Re: Regedit "Error while opening key"

Look into Bart's PE. Its a mini Windows environment. Regedit can be run from there, and the usual permissions and security measures don't apply.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Andrew Aronoff" <NOSPAM_WRONG.ADDRESS@xxxxxxxxx> wrote in message news:g0n8r190ipqh1kobddhqv08fhmv7ncasu3@xxxxxxxxxx
> I'm running Windows XP Pro SP2 under MS Virtual PC (VPC) 2004 SP1. The
> VPC XP install is perfectly clean as is the host system. I received
> via e-mail a SOFTWARE hive from a system infected by adware.
> RootKitRevealer was run on the infected PC and it identified a
> HKLM\Software\Classes\CLSID\InprocServer32 key with the following
> anomaly:
>
> Key name contains embedded nulls (*)
>
> I copied the SOFTWARE hive to a folder accessible to the VPC install.
> I opened REGEDIT and loaded the SOFTWARE hive. The InprocServer32 key
> cannot be viewed. The error message is: "Cannot open InprocServer32:
> Error while opening key." Ownership and permissions cannot be reset on
> this key. Neither this key nor the parent key can be deleted.
>
> How can this key be managed with Regedit so it can be deleted and,
> optionally, viewed?
>
> regards, Andy
> --
> **********
>
> Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com
>
> To identify everything that starts up with Windows, download
> "Silent Runners.vbs" at www.silentrunners.org
>
> **********
.