Regedit "Error while opening key"

A

Andrew Aronoff

I'm running Windows XP Pro SP2 under MS Virtual PC (VPC) 2004 SP1. The
VPC XP install is perfectly clean as is the host system. I received
via e-mail a SOFTWARE hive from a system infected by adware.
RootKitRevealer was run on the infected PC and it identified a
HKLM\Software\Classes\CLSID\InprocServer32 key with the following
anomaly:

Key name contains embedded nulls (*)

I copied the SOFTWARE hive to a folder accessible to the VPC install.
I opened REGEDIT and loaded the SOFTWARE hive. The InprocServer32 key
cannot be viewed. The error message is: "Cannot open InprocServer32:
Error while opening key." Ownership and permissions cannot be reset on
this key. Neither this key nor the parent key can be deleted.

How can this key be managed with Regedit so it can be deleted and,
optionally, viewed?

regards, Andy
--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

**********
 
D

Doug Knox MS-MVP

Look into Bart's PE. Its a mini Windows environment. Regedit can be run from there, and the usual permissions and security measures don't apply.
 
A

Andrew Aronoff

Bart's PE would work if this was a problem with the host or VPC
install, but it's not. Neither install is infected.

The problem, in fact, is the Win32 API used by REGEDIT, which can
view, but cannot manage, registry key names with embedded nulls. (It's
amazing how little info there is about this problem in the MS
newsgroups.)

The nature of the problem is described here:
http://www.sysinternals.com/Information/TipsAndTrivia.html#HiddenKeys

This link will also work: http://tinyurl.com/azzto

The "RegDelNull" tool will allow the null-containing entries to be
deleted. It can be downloaded here:

http://www.sysinternals.com/Utilities/RegDelNull.html

.... but MS should provide a better command-line tool that allows the
key and/or name/value pair to be fully managed.

Better, MS should prevent such data from being written to the registry
in the first place in all Windows versions. (IMHO, that's precisely
what the OS is for.)

regards, Andy

Doug Knox MS-MVP said:
Look into Bart's PE. Its a mini Windows environment. Regedit can be
run from there, and the usual permissions and security measures don't
apply.
Click to expand...


--
**********

Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com

To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org

**********
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Anti-virus, anti-spyware freezing in Win XP 9
Registry inadvertently deleted, restore failed 2
Unknown error 80040119 when sending and receiving 13
Can delete a registry key 22
HKLM/Software - "Error Opening Key" 0
Registry problem: "Error while deleting key" 10
Regedit: error while deleting key 3
regedit no good? 8

Top