Can't delete registry entry !! (suspected virus / trojan attack !)

Just now I did a scan on registry, and found some suspecting entries
there. So I use regedit trying to delete those entries.

Lo and behold, when I tried to delete those entries, I got the "Unable
to delete all specified values" error message, and they stay put !

The registry entries are located at HKEY_Local_Machine->System-
ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)

What can I do about these registries ?

How to delete them ???

Please help !!

On Thu, 23 Oct 2008 01:05:59 -0700 (PDT), Hari Hari Mau
<harimau.mau@gmail.com> wrote:

>Just now I did a scan on registry, and found some suspecting entries
>there. So I use regedit trying to delete those entries.
>
>Lo and behold, when I tried to delete those entries, I got the "Unable
>to delete all specified values" error message, and they stay put !
>
>The registry entries are located at HKEY_Local_Machine->System-
>ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>
>What can I do about these registries ?
>
>How to delete them ???
>
>Please help !!


Most likely because they're in use.
Such as with the windows operating system.
Oh sure, you go right ahead and be big bad know it all technician and
just delete stuff you don't know squat about.
Don't come back and ask how come my system just crashed.

First, ya might want to do a search on the web for those keys and find
out what they're all about.
Or at least the program it mentions.

This is probably the number one cause of why windows user have
problems. They don't know enough and they think they're gonna get
ahead and delete stuff they know nothing about.

I have found that in the past anyway, regedit leaves behind a lot of
stuff that is related to MS in any way. Even though it's ancient
history. Suggest you try other cleaners and might want to try out
"hijackthis".

Hari Hari Mau wrote:
>Just now I did a scan on registry, and found some suspecting entries
>there. So I use regedit trying to delete those entries.
>
>Lo and behold, when I tried to delete those entries, I got the "Unable
>to delete all specified values" error message, and they stay put !
>
>The registry entries are located at HKEY_Local_Machine->System-
>ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>
>What can I do about these registries ?
>
>How to delete them ???
>
>Please help !!

http://www.malwarebytes.org/regassassin.php

On Thu, 23 Oct 2008 01:05:59 -0700, Hari Hari Mau wrote:

> Just now I did a scan on registry, and found some suspecting entries
> there. So I use regedit trying to delete those entries.
>
> Lo and behold, when I tried to delete those entries, I got the "Unable
> to delete all specified values" error message, and they stay put !
>
> The registry entries are located at HKEY_Local_Machine->System-
> ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>
> What can I do about these registries ?
>
> How to delete them ???
>
> Please help !!

Sorry, I am running Linux and I don't have a Registry or an Anti-Virus.

You may think you don't have a registry but you really have. It may not be
called a registry but it is there.
"gregg" <gregg@NOSPAMsaneearth.org> wrote in message
news:gdpni711hmk@news1.newsguy.com...
> On Thu, 23 Oct 2008 01:05:59 -0700, Hari Hari Mau wrote:
>
>> Just now I did a scan on registry, and found some suspecting entries
>> there. So I use regedit trying to delete those entries.
>>
>> Lo and behold, when I tried to delete those entries, I got the "Unable
>> to delete all specified values" error message, and they stay put !
>>
>> The registry entries are located at HKEY_Local_Machine->System-
>> ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>>
>> What can I do about these registries ?
>>
>> How to delete them ???
>>
>> Please help !!
>
> Sorry, I am running Linux and I don't have a Registry or an Anti-Virus.

gregg wrote:
>
> Sorry, I am running Linux

I'm so sorry. You must be pathetic.

