"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:f98h91$iav$1@blackhelicopter.databasix.com:

> You have a lot to learn about malware. If I were you I'd hate myself
> for being so stupid. These are just a few.
> [HKEY_CLASSES_ROOT\
> [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
> [HKEY_CLASSES_ROOT\AppID\
> [HKEY_CLASSES_ROOT\CLSID\
> [HKEY_CLASSES_ROOT\Interface\
> [HKEY_CLASSES_ROOT\software\microsoft\windows\curre ntversion\explorer\b
> rowser helper objects
> [HKEY_CLASSES_ROOT\Typelib\
> [HKEY_CURRENT_USER\
> [HKEY_CURRENT_USER\clsid

These keys are neutered the moment you relocate/delete/rename the file
referenced. A registry cleaning application would likely remove them once
the associated files are no longer available. Otherwise, they waste a
small amount of registry space, but pose NO threat.

> These are good ones do you know what these do? probably not.
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\policies\e
> xplorer\Run]

Explorer has it's own run keys, which again, references a file. If the
file is gone, guess what doesn't happen?

> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\S
> ystem]

A completely legitimate registry key. Not malware.

> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell
> Extensions]

All 3 of these, will do nothing without the files referenced. IE: worst
case, your wasting a little space in the registry. You are not causing
your system to run anything, if the files referenced are removed,
renamed, or relocated.

You want to try again? We can do this all day long. I know many common
registry locations for things to hide. If you kill the file, the key is
worthless. If the key points instead to a url, that's different entirely;
the file isn't on YOUR computer. Also, cleaning up your browser settings
should be a step you perform in safe mode, without the computer having an
internet connection. You aren't leaving the internet connection alive
while cleaning a machine are you?

> You CANNOT completely remove Malware without removing the registry
> entries. You know nothing about Spyware.

Wrong. I can completely remove the Malware, without touching the
registry. The keys you've specified (the top section) become neutered
without the exe/dll files they reference. They pose absolutely NO threat
of any kind without the executable! The other keys are legitimate keys!
Depending on the machine in question, a parent/employer may have invoked
some/all of those key settings. It's not BugHunter's place to alter
security/policy settings on a machine; Other applications exist designed
specifically for this.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml