Jump to content
GreaseSpot Cafe

Registry Keys


excathedra
 Share

Recommended Posts

  • 3 weeks later...
  • Replies 98
  • Created
  • Last Reply

Top Posters In This Topic

Okley Dokley boys and girls

I have used adaware housecall norton and spybot

not to mention searching for and removing 3 active x programs from the search results page

all to no avail

adaware sez I have it and tells me it's gone but it's still there

norton tells me my puter is still infected (and apparantly they can do nothing about it) and spybot seems unable to tie it's own shoe laces properly.

sigh

so I suppose I need to enter the forbidden city of registry keys and poke around

any suggestions?

I have no fear for if I screw up I'll mash ctrl alt del and repeat there's no place like home until it fixes itself

anim-smile.gif

Link to comment
Share on other sites

Adaware says you have what, exactly?

There are procedures you can follow that don't involve mucking around with the registry.

Smatter of fact, some of those spyware thingies reset the registry themselves, so changing the registry has no effect.

Link to comment
Share on other sites

ok on downloaded program files I have:

BT download ctrl

housecallcontrol

rdxieclass

and

wonweblaunch

Adaware sez...

Hkey_current_user:soft

Possible browser hijack attempt

data miner

regdata

-

softwaremicrosoftinternetexplorermain "start"

risk level: med

I check it and it dissapears

but if I run the program again (adaware) it comes back, scary huh!

Much thanks icon_smile.gif:)-->

Link to comment
Share on other sites

That's an interesing one.

You may have some success with the following:

Open "MyDocuments" or "My Computer", then click on the "Search" button.

You want to search all files and folders, and you want to leave the filename field blank, and the included text field should include www.flipside.com, and hit "search". Once you find that file, delete it if you can.

Link to comment
Share on other sites

Mikey

I went to TomCoyote.com, registered there, went through all the stuff they tell ya to do and all them uglies are gone!

They will want you to run a HiJackThis scan and post it. There are excellent instructions as to how to go about doing all this. Actually, I found the instructions at Spywareinfo.com easier to find and do, but I wasn't able to register there. (something about my new firewall settings, so I went to TomCoyote to post the "HELP ME" thread! LOL!)

Either site--really helpful people, but do read the stuff to new posters first.

Link to comment
Share on other sites

WordWolf

I got the ZoneAlarmPro trial version-- I had posted in another thread that I didn't like it. I do now, cept I still don't know my way around it so run into occasional annoyances.

My trial period is almost up and I have to decide whether I will purchase ZAPro or go to the freeware version. (OR get something else entirely?)

But as to that Doberman you said it was like? It deserves the best cuts of steak and lobster it wants!

Blocked intrusions 918, 201 of those High-rated!

Link to comment
Share on other sites

herbiejuan

Try booting into safe mode and running Adaware.

after scan reboot again into normal mode and see if it has gone.

Another thing you may have to do is show hidden files and folders. Here is how

How to unhide files

Try to search for your baddie files/folder that way.

Sometimes Adaware complains about a file that Spybot has put into backup archives. Could be a false positive so to speak.

There are a few more things to try. But give those a shot first.

Link to comment
Share on other sites

I went to Hackerwatch.org off of my McAfee Antivirus link to 'test my security'.

I did the "simple probe" and it said I was secure.

I did the "port scan" as well and it said they were all 'invisible' to the outside world and I was secure.

Am I?

I'm behind a linksys wireless router using a Mac Address filter and WPA encryption. I haven't downloaded any of the ZoneAlarm stuff or the McAfee stuff that allegedly does the same thing.

Link to comment
Share on other sites

thanks guys but this is not working.

I have no problem reformatting my puter should I mess up in the registry.

So...

I wanna take a look around my registy, how do I get there and what buttons do I need to stay away from?

The registry is a list of running programs right?

Could this malware clone itself into other programs and hide?

How bout a fresh install? does that eliminate these things?

Link to comment
Share on other sites

Tom: If all your ports are invisible, then hackers can't even SEE your machine, let alone hack into it through an open port. If the port's not visible, you can't connect to it.

It doesn't mean you're immune to viruses, but it does mean you're immune to direct hacking/port scans. Keep your antivirus software up to date and make sure it scans all incoming files and email, and you should be ok.

Link to comment
Share on other sites

No, Herbie, the registry is much much more than a list of running programs.

