Regedit "Error while opening key"
in [Security]
|
From: Andrew Aronoff on 29 Dec 2005 17:12 I'm running Windows XP Pro SP2 under MS Virtual PC (VPC) 2004 SP1. The VPC XP install is perfectly clean as is the host system. I received via e-mail a SOFTWARE hive from a system infected by adware. RootKitRevealer was run on the infected PC and it identified a HKLM\Software\Classes\CLSID\InprocServer32 key with the following anomaly: Key name contains embedded nulls (*) I copied the SOFTWARE hive to a folder accessible to the VPC install. I opened REGEDIT and loaded the SOFTWARE hive. The InprocServer32 key cannot be viewed. The error message is: "Cannot open InprocServer32: Error while opening key." Ownership and permissions cannot be reset on this key. Neither this key nor the parent key can be deleted. How can this key be managed with Regedit so it can be deleted and, optionally, viewed? regards, Andy -- ********** Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com To identify everything that starts up with Windows, download "Silent Runners.vbs" at www.silentrunners.org **********
From: Doug Knox MS-MVP on 29 Dec 2005 18:13 Look into Bart's PE. Its a mini Windows environment. Regedit can be run from there, and the usual permissions and security measures don't apply. -- Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. "Andrew Aronoff" <NOSPAM_WRONG.ADDRESS(a)yahoo.com> wrote in message news:g0n8r190ipqh1kobddhqv08fhmv7ncasu3(a)4ax.com... > I'm running Windows XP Pro SP2 under MS Virtual PC (VPC) 2004 SP1. The > VPC XP install is perfectly clean as is the host system. I received > via e-mail a SOFTWARE hive from a system infected by adware. > RootKitRevealer was run on the infected PC and it identified a > HKLM\Software\Classes\CLSID\InprocServer32 key with the following > anomaly: > > Key name contains embedded nulls (*) > > I copied the SOFTWARE hive to a folder accessible to the VPC install. > I opened REGEDIT and loaded the SOFTWARE hive. The InprocServer32 key > cannot be viewed. The error message is: "Cannot open InprocServer32: > Error while opening key." Ownership and permissions cannot be reset on > this key. Neither this key nor the parent key can be deleted. > > How can this key be managed with Regedit so it can be deleted and, > optionally, viewed? > > regards, Andy > -- > ********** > > Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com > > To identify everything that starts up with Windows, download > "Silent Runners.vbs" at www.silentrunners.org > > **********
From: Doug Knox MS-MVP on 29 Dec 2005 18:13 Sorry, forgot the link: http://www.nu2.nu/pebuilder/ -- Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. "Andrew Aronoff" <NOSPAM_WRONG.ADDRESS(a)yahoo.com> wrote in message news:g0n8r190ipqh1kobddhqv08fhmv7ncasu3(a)4ax.com... > I'm running Windows XP Pro SP2 under MS Virtual PC (VPC) 2004 SP1. The > VPC XP install is perfectly clean as is the host system. I received > via e-mail a SOFTWARE hive from a system infected by adware. > RootKitRevealer was run on the infected PC and it identified a > HKLM\Software\Classes\CLSID\InprocServer32 key with the following > anomaly: > > Key name contains embedded nulls (*) > > I copied the SOFTWARE hive to a folder accessible to the VPC install. > I opened REGEDIT and loaded the SOFTWARE hive. The InprocServer32 key > cannot be viewed. The error message is: "Cannot open InprocServer32: > Error while opening key." Ownership and permissions cannot be reset on > this key. Neither this key nor the parent key can be deleted. > > How can this key be managed with Regedit so it can be deleted and, > optionally, viewed? > > regards, Andy > -- > ********** > > Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com > > To identify everything that starts up with Windows, download > "Silent Runners.vbs" at www.silentrunners.org > > **********
|
Pages: 1 Prev: Windows xp pro security log system is full. Next: Trojan/Browsela/Looksky |