Cannot Delete Registry Key

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello, I am in the process of cleaning spyware off of a computer and
have almost completely cleaned it. However, one registry key remains
that just will not go away. The key is
HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
take ownership of this key, and I am logged in as an administrator of
this machine. I continually get a cannot delete registry key error.
Also, this is the only problem that is found in Spybot, and spybot will
not "fix" the problem either.

I have done all the major spyware and virus sweeps in safe mode, and
have followed normal best practices for removing spyware. This one key
eludes me. Can anyone help?

Thanks.
7 answers Last reply
More about cannot delete registry
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thanks for the response.

    Unfortunately, I have done all of the prescribed steps. I have
    assigned full control permissions on the invalid key, and have also
    tried to take ownership of the key. For some reason, it will not allow
    me to delete it. I am an administrator on this machine, and according
    to the permissions on the bad key, I have full control. Any other
    suggestions?

    Thanks,
    Brian

    Wesley Vogel wrote:
    > Forget regedt32, use regedit.
    >
    > [[Regedt32.exe
    > In Windows XP and Windows Server 2003, Regedt32.exe is a small
    > program that just runs Regedit.exe. ]]
    > Differences Between Regedit.exe and Regedt32.exe
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
    >
    > Caution
    > [[Incorrectly editing the registry may severely damage your system. Before
    > making changes to the registry, you should back up any valued data on your
    > computer. ]]
    >
    > Try this...
    > Reset the registry permissions
    > As soon as you have found the registry subkey that has the incorrect
    > permissions, update the permissions for that subkey.
    >
    > To update the permissions of the registry subkey, follow these steps:
    > a. Click Start, click Run, type regedit, and then click OK to start
    > Registry Editor.
    > b. Locate and right-click the registry subkey:
    > and then click Permissions.
    > c. Under Group or user names, click Administrators.
    > d. Under Permissions for Administrators, make sure that the Allow check box
    > for the following entries is selected:
    > · Full Control
    > · Read
    > e. Click Apply, and then click OK.
    > f. On the File menu, click Exit to quit Registry Editor.
    >
    > Open the Registry Editor again and see if you can delete the key now.
    >
    > If not, try this...
    > Start | Run | Type: regedit | OK |
    > Navigate to >>>
    > the said key
    > Right click the key in the left hand pane | Permissions... | Advanced
    > button | Owner tab | click the new owner and then click OK.
    >
    > [[You can take ownership of a registry key if you are logged on as an
    > administrator or if you have been specifically assigned the permission to
    > take ownership of the registry key by the current owner. ]]
    >
    > See permissions, registry in Registry Editor HELP.
    >
    > To assign permissions to a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx
    >
    > To assign special access to a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_assign_specacc.mspx
    >
    > To grant Full Control of a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_yield_own.mspx
    >
    > To add users or groups to the audit list
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_audit_key_adduser.mspx
    >
    > To add users or groups to the Permissions list
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_adduser.mspx
    >
    > To remove a user or group from the Permissions list
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_remove.mspx
    >
    > To take ownership of a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx
    >
    >
    > --
    > Hope this helps. Let us know.
    >
    > Wes
    > MS-MVP Windows Shell/User
    >
    > In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
    > Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
    > > Hello, I am in the process of cleaning spyware off of a computer and
    > > have almost completely cleaned it. However, one registry key remains
    > > that just will not go away. The key is
    > > HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
    > > take ownership of this key, and I am logged in as an administrator of
    > > this machine. I continually get a cannot delete registry key error.
    > > Also, this is the only problem that is found in Spybot, and spybot will
    > > not "fix" the problem either.
    > >
    > > I have done all the major spyware and virus sweeps in safe mode, and
    > > have followed normal best practices for removing spyware. This one key
    > > eludes me. Can anyone help?
    > >
    > > Thanks.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Forget regedt32, use regedit.

    [[Regedt32.exe
    In Windows XP and Windows Server 2003, Regedt32.exe is a small
    program that just runs Regedit.exe. ]]
    Differences Between Regedit.exe and Regedt32.exe
    http://support.microsoft.com/default.aspx?scid=kb;en-us;141377

    Caution
    [[Incorrectly editing the registry may severely damage your system. Before
    making changes to the registry, you should back up any valued data on your
    computer. ]]

    Try this...
    Reset the registry permissions
    As soon as you have found the registry subkey that has the incorrect
    permissions, update the permissions for that subkey.

