I need geek help, erased a key from the registry

[RainyCoast]

You guys, i may have effed up royally.

 

I was trying to rid myself of a nasty case of adware (the "explorer" devil, this one:

 

I know nothing about computers, had zero idea what i was doing, and just followed whatever instructions i could find on the web.

 

The Rouge Killer detected potentially unwanted programs, using these paths:

 

(X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer

and

(X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80C4F502-19BF-4F0E-A606-1E04EB2FED72} | DhcpNameServer

 

 

 

I deleted them from the registry.

 

BUT

before i did, i deleted a similar key that i had mistaken for one of these.

 

it was a number under (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services (picture 1). I opened the tcpip file under it (picture 2), and deleted one of the long numbers that appeared to the right (picture 3).

 

give me the straight truth, docs. have i killed my dear Dell by doing this?

 

I read i'm supposed to have some kind of restoration point for windows and i don't know if i do or don't. i don't even know what that is. i have also read you can't really erase a key, it's still on the drive, and there is software to recover it. AND, i have read that some keys aren't very important, and one might not even miss them.

 

 

what do the keys in picture 2 do?

will Dell and I continue to live happily without that little beotch?

 

 

 

p.s., in case it matters, i'm on a dell inspiron using windows 7.

[Scoe141]

Did you see this website? Not sure if it would help:

 

 

[Scoe141]

 

 

There may be an auto restore point, which you can revert to. Good news, reg. files should be all there, bad news so might the viruses.

[RainyCoast]

thanks, that looks like it has tons of info.

they have fix it wizards too!

 

i'll go have a look around now.

[RainyCoast]

 

There may be an auto restore point, which you can revert to. Good news, reg. files should be all there, bad news so might the viruses.

 

i'm ready to resurrect those bastards and fight them all over again.

[Scoe141]

i'm ready to resurrect those bastards and fight them all over again.

 

I'll put on a pot of coffee.

[Batya33]

I wish I could help but I can't just lending my support because I feel your pain and it's something that I would do most certainly and then be panicked. It sounds like it's all going to be ok! Good luck!!!

[RainyCoast]

thank you guys.

 

i scanned in safe mode and the same PUPs were still there.

 

when i started windows normally a little black rectangle flashed for a second to the side of the screen and disappeared, but apart from that everything looks okay at the moment.

 

explorer still running in the background. I hope i didn't delete THREE registry keys (that i may need) for nothing, with the virus still intact.

 

scanned with Zemana and found no threats.

 

I think i'll run program after program and keep rebooting, and follow the manuals on how to remove it again step by step in the morning, and try installing Trendmicro, Spybot and the ESET cleaner again.

 

Scoe do you find Macs less vulnerable? Is the switch to a Mac difficult (or, would it be, for a technically illiterate person)?

 

I should probably consider investing in something that doesn't give me breakdowns and mini heart attacks.

 

this is the third night i've spent on this since the DropboxDrama.

[Scoe141]

Love Macs. There's a saying, "once you go Mac, you never go back." I won't ever get a PC again. (Unless it's for gaming.) I've been a Mac owner for over 10 years and I have never had any issues, especially with viruses. They're super easy to navigate. It's one of the most user friendly computer interfaces IMHO. The caveat is they can be a little pricey. But don't let that deter you. My first Macbook Pro (MBP) lasted from 2005 until 2014. The only reason I sold it was to help fund a newer version. (I upgraded a camera and the older MBP wouldn't have been able to efficiently handle the camera files.) Also, keep in mind I beat on it every day for work. It was a beast.

 

Now I'm onto my second and I love it just as much. You could always scan the net for refurbs (make sure it's legit). I know Apple sells them (refurbs) directly. It'll definitely be a good investment. The newer ones will be more than adequate for your needs. (I'm assuming you don't need it for heavy photo or video editing.) Im not sure where in your Europe you are, but there could be an Apple store nearby. If not feel free to send me a DM or ask me any questions.

[Scoe141]

Also, you can check for reg. problems. Here's what I found:

 

Step 1. Launch Spybot S&D on your Windows 7, and now it is default mode. Spybot also has another advanced mode for user. Click "Mode -> Advanced mode" to turn it to advanced mode

Step 2. After that you select "Tools" button at the left column and then press "System Internals" option, now you click "check" in order to search for whether there is any registry problems on Windows 7, and then repair them in time.

That is all about how to repair Win7 registry problem with Spybot Search & Destroy, it is very simple for you. As a helpful Internet security facility, Spybot Search and Destroy will help you remove any threats from web such as: spyware, malware on your computer.

 

Also, this:

[RainyCoast]

running system file checker now, will report back.

 

still having a problem installing Spybot due to a problem with verification of digital certificates. i'll look for their faq page or similar to find a fix as soon as the scan is done. i am having this issue with a few other programs too.

 

found another set of instructions suggested by a user commenting under the video you posted earlier. it also suggests one should not be using so many antimalware programs (?).

[RainyCoast]

it found corrupt files but was unable to fix them. i couldn't get the Sfcdetails.txt file. it appears for a second and disappears, same as the black rectangle that appeared after i restarted windows normally.

