Registry key not staying deleted

  • Thread starter Thread starter TJH
  • Start date Start date
T

TJH

I have a few win2k workstations, some in a client-server
config and some in a peer-peer config (2 different
networks). It was brought to my attention that these
workstations were affected by popups/spyware. In looking
at them, I scanned them with our AV and Anti-spyware
program. Found a few items and removed them properly. I
also go through the registry to look at the HKLM-Software-
Microsoft-Windows-CurrentVersion-Run key. I found an
entry that was definitely not a windows or approved
program entry. So, I deleted it.

To my dismay, it reappeared when I hit the F5 (refresh)
key in the registry editor (both regedt32 and regedit).
No matter if I tried to delete it or change the value, it
always reverted back.

I was logged in as an admin on the local machine when
trying to do this. I am 99% sure this is some spyware
garbage that has attached itself to the machine, but I
have not run across any spyware that prevents one from
removing the entries from the registry.

I would appreciate some help on why I am unable to delete
this particular registry entry (I had no problems removing
other 'known' garbage entries), how to prevent this from
happening in the future, and how to actually get rid of
this entry.


TIA
 
Appears some process is checking the existence of the value and is
recreating it. You'll need to first kill this process.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|I have a few win2k workstations, some in a client-server
| config and some in a peer-peer config (2 different
| networks). It was brought to my attention that these
| workstations were affected by popups/spyware. In looking
| at them, I scanned them with our AV and Anti-spyware
| program. Found a few items and removed them properly. I
| also go through the registry to look at the HKLM-Software-
| Microsoft-Windows-CurrentVersion-Run key. I found an
| entry that was definitely not a windows or approved
| program entry. So, I deleted it.
|
| To my dismay, it reappeared when I hit the F5 (refresh)
| key in the registry editor (both regedt32 and regedit).
| No matter if I tried to delete it or change the value, it
| always reverted back.
|
| I was logged in as an admin on the local machine when
| trying to do this. I am 99% sure this is some spyware
| garbage that has attached itself to the machine, but I
| have not run across any spyware that prevents one from
| removing the entries from the registry.
|
| I would appreciate some help on why I am unable to delete
| this particular registry entry (I had no problems removing
| other 'known' garbage entries), how to prevent this from
| happening in the future, and how to actually get rid of
| this entry.
|
|
| TIA
 
Back
Top