Registry Editor

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.file_system (More info?)

I'm unable to delete a registry value:
HKLM\software\microsoft\windows\currentversion\registration\*playmc

This runs the following command:
c:\winnt\registration\playmc.exe rerun

Can't delete this file because of sharing violation. If I terminate the
service in system manager, it respawns. I want to kill this service and
delete the program. Any suggestions would help.

Thanks, Andrew
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.file_system (More info?)

Andrew,

Is it spyware? I've had (spyware) situations like that where i'd log in to
the recovery console, delete the exe and then remove the registry entry once
I was back in the gui. You can install the recovery console from the i386
folder on the Winxp cd by running Winnt32 /cmdcons.

Best Regards,
G. Samuel Hays


"acira" <acira@discussions.microsoft.com> wrote in message
news:EAE9903D-7E0E-4148-B81C-D9D85E1B81CA@microsoft.com...
> I'm unable to delete a registry value:
> HKLM\software\microsoft\windows\currentversion\registration\*playmc
>
> This runs the following command:
> c:\winnt\registration\playmc.exe rerun
>
> Can't delete this file because of sharing violation. If I terminate the
> service in system manager, it respawns. I want to kill this service and
> delete the program. Any suggestions would help.
>
> Thanks, Andrew
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.file_system (More info?)

This is spyware.
In fact, I did go into the recovery console to delete the *.exe file. But
I'm still getting winantivirus.com pop-ups. McAfee identifies these as
Vundo.dr infections. And new random named *.exe files are created. I
couldn't identify anything with the HijackThis logfile.

Any other suggestions.

"G. Samuel Hays" wrote:

> Andrew,
>
> Is it spyware? I've had (spyware) situations like that where i'd log in to
> the recovery console, delete the exe and then remove the registry entry once
> I was back in the gui. You can install the recovery console from the i386
> folder on the Winxp cd by running Winnt32 /cmdcons.
>
> Best Regards,
> G. Samuel Hays
>
>
> "acira" <acira@discussions.microsoft.com> wrote in message
> news:EAE9903D-7E0E-4148-B81C-D9D85E1B81CA@microsoft.com...
> > I'm unable to delete a registry value:
> > HKLM\software\microsoft\windows\currentversion\registration\*playmc
> >
> > This runs the following command:
> > c:\winnt\registration\playmc.exe rerun
> >
> > Can't delete this file because of sharing violation. If I terminate the
> > service in system manager, it respawns. I want to kill this service and
> > delete the program. Any suggestions would help.
> >
> > Thanks, Andrew
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.file_system (More info?)

Ok,

First thing: wildcards don't work in the recovery console. You must type in
the names individually. (Not sure if you were just typing it that was for
speed's sake).
However - The problem we had here was that a file would generate random
names and respawn on termination so you couldn't kill it. What I ended up
doing, was going to sysinternals and grabbing the filemon utility. I found
which process was respawning but more importantly *where* the file sat.
After finding that - went into the recovery console, crushed all related
files. Have you run ad-aware and spybot as well? You're probably going to
have to do some serious investigating to get the respawn app killed. Good
luck!

G. Samuel Hays
P.s. Now that I think about it, with sysinternals' PSTOOLs you may be able
to really terminate the process (-KILL, i think) without it respawning.

"acira" <acira@discussions.microsoft.com> wrote in message
news:DC72D814-B16B-41D8-8115-84F919D868E3@microsoft.com...
> This is spyware.
> In fact, I did go into the recovery console to delete the *.exe file. But
> I'm still getting winantivirus.com pop-ups. McAfee identifies these as
> Vundo.dr infections. And new random named *.exe files are created. I
> couldn't identify anything with the HijackThis logfile.
>
> Any other suggestions.
>
> "G. Samuel Hays" wrote:
>
>> Andrew,
>>
>> Is it spyware? I've had (spyware) situations like that where i'd log in
>> to
>> the recovery console, delete the exe and then remove the registry entry
>> once
>> I was back in the gui. You can install the recovery console from the
>> i386
>> folder on the Winxp cd by running Winnt32 /cmdcons.
>>
>> Best Regards,
>> G. Samuel Hays
>>
>>
>> "acira" <acira@discussions.microsoft.com> wrote in message
>> news:EAE9903D-7E0E-4148-B81C-D9D85E1B81CA@microsoft.com...
>> > I'm unable to delete a registry value:
>> > HKLM\software\microsoft\windows\currentversion\registration\*playmc
>> >
>> > This runs the following command:
>> > c:\winnt\registration\playmc.exe rerun
>> >
>> > Can't delete this file because of sharing violation. If I terminate
>> > the
>> > service in system manager, it respawns. I want to kill this service
>> > and
>> > delete the program. Any suggestions would help.
>> >
>> > Thanks, Andrew
>>
>>
>>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom