A
Andrew Aronoff
I'm running Windows XP Pro SP2 under MS Virtual PC (VPC) 2004 SP1. The
VPC XP install is perfectly clean as is the host system. I received
via e-mail a SOFTWARE hive from a system infected by adware.
RootKitRevealer was run on the infected PC and it identified a
HKLM\Software\Classes\CLSID\InprocServer32 key with the following
anomaly:
Key name contains embedded nulls (*)
I copied the SOFTWARE hive to a folder accessible to the VPC install.
I opened REGEDIT and loaded the SOFTWARE hive. The InprocServer32 key
cannot be viewed. The error message is: "Cannot open InprocServer32:
Error while opening key." Ownership and permissions cannot be reset on
this key. Neither this key nor the parent key can be deleted.
How can this key be managed with Regedit so it can be deleted and,
optionally, viewed?
regards, Andy
--
**********
Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com
To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org
**********
VPC XP install is perfectly clean as is the host system. I received
via e-mail a SOFTWARE hive from a system infected by adware.
RootKitRevealer was run on the infected PC and it identified a
HKLM\Software\Classes\CLSID\InprocServer32 key with the following
anomaly:
Key name contains embedded nulls (*)
I copied the SOFTWARE hive to a folder accessible to the VPC install.
I opened REGEDIT and loaded the SOFTWARE hive. The InprocServer32 key
cannot be viewed. The error message is: "Cannot open InprocServer32:
Error while opening key." Ownership and permissions cannot be reset on
this key. Neither this key nor the parent key can be deleted.
How can this key be managed with Regedit so it can be deleted and,
optionally, viewed?
regards, Andy
--
**********
Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com
To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org
**********