| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 111509 | 2010-07-30 12:26:00 | Removing Registry Item (found by TrjnRem} | blanco (11336) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1123434 | 2010-07-30 12:26:00 | Win XP SP3. somebody else's PC. Trojan remover shows a registry entry but will not remove or rename it: "HKLM\sys\current control set\services\MS Office Groove Audit service Y", tagged "image path". MS Office has been uninstalled using Revo and a system search shows no files related. THis does not show up in HiJackThis display or log. Tried to delete/rename in regedit but no success. I think this is some kind of stealth add-on but I am not sure. If it is not meant to be there I would like to get rid of it because it may be causing problems. My questions are: Shoud I be concerned about it and How can I get rid of it ? Regards |
blanco (11336) | ||
| 1123435 | 2010-07-30 17:59:00 | Try this ccollomb.free.fr |
feersumendjinn (64) | ||
| 1123436 | 2010-07-30 19:41:00 | Thanks for the link but this is what I get:- Reported Unsafe Website: Navigation Blocked This website has been reported as unsafe ccollomb.free.fr We recommend that you do not continue to this website. Go to my home page instead This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information. More information This website has been reported to contain the following threats: Malicious software threat: This site contains links to viruses or other software programs that can reveal personal information stored or typed on your computer to malicious persons. Learn more about phishing Learn more about malicious software Report that this site does not contain threats Disregard and continue (not recommended) |
blanco (11336) | ||
| 1123437 | 2010-07-30 20:04:00 | Looks like its part of Office. What version of office? Unlocker is safe. Altho I doubt it'll unlock things in the registry | Speedy Gonzales (78) | ||
| 1123438 | 2010-07-30 20:09:00 | Office 2007 was installed but I uninstalled with Revo. Malwarebytes shows it as a possible stealth file but won't Zap it |
blanco (11336) | ||
| 1123439 | 2010-07-30 20:13:00 | Get Ripoutoffice2007 from here http://www.refusetosuffer.com/ The link is on the right. Run it then wait for it to finish then reboot |
Speedy Gonzales (78) | ||
| 1123440 | 2010-07-30 20:17:00 | Thanks Speedy. I'll give it a go. | blanco (11336) | ||
| 1123441 | 2010-07-30 20:53:00 | Ran the ripout which reported success but reg item still there. Found a page on reg entry delete which I haven't got time to explore at this time Tomorrow, probably |
blanco (11336) | ||
| 1123442 | 2010-07-30 21:02:00 | Go to start/run type services.msc Does MS Office Groove Audit service Y appear here?? You may have to give yourself permission to delete HKLM\sys\current control set\services\MS Office Groove Audit service Y in the registry. Go to start/run, type regedit. Go to HKLM\sys\current control set\services\ right mouse on it / select permissions. Select your name. Then tick full control then OK. Then delete that service (DON'T delete anything else) If this is ghosted, you'll have to click on advanced button / owner. Select your username then / replace owner down the bottom, then OK. Then select your username again tick allow full control. Then you should be able to delete that entry |
Speedy Gonzales (78) | ||
| 1 | |||||