    To update the permissions of the registry subkey, follow these steps:
    a. Click Start, click Run, type regedit, and then click OK to start
    Registry Editor.
    b. Locate and right-click the registry subkey:
    and then click Permissions.
    c. Under Group or user names, click Administrators.
    d. Under Permissions for Administrators, make sure that the Allow check box
    for the following entries is selected:
    • Full Control
    • Read
    e. Click Apply, and then click OK.
    f. On the File menu, click Exit to quit Registry Editor.

    Open the Registry Editor again and see if you can delete the key now.

    If not, try this...
    Start | Run | Type: regedit | OK |
    Navigate to >>>
    the said key
    Right click the key in the left hand pane | Permissions... | Advanced
    button | Owner tab | click the new owner and then click OK.

    [[You can take ownership of a registry key if you are logged on as an
    administrator or if you have been specifically assigned the permission to
    take ownership of the registry key by the current owner. ]]

    See permissions, registry in Registry Editor HELP.

    To assign permissions to a registry key
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx

    To assign special access to a registry key
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_assign_specacc.mspx

    To grant Full Control of a registry key
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_yield_own.mspx

    To add users or groups to the audit list
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_audit_key_adduser.mspx

    To add users or groups to the Permissions list
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_adduser.mspx

    To remove a user or group from the Permissions list
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_remove.mspx

    To take ownership of a registry key
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx


    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
    Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
    > Hello, I am in the process of cleaning spyware off of a computer and
    > have almost completely cleaned it. However, one registry key remains
    > that just will not go away. The key is
    > HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
    > take ownership of this key, and I am logged in as an administrator of
    > this machine. I continually get a cannot delete registry key error.
    > Also, this is the only problem that is found in Spybot, and spybot will
    > not "fix" the problem either.
    >
    > I have done all the major spyware and virus sweeps in safe mode, and
    > have followed normal best practices for removing spyware. This one key
    > eludes me. Can anyone help?
    >
    > Thanks.
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Reboot and try again. <shrug>

    When something won't work the first time, I always try rebooting.

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:1124323657.218189.96270@g14g2000cwa.googlegroups.com,
    Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
    > Thanks for the response.
    >
    > Unfortunately, I have done all of the prescribed steps. I have
    > assigned full control permissions on the invalid key, and have also
    > tried to take ownership of the key. For some reason, it will not allow
    > me to delete it. I am an administrator on this machine, and according
    > to the permissions on the bad key, I have full control. Any other
    > suggestions?
    >
    > Thanks,
    > Brian
    >
    > Wesley Vogel wrote:
    >> Forget regedt32, use regedit.
    >>
    >> [[Regedt32.exe
    >> In Windows XP and Windows Server 2003, Regedt32.exe is a small
    >> program that just runs Regedit.exe. ]]
    >> Differences Between Regedit.exe and Regedt32.exe
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
    >>
    >> Caution
    >> [[Incorrectly editing the registry may severely damage your system.
    >> Before making changes to the registry, you should back up any valued
    >> data on your computer. ]]
    >>
    >> Try this...
    >> Reset the registry permissions
    >> As soon as you have found the registry subkey that has the incorrect
    >> permissions, update the permissions for that subkey.
    >>
    >> To update the permissions of the registry subkey, follow these steps:
    >> a. Click Start, click Run, type regedit, and then click OK to start
    >> Registry Editor.
    >> b. Locate and right-click the registry subkey:
    >> and then click Permissions.
    >> c. Under Group or user names, click Administrators.
    >> d. Under Permissions for Administrators, make sure that the Allow check
    >> box for the following entries is selected:
    >> · Full Control
    >> · Read
    >> e. Click Apply, and then click OK.
    >> f. On the File menu, click Exit to quit Registry Editor.
    >>
    >> Open the Registry Editor again and see if you can delete the key now.
    >>
    >> If not, try this...
    >> Start | Run | Type: regedit | OK |
    >> Navigate to >>>
    >> the said key
    >> Right click the key in the left hand pane | Permissions... | Advanced
    >> button | Owner tab | click the new owner and then click OK.
    >>
    >> [[You can take ownership of a registry key if you are logged on as an
    >> administrator or if you have been specifically assigned the permission to
    >> take ownership of the registry key by the current owner. ]]
    >>
    >> See permissions, registry in Registry Editor HELP.
    >>
    >> To assign permissions to a registry key
    >>
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx
    >>
    >> To assign special access to a registry key
    >>
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_assign_specacc.mspx
    >>
    >> To grant Full Control of a registry key
    >>
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_yield_own.mspx
    >>
    >> To add users or groups to the audit list
    >>
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_audit_key_adduser.mspx
    >>
    >> To add users or groups to the Permissions list
    >>
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_adduser.mspx
    >>
    >> To remove a user or group from the Permissions list
    >>
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_remove.mspx
    >>
    >> To take ownership of a registry key
    >>
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx
    >>
    >>
    >> --
    >> Hope this helps. Let us know.
    >>
    >> Wes
    >> MS-MVP Windows Shell/User
    >>
    >> In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
    >> Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
    >>> Hello, I am in the process of cleaning spyware off of a computer and
    >>> have almost completely cleaned it. However, one registry key remains
    >>> that just will not go away. The key is
    >>> HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
    >>> take ownership of this key, and I am logged in as an administrator of
    >>> this machine. I continually get a cannot delete registry key error.
    >>> Also, this is the only problem that is found in Spybot, and spybot will
    >>> not "fix" the problem either.
    >>>
    >>> I have done all the major spyware and virus sweeps in safe mode, and
    >>> have followed normal best practices for removing spyware. This one key
    >>> eludes me. Can anyone help?
    >>>
    >>> Thanks.
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hey Fitz,

