Registry changes not sticking

[COB]

Hi Guys,

I would appreciate a bit of help on this one. i got a computer in recently and removed in excess of hundreds of instances of malware, trojans etc. The only problem is it is still bluescreening when rebott in normal mode.

When I reboot in safe mode it is fine but I cannot implement startup
changes etc. I do se edit the registry etc but when I reboot all my changes have been reversed. I have just fininshed a scan with the Kaspersky rescue disk so I'm pretty sure I got everything. It did have Mcafee and Norton and I think I have removed the lions share of these manually but can't be certain as the uninstallers won't run in safe mode.

Is it possible the registry is being sandboxed somehow? Does anyone know if this can be checked or what programs might do such a thing?

All help appreciated.

Cathal

[TLE]

Quote:

Originally Posted by COB

Hi Guys,

I would appreciate a bit of help on this one. i got a computer in recently and removed in excess of hundreds of instances of malware, trojans etc. The only problem is it is still bluescreening when rebott in normal mode.

When I reboot in safe mode it is fine but I cannot implement startup
changes etc. I do se edit the registry etc but when I reboot all my changes have been reversed. I have just fininshed a scan with the Kaspersky rescue disk so I'm pretty sure I got everything. It did have Mcafee and Norton and I think I have removed the lions share of these manually but can't be certain as the uninstallers won't run in safe mode.

Is it possible the registry is being sandboxed somehow? Does anyone know if this can be checked or what programs might do such a thing?

All help appreciated.

Cathal

What message does the Blue Screen give? You can disable the restart on a stop message so that you have time to read the error. You can do this in the start up options when you press F8.

Sounds to me as though a driver has been deleted. I doubt the sanbox would be running in Safe mode.

[Xander]

It does nobody any good to mention a bluescreen error and provide no details about it. Nobody can help if you don't provide the right information.

[Vicenarian]

Quote:

Originally Posted by COB

Hi Guys,

I would appreciate a bit of help on this one. i got a computer in recently and removed in excess of hundreds of instances of malware, trojans etc. The only problem is it is still bluescreening when rebott in normal mode.

When I reboot in safe mode it is fine but I cannot implement startup
changes etc. I do se edit the registry etc but when I reboot all my changes have been reversed. I have just fininshed a scan with the Kaspersky rescue disk so I'm pretty sure I got everything. It did have Mcafee and Norton and I think I have removed the lions share of these manually but can't be certain as the uninstallers won't run in safe mode.

Is it possible the registry is being sandboxed somehow? Does anyone know if this can be checked or what programs might do such a thing?

All help appreciated.

Cathal

Random guess: Are you running regedit as Administrator?

[COB]

Hi guys,

The bluescreen error doesn't stay on the screen long enough for me to get any details. Using the microsoft debugging tool doesn't give me any relevant information either. I'm not really interested in the blue screen at the moment though.

For now I just want to figure out why my registry changes aren't sticking. I've edited it both directly and indirectly as admin using regedit, autoruns and msconfig. None of the changes I applied stuck. For example I disabled a string of autoruns and also tried to disable all drivers using msconfig. I closed the program and when I reopened my changes were present. When I reboot the machine the changes have disappeared. Thus, I cannot isolate the root cause any further.

Cathal

[Xander]

Quote:

Originally Posted by COB

The bluescreen error doesn't stay on the screen long enough for me to get any details.

You do know that you can change that setting from the F8 screen, right? That's a basic tech skill.

[SmithFamilyDesigns]

With the symptoms, I would say there a rootkit. Have you tried editing the registry offline? Have you done offline scans?

Quote:

Originally Posted by COB

Hi guys,

The bluescreen error doesn't stay on the screen long enough for me to get any details. Using the microsoft debugging tool doesn't give me any relevant information either. I'm not really interested in the blue screen at the moment though.

For now I just want to figure out why my registry changes aren't sticking. I've edited it both directly and indirectly as admin using regedit, autoruns and msconfig. None of the changes I applied stuck. For example I disabled a string of autoruns and also tried to disable all drivers using msconfig. I closed the program and when I reopened my changes were present. When I reboot the machine the changes have disappeared. Thus, I cannot isolate the root cause any further.

Cathal

[TLE]

Quote:

Originally Posted by eHousecalls.ca

You do know that you can change that setting from the F8 screen, right? That's a basic tech skill.

+1

Personally, the BSOD would be my first priority. No point making Registry changes if you still can't get into windows.

What are you trying to change in the registry? May be you could provide a little more background information!

If you also have ERD commander, boot into that and run SFC tool.

[joydivision]

Sounds like a rootkit to me, no matter what changing you make when you rooboot it will edit the registry.

The blue screen is probably due to a deleted or corrupt driver which was infected.

I take it you've replaced the MBR?

In these situations I would not spend too much longer on it, of course if you have time on your hands then it will be a great education, but don't let other jobs get delayed because you're spending too much time on this.

[ZenTree]

Quote:

Originally Posted by TLE

+1

Personally, the BSOD would be my first priority. No point making Registry changes if you still can't get into windows.

What are you trying to change in the registry? May be you could provide a little more background information!

If you also have ERD commander, boot into that and run SFC tool.

+1 You've got it backwards, fix the bsod first. Gives you more info on what was/is wrong with the system and might be the missing piece for your registry issue.