Just try to create (write) any operating system without a registry. I would
venture to say 'impossible'.
Get a program listing for the program you want to find the registry for.
"Aardvark" <aardvark@youllnever.know> wrote in message
news:073Mk.43232$WX2.33169@newsfe17.ams2...
> Moronic top-posting corrected:
>
>
> On Thu, 23 Oct 2008 10:12:49 -0500, Unknown wrote:
>
>> "gregg" <gregg@NOSPAMsaneearth.org> wrote in message
>> news:gdpni711hmk@news1.newsguy.com...
>>> On Thu, 23 Oct 2008 01:05:59 -0700, Hari Hari Mau wrote:
>>>
>>>> Just now I did a scan on registry, and found some suspecting entries
>>>> there. So I use regedit trying to delete those entries.
>>>>
>>>> Lo and behold, when I tried to delete those entries, I got the "Unable
>>>> to delete all specified values" error message, and they stay put !
>>>>
>>>> The registry entries are located at HKEY_Local_Machine->System-
>>>> ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>>>>
>>>> What can I do about these registries ?
>>>>
>>>> How to delete them ???
>>>>
>>>> Please help !!
>>>
>>> Sorry, I am running Linux and I don't have a Registry or an Anti-Virus.
>
>> You may think you don't have a registry but you really have. It may not
>> be called a registry but it is there.
>
> Please do tell where I can find my registry and how to recognise this
> registry when I find it.
>
>
> --
> Liverpool. European City Of Culture 2008
> http://www.liverpool08.com

top posting fixed
On Thu, 23 Oct 2008 13:54:18 -0500, Unknown writ:

> "Aardvark" <aardvark@youllnever.know> wrote in message
> news:073Mk.43232$WX2.33169@newsfe17.ams2...
>> Moronic top-posting corrected:
>>
>>
>> On Thu, 23 Oct 2008 10:12:49 -0500, Unknown wrote:
>>
>>> "gregg" <gregg@NOSPAMsaneearth.org> wrote in message
>>> news:gdpni711hmk@news1.newsguy.com...
>>>>
>>>> Sorry, I am running Linux and I don't have a Registry or an
>>>> Anti-Virus.
>>
>>> You may think you don't have a registry but you really have. It may
>>> not be called a registry but it is there.
>>
>> Please do tell where I can find my registry and how to recognise this
>> registry when I find it.

/etc? Only /etc isn't a database with cryptically-named "keys", it's a
collection of text files, so... So much for that comparison. :-|

> Just try to create (write) any operating system without a registry. I
> would venture to say 'impossible'.

If you're creating a Windows operating system, sure.

--
"Because all you of Earth are idiots!"
¯`·.¸¸.·´¯`·-> freemont© <-·´¯`·.¸¸.·´¯

From: "Hari Hari Mau" <harimau.mau@gmail.com>

| Just now I did a scan on registry, and found some suspecting entries
| there. So I use regedit trying to delete those entries.

| Lo and behold, when I tried to delete those entries, I got the "Unable
| to delete all specified values" error message, and they stay put !

| The registry entries are located at HKEY_Local_Machine->System-
| ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)

| What can I do about these registries ?

| How to delete them ???

| Please help !!

The problem here is you have NOT properly identified the the registry entries.

correct would be...
Example:
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BADSOFTWARE

By using "LEGACY_xxxyyy" we don't know if this is a legitimate entries that should NOT be
removed or if they are justified to be removed.

*Willy nilly deleting Registry keys should NOT be performed.*

There are several possibilities as to WHY you can not remove the entries.

1. The Registry key is based upon a legitimate process that is currently running and/or
is protected.

2. The Registry key is based upon malicious code and the malware that created it, and
is present on the PC, is protecting the key from removal.

3. The Registry key is based upon malicious code and the malware that created it, has
changed permissions on the key.

4. The Registry key is using invalid characters such as the NUL character.

If it is #3, change of permissions, you can gain permissions back.

Using my above example...

Right-Click on "LEGACY_BADSOFTWARE" and choose "Permissions"
Highlight "Everyone" or "Administrator" or you account and check the box for Allow "Full
Control".
Now click on "Advanced"
Now un-check the box for; "Inherit from parent..."
and check the box; "Replace permission entries on all child objects..."

Hit; "Apply" and then "Ok"

Now try to delete "LEGACY_BADSOFTWARE".

Alternatively you may have to take ownership and do likewise.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Hari Hari Mau <harimau.mau@gmail.com> wrote:

>The registry entries are located at HKEY_Local_Machine->System-
>ControlSet002->Enum->ROOT->LEGACY_xxxyyy (name of programs)
>
>What can I do about these registries ?

Don't worry about it. It's not only not your current control set it's
not even your back up one (ControlSet001).

--

enceladus_up_close
http://www.boston.com/bigpicture/200..._up_close.html