 

 

found a link on the spybot faq site and the installation seems to have been successful. will go give this a try now.

[Scoe141]

They might slow down your computer. I'd stick to a free virus scanner, Spybot S&D and something like CC Cleaner.

 

When I was running a PC I didn't pay for any virus or adware programs. They were all free downloads and I never had any issues. You don't need to spend a bazillion dollars to keep your computer running safe. It's more about being diligent and routine maintenance.

 

I believe I still have the programs that ran on a backup drive. I'll have to take look to see what else I used.

[Scoe141]

Looms like Spybot is having some issues with their certification.

 

Spybot Digital Signature Publisher Unknown

May 9th, 2017

We regret to inform our users that due to a recent issue with our digital signatures, some Spybot files now have expired certificates.

If you are launching Spybot as an administrator, installing a recently-purchased license, or downloading the latest updates for Spybot, you may receive an error message/warning that files are signed by an “unknown publisher”. If you have made your purchase through our website, the file is still safe to download and install. If you have any issues installing your Spybot license, please contact Team Spybot.

Our technicians are working around the clock to find a solution and resolve this issue as soon as possible. We apologise for any inconvenience caused.

If you are experiencing any technical issues with Spybot, please contact Team Spybot.

[RainyCoast]

oh that explains it, it uploaded about half of those and then just...froze there.

 

okeydokey then, i'll come back to that when they've fixed it.

 

i looked up mac prices in my area (i have 'splaining to do about my area, but i'll throw that in a DM when i either make some progress with this ordeal or decide to throw in the towel and have a technician look at it), some of them are not as monstrously expensive as i expected. i'm thinking if i have to invest in a new laptop, i might as well make it a mac payment instead...

we'll see just how badly the explorer and I damaged this baby, but either way, it won't last forever. battery is sort of lame too. camera driver misbehaving (that may be the corrupt file in the log btw). i buried my other laptop a few months ago due to graphic card failure.

 

sigh, it's sad seeing them go.

 

thank you Scoe, you're very helpful

 

i'm exhausted. say you, should we pause the war and have a double hobbity breakfast (it's probably dinner on your side of the pond) instead?

[Scoe141]

Macs are definitely a good investment. Keep in mind, if you run a lot of programs that are Windows only you may have to take that into consideration. Most popular programs are dual platform or have conversions. Windows and Apple have their proprietary programs like Internet Explorer or Safari, but lets be honest just about everyone uses Chrome or Mozilla. You could always dual boot (something I did with my old Mac) and was able to run Windows XP and Mac OS. Oh in the meantime, now might be a good time to start backing up important files, photos etc.

 

Anywho- hope I was able to help. Feel free to shoot me a PM anytime.

 

Double breakfasts sound good, although I just had double suppers. So go ahead and start, and I'll catch up shortly!

[RainyCoast]

pm-ed you.

 

backed up files.

 

pc works normally, apart from the same paths still appearing in the antivirus log, and explorer still running.

 

i will look for a restoration point and reset windows to that just in case i messed up the registry too badly. will kill Reimage Repair anew if it reappears. Will keep checking the Spybot site for updates.

 

for now, i am letting explorer have his fun (it's not preventing me online though, or causing any other problems that i can see right now).

 

hope your files aren't lost for good.

[RainyCoast]

well spybot found a bunch of stuff, including paths iexplorer.exe was using. i didn't have to mess with the registry as it appears to have removed those subkeys. but i still get QHActive defense trying to block two processes on startup.

 

 

eta, i don't think i'm getting the full subkey it's using but i get these:

 

registry/Machine/System/ControlSet001/services/lanman server/parameters

 

and

 

Registry/Machine/ software/wow6432node/microsoft/windows/current version/run

 

i don't see a blue icon to the right when i click the last subkey, only the red one that says default so not sure there's anything to erase there.

 

RRRRRRAAAAAAAAAAAAAAWWWWWRRRRRRRRRR

 

 

 

[RainyCoast]

anyway. if anyone else runs into this

 

this is the description from the mcafee site. under Virus Characteristics, it lists some known registry changes and new elements created by this trojan.

as you can see, it sometimes also uses names of antivirus software.

 

spybot has admin properties and will fix the registry entries (including those you muck up yourself like i did) so you don't have to fumble with regedit.

 

i have restored my browser settings, but my antimalware still detects a tampered IE configuration and shortcut, paths to the registry still show up.

 

i will leave it at this. mcafee site suggests using the windows cd to repair system (and first disabling system restore so the tampered paths don't replicate).

 

maybe this is as much as i can do without a spare windows cd (but i am increasingly annoyed with the fact that i misplaced three, so maybe this will provide a good initiative to find them).

 

i will simply run the spybot regularly, keep realtime protection on, and run additional software if any new malware gets in.

 

again scoe, thank you for all the help. and the spybot especially, i am fairly certain i would be having additional problems without it as i have continued to delete wrong registry entries ( i have NO self-control) even after the intial one, driven by the irrational killitkillit urge.