I didn't lock it! 1

[Seecke]

While trying to remove hundreds of infected files using several different tools, I came across this error:

You have probably used the policy editor to restrict write access to the registry key

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG uses this hey to launch AVGCC32.exe. Either allow full access to this key, or let AVG_CC write to it before disabling access.


How can I change the key to be able to write to it?

Thanks in advance for your help!

Steven E.

 

[bcastner]

Use regedit and browse to the key.
Right click on the key and set the necessary permissions.

 

[Seecke]

Thanks for the direction, however, there is no option called properties for that key.

 

[bcastner]

Permissions. Right-click on the key and check the Permissions, not the Properties.

 

[Seecke]

My Bad... I meant to say permissions... there is a permissions entry on the RUN key but not the one for the AVG entry on the right side of the screen. Infact everything on the right side does not have a permissions option. I have tried to set the RUN key permissions to full control on the CREATOR OWNER entry but it doesnt wanna take.

Things that make you go hmmmmmmmmm

 

[gpalmer711]

You will need to add permissions for at least the user name that you are currently using.

Greg Palmer
Free Software for Adminstrators

http://www.palmersoft.co.uk

 

[bcastner]

There are a number of FAQ's around this site that should help with the problem.

FAQ608-4650 Before Posting a Hijack log file - Best Practices
FAQ608-3482 How to beat your advertising popups & other browser nasties
FAQ760-4866 Beginners General Cleanup
FAQ779-5240 What are Good Virus/Spyware?Update/Firewall Practices?

A complete steal from Forum member smah's comments here:

http://www.tek-tips.com/viewthread.cfm?SQID=896281&SPID=608&page=1

 

[smah]

You didn't steal from me - I just posted them all in one place.

All that superb information in those FAQ's is from members bcastner, gpalmer711, manarth and THoey - thanks all for writing them.



My tip for the day - I use Outlook's notes to store some of these compiled references, including the TGML formatting. Then it's just a simple copy & paste.

Steve

 

[bcastner]

smah,
Well I did steal your compilation of FAQs, grant me at least I admitted to the crime.

In the last month I have seen some truely incredible malwre as the result of internet use. While myself and others have fought the good fight, I suspect we are beginning to lose this war. It took me an entire day to strip malware from a site. Here is what makes me angry at the moment:

. I have a teenage daugter who uses AIM. Without asking, here AIM was set to send a "While I away" message that was completely obscence. As were all of her buddies. This was a genuine pain to clear up;

. I have a neighbor who wanted to go wireless. No problem, I set it up and it worked perfectly. A week later he calls me: nobody can access the internet. His daughter had installed a peer-2-peer application, and the included malware had spread to every on their local LAN.

I used to be easier to clean this junk. It is decidedly not trivial to remove malware any more.

 

[smah]

I agree, some of this stuff is nasty. I spent a fair amount of time last week cleaning a rather unpleasant about:blank variant for a friend. At least I received a thirst-quenching reward as thanks.

 

[linney]

Malware cleaning would be easier if families didn't have six or seven Administrator users on the machine, with only the cat logging in as the limited user.

 

[bcastner]

linney,
I do not how you get away with it.
My daughter's three cats demand Administrator privileges.

 

[bcastner]

True story.

I had downloaded the network install of Service Pack 2 to one of my laptops, intending to write a "How to" on sliptreaming SP2.

The East Coast of the USA is getting battered at the momnt between summer storms, and two hurricanes. I still am not sure how it was done, but one of daughrer's cats by taking refuge and sleeping on the notebook keyboard managed to reinstall Service Pack 2 several times.

It seems to work fine. From my network logs it looks like there were four accesses to the SP2 network distrubution during this period. So one of my cats installed Service Pack 2 four times.

It kinda puts to shame someone who wont even install it once....

 

[micker377]

Yeah, I just cleaned my son-in-law's computer (133) baddies. I just got e-mail that I have a computer coming tomorrow that won't log-on to the net anymore." I was on vacation and my AV expired. Now I can't get onlinde to re-new it"!

 

[Wxguesser]

The biggest pain I experience in with the Home edition of XP. The only account that is truly usable is the Administrator account. The User account won't even save games or the like. It is next to useless unless all you want to do is read email. I wish that MS would have given the Home version more permission groups that were less restrictive than User but more limited than Administrator.

BTW, Malware sucks!!!

Jim W.

 

[linney]

Wxguesser,

See if this is useful to you.

Cool Tip #2: Security Tab in Windows XP Home
thread779-685055

 

[Wxguesser]

linney,

Thanks for the thread ref. I'll try this out when I get home tonight.



Jim W.

 

[linney]

Just for the record, I have run BCastner's tip on Home machines ever since he first posted it and it has never caused any problems, and it is easier than ducking into Safe Mode to set permissions all the time.

 

[bcastner]

Linney,

I feel like such a criminal again. The XP Home Security Tab "hack" is completely the work of the incredible Doug Knox and several others. I just wanted to get the word out to end users. Thank for the attribution.

I too regularly apply the advice to XP Home installations. And have not seen a problem to date.

As I originally posted, a very "Cool" tip for users of that OS.

Bill Castner

 

[Wxguesser]

Bcastner, et al,

I tried to download the security patch hack and the page will not come up. I get the page not found error everytime I click on the x86 link. Does anyone out there have a copy of this that they could send me?

Tia



Jim W.