RegEdit Permissions Message

  • Thread starter Thread starter Slider
  • Start date Start date
S

Slider

Hello All,

I've run into a problem that I can't seem to resolve. I'm running Windows
2000 and am the only user of this system. The admin. The problem is that
today I discovered that I was unable to load the RegEdit application. The
returned error was "Registry editing had been disabled by your
administrator.".

Knowing that I hadn't taken away registry editing rights from myself I
started to evaluate my system. Low and behold I found that I was also NOT
able to view the running processes in the Task Manager. I was able to see
the Applications and CPU Usage but not the Processes. When I'd start the
task manager the processes would flash in the window and then the window
blanked out. So... I started to investigate using a few applications for
viewing processes which I downloaded from various developer sites. I found
that an application called vxdmon.exe was running in my processes tab (not
the applications tab) and then further found out that this bit of code is a
Trojan. I managed to delete the nasty little file from my system and kill
the running process (vxdmon.exe) and now I can now view my processes in the
Task Manager. However I am still unable to access the RegEdit application as
I continue to get the "Registry editing had been disabled by your
administrator.". message.

Does anyone know how I can and where I set my permissions to allow me to
utilize the RegEdit application once again. Any help would be greatly
appreciated.

Thanks!
============================================================================
===
NOTE: I also dug up the following information that appears to have been in
some way related to the vxdmon.exe file. I was able to possibly trace the
source back to the following server ...

I may have been routed through this server and picked up this file there
somehow.

cookeville-68-112-71-160.midtn.net (A server just outside of a little
town in Tenn. called Cookeville)

Registrant: Software Research Laboratories
P.O. Box 11555
Murfreesboro, TN 37129

Contact (e-mail address removed)
615--943-3678

The fact that this IP appears at the same time the vxdmon file appeared and
this IP showed up in my active services listing (when I hadn't navigated to
this server) makes me wonder if this company, Software Research Laboratories
is responsible for spreading this file either knowingly or unknowingly.

The funny thing and probably just a coincidence but I was in Cookeville
visiting a friends relatives 2 years ago. Quaint
little place with one diner, one laundry mat a few tiny groceries and repair
shops. Beautiful area though.
 
Use the Group policy editor
%windir%\system32\gpedit.msc
User Config\Admin Templates\System\Prevent Access To registry Editing
Tools="Not Configured"

(usually spyware/ junkware that sets this Reg_Dword decimal value to 1)
DisableRegistryTools
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"Slider" <None> wrote:
| Hello All,
|
| I've run into a problem that I can't seem to resolve. I'm running Windows
| 2000 and am the only user of this system. The admin. The problem is that
| today I discovered that I was unable to load the RegEdit application. The
| returned error was "Registry editing had been disabled by your
| administrator.".
|
| Knowing that I hadn't taken away registry editing rights from myself I
| started to evaluate my system. Low and behold I found that I was also NOT
| able to view the running processes in the Task Manager. I was able to see
| the Applications and CPU Usage but not the Processes. When I'd start the
| task manager the processes would flash in the window and then the window
| blanked out. So... I started to investigate using a few applications for
| viewing processes which I downloaded from various developer sites. I found
| that an application called vxdmon.exe was running in my processes tab (not
| the applications tab) and then further found out that this bit of code is
a
| Trojan. I managed to delete the nasty little file from my system and kill
| the running process (vxdmon.exe) and now I can now view my processes in
the
| Task Manager. However I am still unable to access the RegEdit application
as
| I continue to get the "Registry editing had been disabled by your
| administrator.". message.
|
| Does anyone know how I can and where I set my permissions to allow me to
| utilize the RegEdit application once again. Any help would be greatly
| appreciated.
|
| Thanks!
|
============================================================================
| ===
| NOTE: I also dug up the following information that appears to have been in
| some way related to the vxdmon.exe file. I was able to possibly trace the
| source back to the following server ...
|
| I may have been routed through this server and picked up this file there
| somehow.
|
| cookeville-68-112-71-160.midtn.net (A server just outside of a little
| town in Tenn. called Cookeville)
|
| Registrant: Software Research Laboratories
| P.O. Box 11555
| Murfreesboro, TN 37129
|
| Contact (e-mail address removed)
| 615--943-3678
|
| The fact that this IP appears at the same time the vxdmon file appeared
and
| this IP showed up in my active services listing (when I hadn't navigated
to
| this server) makes me wonder if this company, Software Research
Laboratories
| is responsible for spreading this file either knowingly or unknowingly.
|
| The funny thing and probably just a coincidence but I was in Cookeville
| visiting a friends relatives 2 years ago. Quaint
| little place with one diner, one laundry mat a few tiny groceries and
repair
| shops. Beautiful area though.
|
|
 
