Something Is Deleting Registry Values From Both Run Keys

J

Joel

And its not a virus or trojan - at least according to Norton
Antivirus. Seems to happen at boot time. Any values in the local
machine and current user run keys is deleted.

So for example, the norton entry to run ccapp which gets the icon in
the system tray for autoprotect, is deleted and ccapp is not run at
startup.

Anyone ever seen this or have an idea what to look for?

Joel
 
J

Joe Wright

Joel said:
And its not a virus or trojan - at least according to Norton
Antivirus. Seems to happen at boot time. Any values in the local
machine and current user run keys is deleted.

So for example, the norton entry to run ccapp which gets the icon in
the system tray for autoprotect, is deleted and ccapp is not run at
startup.

Anyone ever seen this or have an idea what to look for?

Joel
Click to expand...

Try running your A/V in Safe mode so it won't be disabled by the virus.
If your A/V allows a boot scan, try that. Or try one of these free
online virus scans:

This one has a choice of a Quick or a Complete check. Use the Complete
option.
http://www.pcpitstop.com/

Symantec
http://security.symantec.com/default.asp?productid=ssr&langid=ie&venid=sym

<url:http://security2.norton.com/us/home.asp?j=1&venid=sym&langid=us&plfid=20&pkj=IHBEXIBVEMBQAUWZKTK>
then click the Security check link.

http://housecall.antivirus.com/ free online virus scan

http://www.ewido.net/en/
 
J

Joel

Joel said:
Try running your A/V in Safe mode so it won't be disabled by the virus.
If your A/V allows a boot scan, try that. Or try one of these free
online virus scans:

This one has a choice of a Quick or a Complete check. Use the Complete
option.
http://www.pcpitstop.com/

Symantec
http://security.symantec.com/default.asp?productid=ssr&langid=ie&venid=sym

<url:http://security2.norton.com/us/home.asp?j=1&venid=sym&langid=us&plfid=20&pkj=IHBEXIBVEMBQAUWZKTK>
then click the Security check link.

http://housecall.antivirus.com/ free online virus scan

http://www.ewido.net/en/
Click to expand...

Are you convinced it is a virus and not errant commercial software?

Joel
 
J

Joe Wright

Joel said:
Are you convinced it is a virus and not errant commercial software?

Joel
Click to expand...

What anti-spyware programs are running? Disable them. I was trying
eliminate malware that might be shutting down Norton, etc. as a
possibility, but it's possible something you installed is over-zealous
in its duties.
 
J

Joel

Joel said:
What anti-spyware programs are running? Disable them. I was trying
eliminate malware that might be shutting down Norton, etc. as a
possibility, but it's possible something you installed is over-zealous
in its duties.
Click to expand...

Well I have two XP partitions and it is only happening on one of them.
Both have norton, blackice, and spybot running. The one with the
problem also has AOL installed with Spyware.

I'll disable that part of AOL and see if that makes a difference. I
complete scan of with Norton in safe mode turned up nothing.

I'm at the point where if I don't find it soon, I'll just ghost copy
the good one over the bad one, uninstall the apps I don't need and
slowly install the ones I do. In the big scheme of things, it may be
faster to do that than to figure out who the culprit is.

Joel
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

unable to delete registry keys 8
Can't delete a registry key 2
Msconfig always runs 2
Registry key 79932434 4
Editing registry 2
Deleted wrong Key in Window Registry 3
Data files deleted from My Documents, but file structure is intact 1
Can't delete this value from registry, HELP! 3

Top