Unable to delete a registry key, even in safe mode

gwilks98 · 04-26-2006, 08:55 AM

I was cleaning off someone's computer (massive infection) and I got everything off the machine, except for the hole that's responsible for it all.

I think I've traced it down to some registry values under HKLM>CurrentControlSet, (as confirmed by spybot) but nothing can get rid of these keys. I can't even manually delete them in safe mode.

All virus and spyware scans confirm the problem, but are unable to remove the threat.

The only think I can think of is that he's got some rootkit on there, but I'm not good enough with rootkit revealer to be able to tell for sure.

Anyone have any expierence with this?

Jeffbx · 04-26-2006, 10:02 AM

You need the ultimate boot CD for XP:

http://www.ubcd4win.com/

You can boot & run XP off of the CD, and then do whatever you want to the registry on the C:\ drive

Markel · 04-26-2006, 11:20 AM

I have had some customers that ended up with registry corruption that prevented them from deleting certain keys (that had to do with our software). Their problem ended up being corruption in the permissions (via regedt32). Seems that there was nothing that could be done to remedy it (short of reinstalling the OS).

mechmike0034 · 04-26-2006, 12:40 PM

http://forums.gotapex.com/showthread.php?t=98404

Has a permissions repair tool:

http://wiki.djlizard.net/Dial-a-fix_...tration_errors

gwilks98 · 04-26-2006, 06:14 PM

I'll give these suggestions a try and get back to you guys. Thanks.

04-26-2006, 08:55 AM	#1
gwilks98 Vice Admiral Join Date: Aug 2000 Location: StL Posts: 4,300	Unable to delete a registry key, even in safe mode I was cleaning off someone's computer (massive infection) and I got everything off the machine, except for the hole that's responsible for it all. I think I've traced it down to some registry values under HKLM>CurrentControlSet, (as confirmed by spybot) but nothing can get rid of these keys. I can't even manually delete them in safe mode. All virus and spyware scans confirm the problem, but are unable to remove the threat. The only think I can think of is that he's got some rootkit on there, but I'm not good enough with rootkit revealer to be able to tell for sure. Anyone have any expierence with this? __________________ "I know the pieces fit, cause I watched them fall away." "Cold silence has A tendancy to Atrophy any Sense of compassion." MJK Last edited by gwilks98 : 04-26-2006 at 09:02 AM.

04-26-2006, 11:20 AM	#3
Markel Chief of Naval Operations Join Date: Feb 2001 Posts: 11,733	I have had some customers that ended up with registry corruption that prevented them from deleting certain keys (that had to do with our software). Their problem ended up being corruption in the permissions (via regedt32). Seems that there was nothing that could be done to remedy it (short of reinstalling the OS). __________________ stay low... keep moving...

04-26-2006, 12:40 PM	#4
mechmike0034 aka the keg killer Join Date: Dec 2002 Location: Ala-effin'-bama! Posts: 2,738	http://forums.gotapex.com/showthread.php?t=98404 Has a permissions repair tool: http://wiki.djlizard.net/Dial-a-fix_...tration_errors __________________ "The price of progress is trouble." (C. F. "Boss" Kettering) "50% of the American public has below-average intelligence. 70% of the American public now has regular access to the Internet. Do the math." (unknown)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

04-26-2006, 10:02 AM	#2
Jeffbx Fleet Admiral Join Date: Mar 2000 Location: Michigan Posts: 9,390	You need the ultimate boot CD for XP: http://www.ubcd4win.com/ You can boot & run XP off of the CD, and then do whatever you want to the registry on the C:\ drive

04-26-2006, 06:14 PM	#5
gwilks98 Vice Admiral Join Date: Aug 2000 Location: StL Posts: 4,300	I'll give these suggestions a try and get back to you guys. Thanks.

User Name
Password
Remember Me?