Posted 12 July 2010 - 12:37 PM
So I've had this on going problem that I've had a quick solution to but I can't seem to be rid of it for good. It started out as me being blocked by something telling me that the administrator wasn't allowing me to access task manager or the registry editor. However, I came across away to fix this by downloading hijackthis and fixing an HKCU registry item that had set DisableRegedit = 1. But when I tried to run regedit.exe it still gave me the error. So I went back to hijackthis and did yet another scan, the file appeared again.. So this time as soon as I deleted it I quickly ran regedit.exe and was able to get the registry editor open before the malware had a chance to disable my access to it again. Once I was into the registry I navigated to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System and found two REG_DWORD files there. One was called DisableTskMgr, the other was DisableRegistryTools. So I deleted both of them and tried to open up my task manager, but it still said no access. So I clicked on another folder within the registry and then back to the system folder again (to refresh the list), and to my surprise, the same two files had returned. So i tried setting their values to 0, the files quickly reset them back to 1. I tried renaming them, two new ones were created in their stead. Finally I just went into permissions for this folder and denied "Read" access to the "Administrators". Once I did that the files disappeared, but as soon as I re-enabled "Read", the files returned.
So I've run heaps of different legitimate scans, even some super secret one that Microsoft gave me the URL to over the phone. The scans managed to find and eliminate some stuff, but new problems always appeared... Now I've finally gotten it to the point where these returning registry keys are the only thing that seem to be wrong with my computer right now. Well, them and I'll get a random ass pop-up that creates its own installation of Firefox when I click a link (The address bar reads googlesyndication.com, then results.google.com, and finally a random site.. one of them even brought me to Yahoo.com *shrug*).
I've done a fair bit of research across a number of websites and can't seem to find anyone who has had this same problem of returning registry keys. So I figured I'd make my own post and hopefully someone would know what to do. Any help would be greatly appreciated.