You can get around this, I'm sure.
What version of XP is this--home or pro?
I would suggest running one or more automated Vundo removal tools--they
should clean up any remnants of code or data that might be left, and correct
permissions issues.
Symantec has such a tool here:
http://www.symantec.com/security_res...112210-3747-99
I referenced the Malicious Software Removal tool earlier--do run that one if
you haven't.
I've a neighbor who removed this from her system using the instructions
here:
http://www.bleepingcomputer.com/malw...ndo-virtumonde
She found that she needed to run through them twice, for whatever reason.
If you are on XP Home, you may well need to run some or all of these steps
in Safe Mode, logged in as administrator.
I'm pretty rusty at malware removal, I'm afraid, which is part of why I'm
suggesting automated tools from reputable sources--the permissions issue you
are hitting is the sort of thing these tools ought to be able to catch and
fix, I think.
You could fix it yourself using regedit, but I can't accurately describe
exactly how to do that--and I don't want to post anything that might get
other readers into trouble...
So--try the automated tools and test after each to see if the issue
preventing the repair has been corrected.
--
"Mike Dora" <(E-Mail Removed)> wrote in message
news:AF0C2573-BAE2-4265-98F1-(E-Mail Removed)...
> Thanks Bill
>
> Just tried that, but the update hung up with a message telling me that it
> could "not write Windows Defender to key
> SOFTWARE/Microsoft/Windows/CurrentVersion/Run. Verify that you have
> sufficient access to that key.. ". Does this sound like Vundo screwed up
> some registry permissions during its residence on my machine? Is there a
> way
> round this?
>
> Thanks
>
> Mike
>
>
> "Bill Sanderson" wrote:
>
>> OK - perhaps I mis-read your post.
>>
>> I'd suggest a repair of Windows Defender, via control panel, add or
>> remove
>> programs, windows defender, change or remove, then, I believe, repair
>> from
>> there. If it is not under that button, try the button on the left.
>>
>> --
>>
>> "Bill Sanderson" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Likely this particular startup item has permissions set on it which
>> > prevent "administrator" from removing it.
>> >
>> > This makes me wonder whether your machine is, in fact, clean.
>> >
>> > I'd recommend running the current Microsoft Malicious Software Removal
>> > tool --the december version, if you have not done so since the
>> > infection.
>> > If you downloaded it with the December security patches, MRT.EXE should
>> > be
>> > in your System32 subdirectory.
>> >
>> > Beyond that, I'd recommend posting a HijackThis log to a comptetent
>> > forum
>> > for getting assistance in cleaning the machine. I'm afraid I'm
>> > sufficiently out of the loop at the moment as to not have a suggestion
>> > about where to do this.
>> >
>> > You could, alternatively call 1-866-pcsafety if you are in the U.S. or
>> > Canada for free help from Microsoft PSS on this issue.
>> >
>> >
>> >
>> > --
>> >
>> > "Mike Dora" <(E-Mail Removed)> wrote in message
>> > news:1EC559E6-5579-49A3-9EA8-(E-Mail Removed)...
>> >> Whenever I run WD/Software Explorer, and attempt to disable a
>> >> "startuo"
>> >> program, I get the message: "The Microsoft Windows Software Explorer
>> >> returned
>> >> an error: 0x80070005. Access is denied.
>> >>
>> >> This option did work before, when I downloaded WD a couple of weeks
>> >> ago
>> >> (I
>> >> am running Windows XP), but now it doesn't. Since then I have
>> >> completely
>> >> sanitised my machine, following an irritating Vundo infection (WD was
>> >> one
>> >> of
>> >> the utilities I used to find and delete all its traces).
>> >>
>> >> Any clues anyone?
>> >>
>> >> MD
>> >>
>> >>
>> >
>>
>>
Similar Threads
