I have 3 files in the registry editor under HKey_Local_Machine
& in the Runonce section that are a problem one is a Syminstallstub that the statup is trying to find and can,t so it sits until given permission to continue now I can modify these files but cannot delete, I have tried under normal conditions to delete but no good,
Then under safe mode with various viris scanners, also registry cleaner and Hijack also to no avail these files just won't go I would like to delete these these files if possible when I try to delete they seem to delete because the system does not refuse to delete but when I proceed to another function and come back to runonce section they have returned by the way the O.S. I am using is XP.
Thanks for the reply No I had not disabled System restore but having done that it made no difference I still cannot delete this file.
Just a question has anyone tried any of the registry removing software that is available on the web and what success have you had ?.
The files I am refering too exist in the registry editor -HKEY_LOCAL_MACHINE.
Name Type Data
ab Syminstall REG_SZ C:\Documents~1\user\Locals~1\Temp\Sym
That is where the file is and the type.
Again thanks for the reply and appreciate the help actually I thought that system restore nearly fixed the problem but it came back can there be a sub entry of the problem file.
I can't delete the files of the registry keys, when I try to delete the files there is no comment they delete but when I go to another Key or file and come back to runonce which is a sub key the file is back and I have tried various attacks on this file in safe mode something similiar to your suggestion and others but it comes back and when I restart the PC it won't proceed until it finds this file or I acknowledge with a OK then it proceeds as normal there are also 2 other files in the same subkey Runonce that effect the facepage of firefox but I created a new profile and transfered the face page I wanted and that has overcome that problem even though the problem file is still there in the registry.
Make sure you delete the old profile, after you get your documents over. Whatever virus is there is in the profile files. Also you can try to kill the rights on the RunOnce key, it's not used too often. Right-click on it, and remove all rights to it except for your new account. Take note of what the rights were before, you may need to revert it back for some things.
The problem file is still there, when I delete the problem files in safe mode, on the first restart the PC reboots normally but on the next restart it returns and the PC is looking for the problem file and won't continue until I ok the error this is very frutrating again thanks for the reply.
What is the best way to find addional entries in the registry editor for the problem values, I have tried search but it only gives the one in runonce, because I noticed there are several in the root key that are just key numbers which don't correspond word for word but could still be relevant?
Your system restore should not have worked at all if you shut it off as recomended in the starting posts, that should delete the existing restore points. Viruses tend to stick in the restore files, which is why we have this shut off in all of our work PCs, and I also have it shut off on my own computers at home.
What program did you use to try to clean this out? Did you delete the user account where that temp file is at? Run Malwarebytes, and run the Avira Antivir rescue disk (make the CD, boot from it, run the scan). If this does not work, you may want to just re-install Windows and wipe the drive.