Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mywebsearch


  • Please log in to reply
15 replies to this topic

#1 DisGuy

DisGuy

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 28 October 2010 - 01:30 PM

I found mywebsearchservice in the registry but it won't let me delete it
can someone help me remove it...
thanks in advance!!!!!!!

BC AdBot (Login to Remove)

 


#2 nitekram

nitekram

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 28 October 2010 - 01:40 PM

You are unable to delete a registry entry? What is the error message?

#3 DisGuy

DisGuy
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 28 October 2010 - 01:50 PM

Its says cannot delete Legacy_mywebsearchservice: error while deleting key

#4 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:10:32 AM

Posted 28 October 2010 - 01:59 PM

Try MalwareBytes AntiMalware
In the beginning there was the command line.

#5 DisGuy

DisGuy
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 28 October 2010 - 02:05 PM

I tried malwarebytes its only in the registry there's no files or folders
thanks though

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 28 October 2010 - 02:07 PM

I would check...browser add-ons for it and related files.

I would also run SUPERAntiSpyware.

Louis

Edited by hamluis, 28 October 2010 - 02:09 PM.


#7 DisGuy

DisGuy
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 28 October 2010 - 02:12 PM

yeah superantispyware is the one that found it and deleted it
but its still in the registry

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 28 October 2010 - 02:25 PM

What's the registry address you find it under?

Louis

#9 DisGuy

DisGuy
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 28 October 2010 - 02:28 PM

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 28 October 2010 - 02:42 PM

That section appears to reflect key services...I would see if a service is running in Task Manager and the list of services.

If so, I would disable/stop such, then see if the reg key can be deleted.

But...from what I read, you have a deeper problem that goes beyond deleting a registry entry.

My Web Search

That being a possibility, I suggest moving this to the Am I Infected forum.

Louis

#11 erikthegeek

erikthegeek

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 28 October 2010 - 03:05 PM

You can also try running the registry cleaner from Piriform.com called CCleaner

#12 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 28 October 2010 - 03:07 PM

You can also try running the registry cleaner from Piriform.com called CCleaner



Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

#13 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:10:32 AM

Posted 28 October 2010 - 03:12 PM

Try CWShredder
Although it is an older program, I still use it from time to time
Its a stand alone exe. No need to install
In the beginning there was the command line.

#14 DisGuy

DisGuy
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 28 October 2010 - 04:31 PM

hamluis,

ive done full scans with malwarebytes and superantivirus and nothing also
is showing aside from mywebsearchservice its not running on services and it doesnt show
up in hijackthis scans i've looked in program files and system32 theres no trace of it
its only in the registry

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 28 October 2010 - 05:58 PM

Try this:

DESCRIPTION:
SC is a command line program used for communicating with the
Service Control Manager and services.
USAGE:
sc <server> [command] [service name] <option1> <option2>...


The option <server> has the form "\\ServerName"
Further help on commands can be obtained by typing: "sc [command]"
Commands:
query-----------Queries the status for a service, or
enumerates the status for types of services.
queryex---------Queries the extended status for a service, or
enumerates the status for types of services.
start-----------Starts a service.
pause-----------Sends a PAUSE control request to a service.
interrogate-----Sends an INTERROGATE control request to a service.
continue--------Sends a CONTINUE control request to a service.
stop------------Sends a STOP request to a service.
config----------Changes the configuration of a service (persistent).
description-----Changes the description of a service.
failure---------Changes the actions taken by a service upon failure.
failureflag-----Changes the failure actions flag of a service.
sidtype---------Changes the service SID type of a service.
privs-----------Changes the required privileges of a service.
qc--------------Queries the configuration information for a service.
qdescription----Queries the description for a service.
qfailure--------Queries the actions taken by a service upon failure.
qfailureflag----Queries the failure actions flag of a service.
qsidtype--------Queries the service SID type of a service.
qprivs----------Queries the required privileges of a service.
delete----------Deletes a service (from the registry).
create----------Creates a service. (adds it to the registry).
control---------Sends a control to a service.
sdshow----------Displays a service's security descriptor.
sdset-----------Sets a service's security descriptor.
showsid---------Displays the service SID string corresponding to an arbitrary name.
GetDisplayName--Gets the DisplayName for a service.
GetKeyName------Gets the ServiceKeyName for a service.
EnumDepend------Enumerates Service Dependencies.

The following commands don't require a service name:
sc <server> <command> <option>
boot------------(ok | bad) Indicates whether the last boot should
be saved as the last-known-good boot configuration
Lock------------Locks the Service Database
QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
sc start MyService


But first see if sc is installed.

Edited by cryptodan, 28 October 2010 - 06:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users