Solved

After virus issues

Posted on 2013-05-24
11
313 Views
Last Modified: 2013-11-22
Howdy all.  I have a client workstation that had a nasty bug.  I was able to clean it and restore desktop etc., but every program pops up an error "Illegal operation attempted on a registry key marked for deletion".  On some of the shortcuts I've been able to make it work by giving the program "start as administrator".  The rest won't allow that option to be checked.  Office 2010 is one of them.  Anything else I can do to fix this?
Thanks,
jwhite
0
Comment
Question by:jwhite273
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 24

Expert Comment

by:aadih
Comment Utility
What OS?   What bug?  What anti-virus program used to clean?  Some details are necessary?
0
 
LVL 17

Assisted Solution

by:upul007
upul007 earned 166 total points
Comment Utility
If you did not clean the virus in safe mode, perhaps doing it that way will help clear the registry entries.
0
 
LVL 19

Expert Comment

by:helpfinder
Comment Utility
Did you try to reinstall affected programs (e.g. MS Office)?

what if you try to log on as different user on that machine? Do you have problems to run apps as well?
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Try running SFC /SCANNOW and reboot the computer and see what happens.
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
This is often seen when using Combofix to clean a system and not rebooting when told.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:jwhite273
Comment Utility
Ok, here's the rest of the info I should have included.
OS is Win 7 x64
Bug appears to be PCRestorePro
Working in safe mode I have been able to use Malwarebytes and Combofix.  Spybot S&D 2 would not launch.
Office 2010 has been uninstalled/reinstalled.
Able to get back in real mode, but as I stated above, some progs are throwing the error.  On those I can set run as admin, work, the rest don't.

Sorry for not including this in the first place.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 167 total points
Comment Utility
Let me preface by stating clearly that I am not a Combofix expert.

What I have been told is that when this happens after running Combofix it can sometimes be fixed by rebooting.  It may take a few reboots to resolve.  

Again, I want to stress that I am not a Combofix expert.
0
 
LVL 24

Accepted Solution

by:
aadih earned 167 total points
Comment Utility
Can you run MBAM in normal windows?  If so, run it.

Also did you try to restore the system to an earlier date?  If you can, please do a system restore.
0
 

Author Comment

by:jwhite273
Comment Utility
OK, ran Mbytes in real mode, found more crap and removed.  Finally got Spybot 2 running, again more stuff removed, ran Combofix in realm mode and that found more.  After aqll 3 and a quick run of mbar, we seem to be operating normally.  What confuses me is that when I clean a machine in safe mode, that's usually the end of it.  This is the first time I've had to rerun programs to get the proper results.  Thanks all.
0
 

Author Closing Comment

by:jwhite273
Comment Utility
Thanks again all.
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
You must always run the scanning program in normal mode first.  If that is not available or the program does not run, then it must be run in safe mode. But after the normal mode becomes available, it must be run from the noraml mode.

Great.  You got it working.  :-)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Crypto Ransomware 9 100
.locky virus 5 38
Virus or Ransom ware 6 319
Spam mails from a compromised internal computer 5 24
12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now