The registry is what tells Windoze how to handle situations and file extensions, how to run applications, how to connect to the internet - everything.

There aren't any buttons in regedit.

To get there, click on "Start", then "Run", then type in "regedit".

Hit the "F3" key, and type in whatever it is you are searching out. In your case, try "housecallcontrol".

When it is found, just delete the key entirely. And hit F3 again and again and again until it says "not found".

Exit regedit, reboot, and run AdAware again.

Good luck!

Link to comment
Share on other sites

quote:
Originally posted by Bluzeman:

Herbie:

Once in regedit, look for 2 keys...HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. In each one, navigate down to SOFTWARE/MICROSOFT/WINDOWS/CURRENT_VERSION/RUN and post the contents of each run key.

Rick


Oh, suuuuure, if you wanna play it safe! Chicken! icon_wink.gif;)--> icon_biggrin.gif:D-->

Link to comment
Share on other sites

quote:
Originally posted by Zixar:

Tom: If all your ports are invisible, then hackers can't even SEE your machine, let alone hack into it through an open port. If the port's not visible, you can't connect to it.

I like how Trendmicro refers to it. A 'stealth' result means there is no way to tell the difference between NO computer at that location and a STEALTHED computer at that location. They can't even confirm there IS a computer there.

It doesn't mean you're immune to viruses, but it does mean you're immune to direct hacking/port scans. Keep your antivirus software up to date and make sure it scans all incoming files and email, and you should be ok.


Personally, I hope you DID download that software firewall as a last-barrier of defense against a program that somehow made it thru your security and is now trying to phone home with your data. Other than that, making sure your programs are updated frequently, and you should be as safe as it's possible to be. Actually, to REALLY be as safe as humanly possible, switch O/S away from

Windows, and switch from IE to Firefox or Opera or Mozilla, but your system

sounds more secure than MINE, and I'm a paranoid.

Link to comment
Share on other sites

Zixar said:

quote:
It doesn't mean you're immune to viruses, but it does mean you're immune to direct hacking/port scans. Keep your antivirus software up to date and make sure it scans all incoming files and email, and you should be ok.
Thanks, I do keep the updates current on the AV program (McAfee), heck it even stops me if I'm emailing back and forth to someone hitting 'reply' because it sees the same thing in the subject line... but I might go ahead and get their extra firewall and anti-hacker stuff...

WW: How could I possibly switch O/S? If I switch from MS don't storm troopers break down my door and deport the family?

Link to comment
Share on other sites

Herbie:

It's a good idea to export the key first. Just highlight the key, then click on file, then export, give it a name, and remember where it saved it to. Then, if you have problems (assuming you did not delete a key that keeps you from being able to boot) find that file you exported, and you can double-click it and it will write it back to the registry.

But above all, DON'T DELETE ANYTHING IN THE REGISTRY IF YOU AREN'T ABSOLUTELY SURE WHAT IT IS!!! Caps not for yelling, just emphasis! icon_smile.gif:)-->

Steve: icon_biggrin.gif:D-->

Link to comment
Share on other sites

ROFLMAO!!

I already did

icon_eek.gif

see sometimes I just get impatient...

anyways so far everything looks fine I do get an error message saying that it couldn't find the hijacked startpage file and then goes on to open up in about.blank.

Basicly I deleted the files which were highlighted on the left once the search was completed, so far nothing seems amiss but I've not turned this thing off yet so we shall see.

BTW I may get a wild hair to replace my drive (read replace as in NOT reusing the old drive in any form or fashion, even to save files to). I can replace the drive quite easily (I can see what pins are covered on the old one) but I'm wondering if there are any tricks to installing or configuring the new drive? It's a maxtor 80 gig 7200 rpm can I simply insert the xp disk or do I need to format something first?

Link to comment
Share on other sites

If you boot from the xp cd, it will walk you through the process of setting up your partition and formatting.

Oh, and you may already know this but when you put in your new drive, make sure the red stripe on the IDE cable(that flat cable) is on the same side the power plugs into.

Rick

Link to comment
Share on other sites

Unless it is a SATA one, which I doubt.

Consider 120GB minimum hard drive.

Damn! They make them up to 800GB now!

I am in favor of partitioning. You can use a program like Partition Magic to do all kinds of things with partitions such as resizing them.

Then you can use Drive Image to make a backup mirror image of your entire C partition to you D partition.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

Announcements


×
×
  • Create New...