Solved Completely deleting a rootkit REG key

Microsoft Windows vista home basic with...
November 25, 2009 at 17:41:26
Specs: Windows Vista basic with all updates
I have been trying to find a way to completely remove a RegKey, so far I have been only able to change many of the keys values using GMER. http://gmer.net/
Tried the default Regedit in windows (vista) and I cant delete or even modify any parts of it. I have read this post http://www.computing.net/answers/pr...

It seems like the method showen would work for me but before I run off and try it on my computer I just wanna be sure It wont fry my laptop.. So if anyone here can help I'd be very grateful. Dont know if this info will help but here are the places the problem key is:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kungsfjeesuxif
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\kungsfjeesuxif

**on product I selected the wrong one, I actually am using Vista home basic with SP2 (32bit)


See More: Completely deleting a rootkit REG key

Report •


#1
November 26, 2009 at 12:59:31
✔ Best Answer
Download PsExec from here:
http://technet.microsoft.com/en-us/...

Follow the instructions in post #3 here:
http://www.wilderssecurity.com/show...

I've used it fine in XP and it should work in Vista. You will probably need to right click batch file and "Run as Administrator". You get the usual regedit screen but it lets you delete obstinate keys/values.

some other bloke...


Report •

#2
November 26, 2009 at 13:18:34
Start in safe mode maybe and open administrator to use regedit.

Playing to the angels
Les Paul (1915-2009)


Report •

#3
November 26, 2009 at 20:13:25
thanks for all the help but so far neither above methods have worked for me, I Might do a reformat but I really dont want to reinstall everything and all the updates. Really hate having to reinstall FF3 with all of my add-ons & what not

anyone else have any ideas I could try?


Report •

Related Solutions

#4
November 27, 2009 at 09:53:09
Harping back to my #1, did you manage to get the regedit screen using psexec.exe and the batch file? If so I'm surprised it didn't let you delete the registry entries - it did for me.

some other bloke...


Report •

#5
November 27, 2009 at 14:44:02
Yeah I was able to get psexc.exe to work by using a batch file..

I just checked and that damn regkey is gone! thing is when I tried it to delete it, I got a message that saying something about access error

Although I dont understand why sometimes I have diffrent ControlSets in my Regkeys, at times I have ControlSets 02, 06 for example and right now I have 01, 02, 03.. the last time I checked it was still in controlset 06. How would I bring up a ControlSet thats not showing up? If possible I would like to check.

Anyways I have just run a few diffrent Av, and anti-root scans it it no longer picks anything up. Everything seems to be working again so TY again for your all your help.


Report •

#6
November 27, 2009 at 16:55:51
Strange that, but I'm glad to hear the key has gone.

On both my XP & Vista I only have:
ControlSet001
ControlSet003
CurrentControlSet

I can't recall ever seeing a ControlSet number above 3 but I don't profess to know that level of detail about the comings and goings in the registry.

some other bloke...


Report •


Ask Question