[maralinga24]

despite turning off System restore, NoAdware V3.0 repeatedly finds Backdoor.Ryejet in registry despite scanning/cleaning with Norton 2005 Internet security / Antivirus, X-Soft SPy, nod.32, RegVax, Regfix, Ad-Aware-SE Personal. Is there a way of seeing and deleting the registry value using dos, please?

Location is said to be HKEY_CURRENT_USER\Software\Microsoft\PCHealth\HelpCentre\UserSettings.

Thanks for any assistance.

[Advertisements]

Welcome to GTG.

I suggest giving us a HijackThis log also. But before you do that, read the link below in my signature (Read this before posting your HijackThis log..). Once that's done, do the below:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ and delete MdeRy
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\ and delete LEGACY_MDERY
HKEY_CURRENT_USER\Software\Microsoft\ and delete PCHealth

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may use Panda ActiveScan also at http://www.pandasoft...ucts/activescan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Restart and now run HijackThis. Save the log and post it here.

[greyknight17]

Welcome to GTG.

I suggest giving us a HijackThis log also. But before you do that, read the link below in my signature (Read this before posting your HijackThis log..). Once that's done, do the below:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ and delete MdeRy
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\ and delete LEGACY_MDERY
HKEY_CURRENT_USER\Software\Microsoft\ and delete PCHealth

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may use Panda ActiveScan also at http://www.pandasoft...ucts/activescan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Restart and now run HijackThis. Save the log and post it here.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.