HELP! - IE Registry Hacked

  • Thread starter Thread starter Derek O'Harrow
  • Start date Start date
D

Derek O'Harrow

Hi there.

My registry settings for IE keep getting hacked.

The registry key tree HKCU\Software\Microsoft\Internet Explorer\Main... is
hacked such that I don't have access.

I am already running Norton Internet Security, Norton Anti-Virus, AdAware,
Spybot S&D and SpywareBlaster and none of these has fixed it.

I know I can manually fix this by logging in as Admin, and re-setting the
permissions, and then re-creating the tree, but this is quite painful.

(1) How can I tell what is causing this.
(2) How can I prevent it?
(3) How can I automatically fix the problem (e.g. a script).
(4) What should the correct permissions be on this tree?

Thanks!

Derek
 
How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q318378

Troubleshooting Internet Explorer in Windows XP
http://www.kellys-korner-xp.com/xp_ie.htm

Please visit the Internet Explorer newsgroup experts:
news://msnews.microsoft.com/microsoft.public.windows.inetexplorer.ie6.browser

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-----------------------------------------------------------------------------------------


| Hi there.
|
| My registry settings for IE keep getting hacked.
|
| The registry key tree HKCU\Software\Microsoft\Internet Explorer\Main... is
| hacked such that I don't have access.
|
| I am already running Norton Internet Security, Norton Anti-Virus, AdAware,
| Spybot S&D and SpywareBlaster and none of these has fixed it.
|
| I know I can manually fix this by logging in as Admin, and re-setting the
| permissions, and then re-creating the tree, but this is quite painful.
|
| (1) How can I tell what is causing this.
| (2) How can I prevent it?
| (3) How can I automatically fix the problem (e.g. a script).
| (4) What should the correct permissions be on this tree?
|
| Thanks!
|
| Derek
 
How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q318378

Troubleshooting Internet Explorer in Windows XP
http://www.kellys-korner-xp.com/xp_ie.htm

Please visit the Internet Explorer newsgroup experts:
news://msnews.microsoft.com/microsoft.public.windows.inetexplorer.ie6.browser

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-----------------------------------------------------------------------------------------


| Hi there.
|
| My registry settings for IE keep getting hacked.
|
| The registry key tree HKCU\Software\Microsoft\Internet Explorer\Main... is
| hacked such that I don't have access.
|
| I am already running Norton Internet Security, Norton Anti-Virus, AdAware,
| Spybot S&D and SpywareBlaster and none of these has fixed it.
|
| I know I can manually fix this by logging in as Admin, and re-setting the
| permissions, and then re-creating the tree, but this is quite painful.
|
| (1) How can I tell what is causing this.
| (2) How can I prevent it?
| (3) How can I automatically fix the problem (e.g. a script).
| (4) What should the correct permissions be on this tree?
|
| Thanks!
|
| Derek
 
You don't need to recreate the branch. Just right click the Main sub key and select Permissions. Reassign the appropriate permissions. Press the F5 key to refresh the display and you'll see the contents.
 
You don't need to recreate the branch. Just right click the Main sub key and select Permissions. Reassign the appropriate permissions. Press the F5 key to refresh the display and you'll see the contents.
 
Could you tell me what the "appropriate" permissions are (by default).

Also, is there a way to do this on boot? As when I'm logged in I don't have
permission to do this anymore.

Thanks!

You don't need to recreate the branch. Just right click the Main sub key
and select Permissions. Reassign the appropriate permissions. Press the F5
key to refresh the display and you'll see the contents.
 
Could you tell me what the "appropriate" permissions are (by default).

Also, is there a way to do this on boot? As when I'm logged in I don't have
permission to do this anymore.

Thanks!

You don't need to recreate the branch. Just right click the Main sub key
and select Permissions. Reassign the appropriate permissions. Press the F5
key to refresh the display and you'll see the contents.
 
Derek,

There's no way I know of to do it at boot (one of the reasons NTFS is secure). When you say you don't have permissions, you get an error when you try to change the permissions? Or when you try to load Regedit?

If its the latter, see www.dougknox.com, Win XP Utilities, Windows XP Security Console. The restriction for Regedit, and a number of other settings can be controlled with this utility.

If its the former, you may need to boot the computer in Safe Mode and log into the built in Administrator account. See my site, Win XP Tips, Advanced Registry Editing for a method of accessing a different user profile's portion of the Registry from this account.

The default permissions are:

Administrators - Full Control
Restricted - Read
System - Full Control

And on my system, my username has Full Control as well.
 
Derek,

There's no way I know of to do it at boot (one of the reasons NTFS is secure). When you say you don't have permissions, you get an error when you try to change the permissions? Or when you try to load Regedit?

If its the latter, see www.dougknox.com, Win XP Utilities, Windows XP Security Console. The restriction for Regedit, and a number of other settings can be controlled with this utility.

If its the former, you may need to boot the computer in Safe Mode and log into the built in Administrator account. See my site, Win XP Tips, Advanced Registry Editing for a method of accessing a different user profile's portion of the Registry from this account.

The default permissions are:

Administrators - Full Control
Restricted - Read
System - Full Control

And on my system, my username has Full Control as well.
 
Login with local admin rights and "Take ownership" of this key using
regedt32.exe, Security menu . As key owner you can change its access rights
even you have none rights defined for it.
 
Login with local admin rights and "Take ownership" of this key using
regedt32.exe, Security menu . As key owner you can change its access rights
even you have none rights defined for it.
 
REGEDT32.EXE is only a stub for loading REGEDIT, in Windows XP. All of the permissions functionality is now included in REGEDIT.
 
REGEDT32.EXE is only a stub for loading REGEDIT, in Windows XP. All of the permissions functionality is now included in REGEDIT.
 
You are right, but I replied this post from winnt.registry related group and
there is not OS related information in original post.

"Doug Knox MS-MVP" <[email protected]> píše v diskusním príspevku
REGEDT32.EXE is only a stub for loading REGEDIT, in Windows XP. All of the
permissions functionality is now included in REGEDIT.

--
In memory of Robert McGregor (aka Koldbear)
http://www.btinternet.com/~winnoel/winhelp.htm
--------------------------------
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
 
You are right, but I replied this post from winnt.registry related group and
there is not OS related information in original post.

"Doug Knox MS-MVP" <[email protected]> píše v diskusním príspevku
REGEDT32.EXE is only a stub for loading REGEDIT, in Windows XP. All of the
permissions functionality is now included in REGEDIT.

--
In memory of Robert McGregor (aka Koldbear)
http://www.btinternet.com/~winnoel/winhelp.htm
--------------------------------
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
 
Back
Top