Jump to content

Recommended Posts

I am not infected with malware, but yet there is a registry key that I need to remove, in Windows 7.

It cannot be removed with Regedit, which will not allow me to alter the permissions, to give me full control. (I am the administrator.)

So, I thought I would try Malwarebytes RegASSASSIN.

I paste the key name into that app, click delete, I get the warning message, click Yes, and get the error message: "RegASSASSIN could not remove the registry key".

I rebooted, booted into safe mode, everything, but always get that same error message.

Putting that error message into Google, I see that many have received it, including on this forum.

Does RegASSASSIN simply not work? Or not work on Windows 7?

Is there some app that will work, to delete such an undeletable registry key?

Mike

Link to post
Share on other sites

Thanks for the reply, Samuel.

Looking at the RegDelNull page, it was last updated in 2006.

My guess is that RegAssassin is newer than that.

I would guess that they have strengthened the security in Win7, perhaps especially in SP1 which I have, making it harder for reg keys to be deleted.

But they should be deletable, for users who know what they are doing.

In this case, I don't know why the particular key is so secure, that I cannot delete it, nr chage the permissions, and even RegAssassin can do nothing to it.

In Windows Mobile device Center, I deleted a partnership with my Windows Mobile phone, in order to re-create it.

Apparently WMDC did not do a good job of deleting the partnership, as it left a reg key about the partnership, in Enum under HKLM.

Now I cannot create a new partnership, because of that remaining reg key from the old one. I connect the device, and nothing happens at all. The old partnership no longer exists, but no new one is created.

So--Microsoft's software was buggy, did not do a good clean-up job, and yet that unwanted reg key is so secure in Microsoft's OS, that I cannot manually delete it. (Ha Ha. And Sysinternals is now owned by Microsoft, and they do not update RegDelNull to work with the new OS.)

I really would suggest that you update RegASSASSIN, to work with the newest OS updates. There are situations like mine, where it is necessary. And of course your original intention, where malware has taken control of the computer, and instituted its own undeletable reg keys. A working app that can do this could be very important.

Link to post
Share on other sites

In case anyone is curious, this undeletable reg key is in HKLM\System\CurrentControlSet\Enum\ActiveSyncWPDEnumerator\UMB\ followed by a very long string of numbers and letters, which I won't type in here, but also includes in the midst of them -ActiveSyncWPDDevice-

The values in that key all refer to the WM phone, for which I deleted the partnership.

Thanks for the reply, Samuel.

Looking at the RegDelNull page, it was last updated in 2006.

My guess is that RegAssassin is newer than that.

I would guess that they have strengthened the security in Win7, perhaps especially in SP1 which I have, making it harder for reg keys to be deleted.

But they should be deletable, for users who know what they are doing.

In this case, I don't know why the particular key is so secure, that I cannot delete it, nr chage the permissions, and even RegAssassin can do nothing to it.

In Windows Mobile device Center, I deleted a partnership with my Windows Mobile phone, in order to re-create it.

Apparently WMDC did not do a good job of deleting the partnership, as it left a reg key about the partnership, in Enum under HKLM.

Now I cannot create a new partnership, because of that remaining reg key from the old one. I connect the device, and nothing happens at all. The old partnership no longer exists, but no new one is created.

So--Microsoft's software was buggy, did not do a good clean-up job, and yet that unwanted reg key is so secure in Microsoft's OS, that I cannot manually delete it. (Ha Ha. And Sysinternals is now owned by Microsoft, and they do not update RegDelNull to work with the new OS.)

I really would suggest that you update RegASSASSIN, to work with the newest OS updates. There are situations like mine, where it is necessary. And of course your original intention, where malware has taken control of the computer, and instituted its own undeletable reg keys. A working app that can do this could be very important.

Link to post
Share on other sites

If I were you I'd at least give RegDelNull a try, the worst that can happen is it doesn't work, the same as RegASSASSIN. Also, since you're running Windows 7, did you right-click on RegASSASSIN and choose Run as administrator? That might help, though I'm not sure.

By the way, RegDelNull is not a similar product to Regassassin. It is not for deleting a particular difficult to delete registry key.

It searches for registry keys with zeros in them, and deletes them.

I did a search with it on my registry, and it found no such keys.

Mike

Link to post
Share on other sites

By the way, RegDelNull is not a similar product to Regassassin. It is not for deleting a particular difficult to delete registry key.

It searches for registry keys with zeros in them, and deletes them.

I did a search with it on my registry, and it found no such keys.

Mike

I know, but null/0 reg entries are often the cause of a reg entry not being removable, which is why I suggested it. In your case it sounds more like a permissions issue (lack of) so perhaps a more suitable tool for permissions is needed:

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Note: If using Windows Vista or Windows 7 you will need to read the FAQ for additional precautions and instructions on proper use.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset Default Permissions in Vista and Windows 7 using SubInACL:

  • Please download SubInACL from here and install it.
  • Then please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    @color 48
    @echo off
    if not exist "%programfiles(x86)%" "%programfiles%\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
    if not exist "%programfiles(x86)%" "%programfiles%\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
    if exist "%programfiles(x86)%" "%programfiles(x86)%\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
    if exist "%programfiles(x86)%" "%programfiles(x86)%\Windows Resource Kits\Tools\subinacl.exe" /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
    del /f /q %0

    Once you've done that click on File and select Save As...

  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file reset.bat (the .bat extension is very important)
  • Save the file to your desktop and right click on it and select Run as administrator then click Continue at the User Account Control prompt.

After that's done, try deleting the reg key and hopefully it will now allow you to remove it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.