You're welcome.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"Slider" <None> wrote:
| Dave,
|
| Fantastic! Your advice was right on the money. All's working fine
now.
| Thank you for the reply. I do appreciate your knowledge and willingness
to
| share from experience. Thanks again.
 
Dave,

Fantastic! Your advice was right on the money. All's working fine now.
Thank you for the reply. I do appreciate your knowledge and willingness to
share from experience. Thanks again.

Dave Patrick said:
Use the Group policy editor
%windir%\system32\gpedit.msc
User Config\Admin Templates\System\Prevent Access To registry Editing
Tools="Not Configured"

(usually spyware/ junkware that sets this Reg_Dword decimal value to 1)
DisableRegistryTools
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"Slider" <None> wrote:
| Hello All,
|
| I've run into a problem that I can't seem to resolve. I'm running Windows
| 2000 and am the only user of this system. The admin. The problem is that
| today I discovered that I was unable to load the RegEdit application. The
| returned error was "Registry editing had been disabled by your
| administrator.".
|
| Knowing that I hadn't taken away registry editing rights from myself I
| started to evaluate my system. Low and behold I found that I was also NOT
| able to view the running processes in the Task Manager. I was able to see
| the Applications and CPU Usage but not the Processes. When I'd start the
| task manager the processes would flash in the window and then the window
| blanked out. So... I started to investigate using a few applications for
| viewing processes which I downloaded from various developer sites. I found
| that an application called vxdmon.exe was running in my processes tab (not
| the applications tab) and then further found out that this bit of code is
a
| Trojan. I managed to delete the nasty little file from my system and kill
| the running process (vxdmon.exe) and now I can now view my processes in
the
| Task Manager. However I am still unable to access the RegEdit application
as
| I continue to get the "Registry editing had been disabled by your
| administrator.". message.
|
| Does anyone know how I can and where I set my permissions to allow me to
| utilize the RegEdit application once again. Any help would be greatly
| appreciated.
|
| Thanks!
|
============================================================================
| ===
| NOTE: I also dug up the following information that appears to have been in
| some way related to the vxdmon.exe file. I was able to possibly trace the
| source back to the following server ...
|
| I may have been routed through this server and picked up this file there
| somehow.
|
| cookeville-68-112-71-160.midtn.net (A server just outside of a little
| town in Tenn. called Cookeville)
|
| Registrant: Software Research Laboratories
| P.O. Box 11555
| Murfreesboro, TN 37129
|
| Contact (e-mail address removed)
| 615--943-3678
|
| The fact that this IP appears at the same time the vxdmon file appeared
and
| this IP showed up in my active services listing (when I hadn't navigated
to
| this server) makes me wonder if this company, Software Research
Laboratories
| is responsible for spreading this file either knowingly or unknowingly.
|
| The funny thing and probably just a coincidence but I was in Cookeville
| visiting a friends relatives 2 years ago. Quaint
| little place with one diner, one laundry mat a few tiny groceries and
repair
| shops. Beautiful area though.
|
|
Click to expand...
 
Back
Top