Registry question?

Posted by: Dignan

Registry question? - 10/09/2004 08:42

I've run into a computer that was unfortunately infected with that damn Huntbar. It installed a registry key that will not be deleted no matter how hard I try. How can I remove this key?

The owner of the machine will be very grateful for your help

Posted by: siberia37

Re: Registry question? - 10/09/2004 11:33

Sounds like either the virus set the registry permissions which can be reset on the Key back to normal with regedit (on Windows XP you must use Regedt32 on Win2000). Or the virus is still running and is thus locking the registry key so you can't delete it.

Posted by: Dignan

Re: Registry question? - 10/09/2004 11:52

I think I've found every other component of the adware program. It isn't a virus (though I wish they'd be classified as such - how can something that behaves like this NOT be considered a virus), it's definitely an adware/spyware program. I got it on my own machine a few years ago, before I'd even heard of Ad-Aware or any such programs, and it was hell to remove. This variation is even tougher.

I'll see if I can change the permissions on the key. I can't get into the folder the key is in, though, so who knows.

Thanks for the help.

Posted by: tfabris

Re: Registry question? - 10/09/2004 14:27

Quote:
I got it on my own machine a few years ago, before I'd even heard of Ad-Aware

Which brings up the question: Have you tried Ad-Aware and/or Spybot on your friend's computer? That's specifically what they're made to do: Remove that kind of stuff.

Quote:
It isn't a virus (though I wish they'd be classified as such - how can something that behaves like this NOT be considered a virus),

Agreed. I don't see why I should need two different programs to do virus scanning and spyware scanning. The line between viruses and spyware isn't just fuzzy any more, it's completely obliterated. They install the same way and use the same techniques to try to prevent you from deleting them. And they are equally undesirable.

Quote:
I'll see if I can change the permissions on the key. I can't get into the folder the key is in, though, so who knows.

Bastards. Anyway, regedt32 should help you there, as was suggested.

Posted by: Ezekiel

Re: Registry question? - 10/09/2004 14:51

Quote:
The line between viruses and spyware isn't just fuzzy any more, it's completely obliterated. They install the same way and use the same techniques to try to prevent you from deleting them. And they are equally undesirable.

AMEN!

-Zeke

Posted by: Dignan

Re: Registry question? - 10/09/2004 16:02

Quote:
Which brings up the question: Have you tried Ad-Aware and/or Spybot on your friend's computer? That's specifically what they're made to do: Remove that kind of stuff

Of course!

I installed Ad-Aware and Spybot, the latest versions, latest reference files, and they installed that Pest Patrol program. They did find the components of the particular spyware program, and removed them. However, none of them could remove this registry key, though they all found it. Ad-Aware, disturbingly, did not give any sort of alert to let the user know it could not remove it. In fact, I think it may have been unaware that it couldn't, as it was listed in the quarantined files, but after deleting the quarantine, the key was still there.

What's worse is that even after removing other components of the program, after a restart you'll get them right back again. What's the difference between this and a virus again? I'd like someone to explain that to me. These companies suck.

By the way, have any of you downloaded the latest Ad-Aware (the SE version)? I wasn't aware it was such a change over version 6. I had 6 installed on this machine I was working on, and it found about 130 objects. THEN I installed SE, and that found over 200 afterwards. Pretty good. I wasn't aware that the new version was available, as the last time they "urged" users to upgrade, reference files stopped becoming available for the version I was using.

Posted by: image

Re: Registry question? - 10/09/2004 17:10

Quote:
What's worse is that even after removing other components of the program, after a restart you'll get them right back again. What's the difference between this and a virus again? I'd like someone to explain that to me. These companies suck.

for pesky adware, download ad aware and spybot, update the reference files then boot in SAFE MODE. what happens is that these annoying programs have failsafes, checking to see if their Run registry entry is existing. if not, then they recreate it immediately. So, logical thing is to kill the process beforehand? Nope, when their processes are killed, autorestart kicks in. how you ask? they actually have two processes running, one checking the other if they're alive. if not, then launch the missing process. ad aware tries to kill these processes on its own with its memory scan, but can only kill processes one at a time. hence the fact you can't get rid of this version of spyware. Safe mode gives you a clean slate to let you get rid of that thing.

anyway, upgrade to XP SP2 when you can, or use spywareblaster. that'll prevent you from auto-downloading most of these "iexplorer enhancements".

Posted by: Ezekiel

Re: Registry question? - 17/09/2004 12:21

Tony - Check out Virusscan Enterprise 8.0i. It now scans for spyware. I don't know how I missed this one (yeah I do - Mcaffee sucks about communicating to their customers about new releases!).

I've attached the new features summary from the install notes.

I'm just doing a test install today.

-Zeke

Posted by: tfabris

Re: Registry question? - 17/09/2004 15:25

Cool, so someone's finally doing it. Good for them!

Posted by: Dignan

Re: Registry question? - 18/09/2004 04:25

Yeah, too bad it's McAfee. After working on many people's machines, I've grown a good deal of resentment towards that obnoxious program. At least Norton has the decency to uninstall properly, at least it appears to. McAfee goes kicking, screaming, and grasping for dear life.

Posted by: Ezekiel

Re: Registry question? - 19/09/2004 22:44

I've not had much trouble with the enterprise versions, but I haven't cared much for the home versions I've had to use/configure. Which one has given you the greif?

-Zeke

Posted by: Dignan

Re: Registry question? - 19/09/2004 23:00

I believe the one I see most often is the McAfee Security Center. It's basically their suite of products including virus scanner, spyware scanner, firewall, email protection, and a couple applications with uses that are difficult to discern.