    Yes I did try in safe mode. I have rebooted multiple times as well...

    The key I am trying to delete is
    HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\PSGuard

    If anyone has any other ideas, it would be much appreciated. This
    thing is stubborn.

    Thank you!


    Fitz wrote:
    > I didn't see in your post if you tried to delete the key while in Safe Mode.
    > By the way, what is the key you're trying to delete?
    >
    >
    > "Brian Pritts" <capn.elwood@gmail.com> wrote in message
    > news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
    > Thanks for the response.
    >
    > Unfortunately, I have done all of the prescribed steps. I have
    > assigned full control permissions on the invalid key, and have also
    > tried to take ownership of the key. For some reason, it will not allow
    > me to delete it. I am an administrator on this machine, and according
    > to the permissions on the bad key, I have full control. Any other
    > suggestions?
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I didn't see in your post if you tried to delete the key while in Safe Mode.
    By the way, what is the key you're trying to delete?


    "Brian Pritts" <capn.elwood@gmail.com> wrote in message
    news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
    Thanks for the response.

    Unfortunately, I have done all of the prescribed steps. I have
    assigned full control permissions on the invalid key, and have also
    tried to take ownership of the key. For some reason, it will not allow
    me to delete it. I am an administrator on this machine, and according
    to the permissions on the bad key, I have full control. Any other
    suggestions?

    Thanks,
    Brian

    Wesley Vogel wrote:
    > Forget regedt32, use regedit.
    >
    > [[Regedt32.exe
    > In Windows XP and Windows Server 2003, Regedt32.exe is a small
    > program that just runs Regedit.exe. ]]
    > Differences Between Regedit.exe and Regedt32.exe
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
    >
    > Caution
    > [[Incorrectly editing the registry may severely damage your system. Before
    > making changes to the registry, you should back up any valued data on your
    > computer. ]]
    >
    > Try this...
    > Reset the registry permissions
    > As soon as you have found the registry subkey that has the incorrect
    > permissions, update the permissions for that subkey.
    >
    > To update the permissions of the registry subkey, follow these steps:
    > a. Click Start, click Run, type regedit, and then click OK to start
    > Registry Editor.
    > b. Locate and right-click the registry subkey:
    > and then click Permissions.
    > c. Under Group or user names, click Administrators.
    > d. Under Permissions for Administrators, make sure that the Allow check
    > box
    > for the following entries is selected:
    > · Full Control
    > · Read
    > e. Click Apply, and then click OK.
    > f. On the File menu, click Exit to quit Registry Editor.
    >
    > Open the Registry Editor again and see if you can delete the key now.
    >
    > If not, try this...
    > Start | Run | Type: regedit | OK |
    > Navigate to >>>
    > the said key
    > Right click the key in the left hand pane | Permissions... | Advanced
    > button | Owner tab | click the new owner and then click OK.
    >
    > [[You can take ownership of a registry key if you are logged on as an
    > administrator or if you have been specifically assigned the permission to
    > take ownership of the registry key by the current owner. ]]
    >
    > See permissions, registry in Registry Editor HELP.
    >
    > To assign permissions to a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx
    >
    > To assign special access to a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_assign_specacc.mspx
    >
    > To grant Full Control of a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_yield_own.mspx
    >
    > To add users or groups to the audit list
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_audit_key_adduser.mspx
    >
    > To add users or groups to the Permissions list
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_adduser.mspx
    >
    > To remove a user or group from the Permissions list
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_remove.mspx
    >
    > To take ownership of a registry key
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx
    >
    >
    > --
    > Hope this helps. Let us know.
    >
    > Wes
    > MS-MVP Windows Shell/User
    >
    > In news:1124322456.709020.264370@o13g2000cwo.googlegroups.com,
    > Brian Pritts <capn.elwood@gmail.com> hunted and pecked:
    > > Hello, I am in the process of cleaning spyware off of a computer and
    > > have almost completely cleaned it. However, one registry key remains
    > > that just will not go away. The key is
    > > HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
    > > take ownership of this key, and I am logged in as an administrator of
    > > this machine. I continually get a cannot delete registry key error.
    > > Also, this is the only problem that is found in Spybot, and spybot will
    > > not "fix" the problem either.
    > >
    > > I have done all the major spyware and virus sweeps in safe mode, and
    > > have followed normal best practices for removing spyware. This one key
    > > eludes me. Can anyone help?
    > >
    > > Thanks.
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Try this link and see if it helps. Let us know.
    http://www.bleepingcomputer.com/forums/How_to_remove_the_Smitfraud_Quicknavigate_VirtualMaid-t17258.html


