cant use regedit... virus?

M

mooseboy84

Weaksauce
Joined
Apr 3, 2003
Messages
119
i think my computer may have been taken over by a virus. when i got up today, norton 2005 said it has some kind of error and needed to be reinstalled. so i went to try and uninstall it.... but it wouldnt fully uninstall properly. then i restarted and try to uninstall live update, then the remainer. i cant uninstall the remainder of nortons.

now i went to go the registry to try and Manually delete all the norton keys... and i cant. when i click type Regedit into run box, it says "Registry editing has been disabled by your Administrator".

the problem is, im Administrator. now all of a sudden it has me wondering was the reason nortons was messed up because of a virus. does Anyone know how i could potentially be able to access the registry?
 
booting into safemode will be one way to find out. That should prevent the virus (if any) from starting so you can kill it. Download a tool called HiJackThis and see is theres anything questionable popping up.
 
That's the message you receive if access to registry modification tools are disabled using local or group policy.

If the policy is being pushed down form a domain, you are out of luck. Otherwise, run gpedit.msc and turn the policy off.
 
i went into group policy and tried to turn limit registery editing to Disabled.

when i rebooted into Normal windows, i still get the same message about it being disabled by the administrator. i am worried.

the only difference i noticed after that, is before i couldnt use outlook express, and now i can. i am still worried about it this message though.

i found this page on the internet, what do you think about it?

http://www.dougknox.com/security/scripts_desc/regtools.htm
 
Could be virus related. I have seen that happen before.

The following should enable registry access again:

--------
REGEDIT4

; This file was automatically generated by Xteq X-Setup (http://www.xteq.com)
;
; HIGHLY IMPORTANT: Before using this file be sure to read the documentation for
; "Record Mode". Not doing so might lead to unexpected results
; when using this file!
;
; The WARNINGS ISSUED below informs you if any warnings were reported. If so, the
; plug-in(s) has invoked functions that can not be recorded to this file. In this
; case, this REG file might not work as expected.
;
; WARNINGS ISSUED: No - this REG file should work without problems
;

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-
-------------

Paste that into notepad, save it as .reg file, and you should be able to run without problems.

Note that if it is a virus that is currently running in background, it is very possible that the virus could renable this setting automatically.

Cheers.
 
arrggghhh. i am Seriously thinking this is a virus now. when i tried to import that key, it said i was denied again by administrator. :(

ill guess ill try the vbs located up top.
 
just an update..... i finally got up the nerve to run that VBS script. it works great! i can edit the registry now...

now to reinstall nortons.....
 
Glad you got it fixed! I would agree it's a virus. I had thought what I told you would have worked... apparently not. The VBS script that you ran is virtually the same thing from a different approach. Funny though. I swear that I ran that on a machine with the same issue and didn't have a problem. Maybe not though.

The file came from Xteq (as seen) and is great for precautionary measures as it uses the same type of VB script that you found to make changes.

In any case, get NAV back on (or AVG 7, or NOD, or whatever) and good luck!
 
You must log in or register to reply here.
Back
Top