After virus issues

Posted on 2013-05-24
Last Modified: 2013-11-22
Howdy all.  I have a client workstation that had a nasty bug.  I was able to clean it and restore desktop etc., but every program pops up an error "Illegal operation attempted on a registry key marked for deletion".  On some of the shortcuts I've been able to make it work by giving the program "start as administrator".  The rest won't allow that option to be checked.  Office 2010 is one of them.  Anything else I can do to fix this?
Question by:jwhite273
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
LVL 24

Expert Comment

ID: 39194518
What OS?   What bug?  What anti-virus program used to clean?  Some details are necessary?
LVL 17

Assisted Solution

upul007 earned 166 total points
ID: 39194532
If you did not clean the virus in safe mode, perhaps doing it that way will help clear the registry entries.
LVL 19

Expert Comment

ID: 39194538
Did you try to reinstall affected programs (e.g. MS Office)?

what if you try to log on as different user on that machine? Do you have problems to run apps as well?
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

LVL 14

Expert Comment

ID: 39194558
Try running SFC /SCANNOW and reboot the computer and see what happens.
LVL 26

Expert Comment

ID: 39194562
This is often seen when using Combofix to clean a system and not rebooting when told.

Author Comment

ID: 39195020
Ok, here's the rest of the info I should have included.
OS is Win 7 x64
Bug appears to be PCRestorePro
Working in safe mode I have been able to use Malwarebytes and Combofix.  Spybot S&D 2 would not launch.
Office 2010 has been uninstalled/reinstalled.
Able to get back in real mode, but as I stated above, some progs are throwing the error.  On those I can set run as admin, work, the rest don't.

Sorry for not including this in the first place.
LVL 26

Assisted Solution

pony10us earned 167 total points
ID: 39195101
Let me preface by stating clearly that I am not a Combofix expert.

What I have been told is that when this happens after running Combofix it can sometimes be fixed by rebooting.  It may take a few reboots to resolve.  

Again, I want to stress that I am not a Combofix expert.
LVL 24

Accepted Solution

aadih earned 167 total points
ID: 39195577
Can you run MBAM in normal windows?  If so, run it.

Also did you try to restore the system to an earlier date?  If you can, please do a system restore.

Author Comment

ID: 39195619
OK, ran Mbytes in real mode, found more crap and removed.  Finally got Spybot 2 running, again more stuff removed, ran Combofix in realm mode and that found more.  After aqll 3 and a quick run of mbar, we seem to be operating normally.  What confuses me is that when I clean a machine in safe mode, that's usually the end of it.  This is the first time I've had to rerun programs to get the proper results.  Thanks all.

Author Closing Comment

ID: 39195620
Thanks again all.
LVL 24

Expert Comment

ID: 39195625
You must always run the scanning program in normal mode first.  If that is not available or the program does not run, then it must be run in safe mode. But after the normal mode becomes available, it must be run from the noraml mode.

Great.  You got it working.  :-)

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
We got ransomware on the server fileserver 2012 17 173
Regedit Register where from, why everyday need to clean them  ? 13 101
Virus Kronos 4 126
Ransomware attacks 5 136
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question