    "Brian Pritts" <capn.elwood@gmail.com> wrote in message
    news:1124365391.824501.59070@g44g2000cwa.googlegroups.com...
    > Hey Fitz,
    >
    > Yes I did try in safe mode. I have rebooted multiple times as well...
    >
    > The key I am trying to delete is
    > HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\PSGuard
    >
    > If anyone has any other ideas, it would be much appreciated. This
    > thing is stubborn.
    >
    > Thank you!
    >
    >
    > Fitz wrote:
    >> I didn't see in your post if you tried to delete the key while in Safe
    >> Mode.
    >> By the way, what is the key you're trying to delete?
    >>
    >>
    >> "Brian Pritts" <capn.elwood@gmail.com> wrote in message
    >> news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
    >> Thanks for the response.
    >>
    >> Unfortunately, I have done all of the prescribed steps. I have
    >> assigned full control permissions on the invalid key, and have also
    >> tried to take ownership of the key. For some reason, it will not allow
    >> me to delete it. I am an administrator on this machine, and according
    >> to the permissions on the bad key, I have full control. Any other
    >> suggestions?
    >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Also try this one:
    http://labs.paretologic.com/spyware.aspx?remove=PSGuard


    "Fitz" <SENDNOMAIL@hotmail.com> wrote in message
    news:7J3Ne.142104$Kp2.13606489@twister.southeast.rr.com...
    > Try this link and see if it helps. Let us know.
    > http://www.bleepingcomputer.com/forums/How_to_remove_the_Smitfraud_Quicknavigate_VirtualMaid-t17258.html
    >
    >
    > "Brian Pritts" <capn.elwood@gmail.com> wrote in message
    > news:1124365391.824501.59070@g44g2000cwa.googlegroups.com...
    >> Hey Fitz,
    >>
    >> Yes I did try in safe mode. I have rebooted multiple times as well...
    >>
    >> The key I am trying to delete is
    >> HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\PSGuard
    >>
    >> If anyone has any other ideas, it would be much appreciated. This
    >> thing is stubborn.
    >>
    >> Thank you!
    >>
    >>
    >> Fitz wrote:
    >>> I didn't see in your post if you tried to delete the key while in Safe
    >>> Mode.
    >>> By the way, what is the key you're trying to delete?
    >>>
    >>>
    >>> "Brian Pritts" <capn.elwood@gmail.com> wrote in message
    >>> news:1124323657.218189.96270@g14g2000cwa.googlegroups.com...
    >>> Thanks for the response.
    >>>
    >>> Unfortunately, I have done all of the prescribed steps. I have
    >>> assigned full control permissions on the invalid key, and have also
    >>> tried to take ownership of the key. For some reason, it will not allow
    >>> me to delete it. I am an administrator on this machine, and according
    >>> to the permissions on the bad key, I have full control. Any other
    >>> suggestions?
    >>
    >
    >
Ask a new question

Read More

Registry Spyware Windows XP