Announcement

Collapse
No announcement yet.

Undeletable Registry Key - Virus Suspicious

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Undeletable Registry Key - Virus Suspicious

    Hello All!

    Recently i was infected by somekind of virus, that IMO caused the creation of two registry keys below. While i'm trying to access them i get an error message "Error Opening Key: Cannot open "key": Error While opening key"

    Actions done:
    Searching the internet and found only one result about the "Install" key
    without solution and no results about the "VBX"
    Operating under SafeMode
    Trying to add permission of delete to my user.
    Scanning with AVG and NOD32 antiviruses.
    Scanning with SpyBot.

    I wasn't able to access registry editor through Linux bootable registry editor, since i have RAID0 configuration on my bootable Hard Drives.



    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr ent Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX

    Any ideas guys?


    Thanks in advance.

  • #2
    Re: Undeletable Registry Key - Virus Suspicious

    VBX is an extension for VB files. Are you sure this is a foreign key? That was installed by the virus? Symantec, for instance, does not relate this to any virus. And none of your antivirus software found anything...
    I would:
    1) backup the registry key and boot the machine with BartPE (free) or ERD Commander (commercial) and try to edit the registry from outside the OS.
    2) try System Restore and restore the machine to a point before the infection.

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: Undeletable Registry Key - Virus Suspicious

      Have you tried regedt32 instead of regedit and tried to see the permissions on the key?
      Cheers,

      Rick

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

      Comment


      • #4
        Re: Undeletable Registry Key - Virus Suspicious

        AFAIA, in Windows XP, REGEDIT and REGEDT32 open the same interface; i.e. you can see the permissions in both...


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Undeletable Registry Key - Virus Suspicious

          That is correct. I'm feeling old.
          Cheers,

          Rick

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

          Comment


          • #6
            Re: Undeletable Registry Key - Virus Suspicious

            Originally posted by rOOmUSh View Post
            Trying to add permission of delete to my user.
            He tried, meaning he did see the permissions. It wasn't stated clearly, but we can assume the permission was not added.

            Sorin Solomon


            In order to succeed, your desire for success should be greater than your fear of failure.
            -

            Comment


            • #7
              Re: Undeletable Registry Key - Virus Suspicious

              The OP may have to start 1 level up in the tree and do some "Advanced" permission stuff where the OP goes to the "Owner" tab and does a "Replace owner on subcontainers and objects" as "Administrator" or "Administrators".

              And if that doesn't do the trick, the OP could "Replace permission entries on all child objects with..." in the "Permissions" tab.

              As always, mucking w/ the registry is dangerous stuff. Have a good backup first.
              Cheers,

              Rick

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

              Comment


              • #8
                Re: Undeletable Registry Key - Virus Suspicious

                Mmmm suspicious !!!!
                There is a hit on google under
                {8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}/install
                You sure this is a genuine purchased copy of windows ?

                URL REMOVED BY MOD next time just PM and ask.

                dam not sure if I should have posted this URL Mods please delete as you see fit
                Last edited by JeremyW; 12th January 2007, 17:32.
                The Univurse is still winning!

                W2K AD, WSUS, RIS 2003. ISA also AVG Server
                ** If contributors help you, recognise them and give reputation points where appropriate **

                Comment


                • #9
                  Re: Undeletable Registry Key - Virus Suspicious

                  Mods were right to remove that; and I believe that this is enough evidence that this copy of Windows is not licensed.

                  **switches off helpful mode**


                  Tom
                  For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                  Anything you say will be misquoted and used against you

                  Comment


                  • #10
                    Re: Undeletable Registry Key - Virus Suspicious

                    I saw the Google on 8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116 too and had penned a similar response but decided to switch to the one you see from me earlier today as I thought it may be better to take the high road for the moment.

                    That same thread mentions the ADS virus which is in the McAfee database. So I'm hoping there was another way to catch this virus than participating in that thread.

                    Now if I'd seen a match on usernames...

                    Maybe I'm too optimistic???
                    Cheers,

                    Rick

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                    Comment


                    • #11
                      Re: Undeletable Registry Key - Virus Suspicious

                      Originally posted by rvalstar View Post
                      The OP may have to start 1 level up in the tree and do some "Advanced" permission stuff where the OP goes to the "Owner" tab and does a "Replace owner on subcontainers and objects" as "Administrator" or "Administrators".

                      And if that doesn't do the trick, the OP could "Replace permission entries on all child objects with..." in the "Permissions" tab.

                      As always, mucking w/ the registry is dangerous stuff. Have a good backup first.

                      Thank you for your replies.

                      Yes, i tried to do this, to set a permission level up and in advanced options trying to set an owner on child object - didn't help.

                      Concerning the genuinity of my copy of Windows, yes it's geniune. This thread you're talking about , i found it too, and didn't find any answers there.

                      Sorinso, thank you, i will try BartPE.

                      From a little research on this problem i learned, that there is no Windows Install VBX key, on any Windows XP system i checked, same with {8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116} key.

                      Comment

                      Working...
                      X