Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Backdoor.Ryejet removal from registry using dos [CLOSED]


  • This topic is locked This topic is locked

#1
maralinga24

maralinga24

    New Member

  • Member
  • Pip
  • 1 posts
despite turning off System restore, NoAdware V3.0 repeatedly finds Backdoor.Ryejet in registry despite scanning/cleaning with Norton 2005 Internet security / Antivirus, X-Soft SPy, nod.32, RegVax, Regfix, Ad-Aware-SE Personal. Is there a way of seeing and deleting the registry value using dos, please?

Location is said to be HKEY_CURRENT_USER\Software\Microsoft\PCHealth\HelpCentre\UserSettings.

Thanks for any assistance.
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I suggest giving us a HijackThis log also. But before you do that, read the link below in my signature (Read this before posting your HijackThis log..). Once that's done, do the below:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ and delete MdeRy
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\ and delete LEGACY_MDERY
HKEY_CURRENT_USER\Software\Microsoft\ and delete PCHealth

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may use Panda ActiveScan also at http://www.pandasoft...ucts/activescan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Restart and now run HijackThis. Save the log and post it here.
  • 0

#3
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP