegEditor in Windows. Anybody have any good recommendations?
     
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  7. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
  8. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Oh nice!! Thanks friends!!
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    The cmdService is not removed by Spybot because the permissions for the registry keys were altered.

    This procedure will work.

    Please download delcmdservice (by Marckie), and save it to your Desktop.
    • Unzip the content to your Desktop (a folder named delcmdservice)
    • Double-click on the delcmdservice folder
    • Double-click on delreg.bat to launch the tool
    • When the tool has finished, please reboot your computer

    Hope it helps anyone.

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.