Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safe To Delete A Registy Key Entry?


  • Please log in to reply
5 replies to this topic

#1 kerryv

kerryv

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 20 December 2007 - 08:59 PM

Greetings!

Before posting my question I want to say you have a wonderful website and so much helpful information. I have always been the person who "fixes" computer issues for friends, family, and coworkers. I usually can help, but know when I am out of my league and when to ask for help...you only stop a running process one time when it crashes your computer!

My niece just gave me her computer to "fix" after being at college for 2 1/2 years. She knew it had problems, but even the paid "professionals" never truly got rid of her underlying issues. They just removed some of the symptoms for awhile. So, I thought "no problem". But after 30 hours of running multiple scanning softwares for multiple malware & virus issues I still wasn't getting to the root of the problems. In the meantime I found your website!!!

Today I was researching your site to figure out how to present my niece's computer issues to you. I was ready to give up. But then I read your articles and multiple user posts along with your "fixes" that had many of the same issues I was having. After several hours of research I attacked my niece's computer one more time.

I did the following four things: 1) found .dat files, renamed them to .txt, am currently changing passwords; 2) ran SDfix.exe; 3) ran vundofix.exe; and 4) removed Viewpoint Media Player. And "knock on wood" my issues appear to be resolved!!!!

Only one thing remains that I was not brave enough to do on my own. Every time I restart the computer an error message appears saying there was an error loading C:\windows\system32\lufbgwek.dll ... the specified module could not be found. This started happening after the first time I ran a Norton scan, where several thousand infected files were found and removed.

There is an entry in the registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - displaying the following info -
Name: 847505db
Type: REG32
Date: "rundll32.exe" "C:\windows\system32\lufbgwek.dll",b

Apparently something is trying to run, but there is nothing there to actually run.

SO - is it safe to entirely delete this line/entry from the registry? It seems logical to me that if the entry is gone, the startup will no longer try to run it....but logic is not always correct (and I don't mess with the registry unless I know exactly what to do).

This is my last issue (for now) with my niece's computer - except for the extensive education she is going to get from me about keeping her computer as safe and clean as possible in the future!!!

Let me know if you need any further information or if it is safe to delete the registry entry. (When you delete an entry, you just delete it, then close the regedit window - correct? You don't need to somehow "save" it before closing do you? - Just curious.)

Thanks so much for all the wonderful information you provide for everyone and for the upcoming answer to my question!

Have a great day,
Kerry

Edited by kerryv, 20 December 2007 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 AM

Posted 21 December 2007 - 01:44 PM

Before making any changes, Always back up your registry. ERUNT is an excellent FREE tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own.

Why not try this first. Download AutoRuns
  • Create a new folder on your hard drive called AutoRuns and extract (unzip) the file there. (click here if your not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the one you need to remove.
  • Right-click on the entry and choose delete.
  • Reboot your computer and it should be gone.

Edited by quietman7, 21 December 2007 - 01:46 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kerryv

kerryv
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 21 December 2007 - 06:56 PM

Thank you so very much. I applied both of your suggestions - did the registry backup (with the tool you suggested) then used AutoRuns and deleted the line in the startup that was creating my error message on startup. Restarted the computer, held my breath, and it restarted (big hurrah!) without any error messages (another big hurrah!).

So, for now, I think my niece's computer is "cleaned up" - thanks to all of this website's extensive articles and forums.

Thank you for your prompt response to my question as well. That did the trick!

Have a great day!

Kerry

Edited by kerryv, 21 December 2007 - 06:57 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 AM

Posted 22 December 2007 - 06:58 AM

Good job.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 kerryv

kerryv
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 23 December 2007 - 11:26 AM

Thanks for the final advice. I appreciate all your help!

Have a good one,
Kerry

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 AM

Posted 23 December 2007 - 10:36 PM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users