This had a (Trojan Dropper.Agent.BE), The package True Sword finds it, but does not remove it, as it says it does?
I tried and used REGEDIT myself to remove this register, and was given an error message "saying I am unable to remove or change this data".
Tried and edit back to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum, and still get the same error message.
Did manage an edit at this location:= HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control,
by first adding a new word then deleting it. Something I was not able to do in "ENUM" directory.
Have written to the Registry and placed a "DISABLEREGISTRYTOOLS" =dword:00000000 at: - Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\System
And the same at: - Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Ploicies\System.
But that does not allow your software to delete/change this problem. [Did not solve my problem]
Note:- Running Win 2000 Professional.
Did finally manage to find and run REGEDT32.EXE
This package allows you access to the “REGISTRY PREMISSIONS”, and this is what the low life that produce Worms/Trojans use to block attempts to remove their software from the registry.
If you run REGEDT32, then open up each page, and highlight the first level of the registry.
Point and click on SECURITY the Permissions, and you should see the same security applet as is seen when using Explorer security controls.
(I run my own PC using a [admin] login name for admin controls, and a different log in for accessing the internet), so all I had to was replace all with my admin login name, easy.
After that had no trouble in removing all corrupt registers.
Note: - you have to be signed in as an Admin user to edit with REDEDT32.exe.
Took me forever to work this problem our, Thanks for looking, Any suggestions welcome.
PS: PCtools, can find it, but not able delete it either, same for Norton.
Trojan Dropper Agent.be removal
No replies to this topic