Thread: Tool for locking registry entires and thereby spies

Do you know any tool for locking the registry?

Tune up utilities offer this function.The problem is that it is not reliable. It automatically unlocks after some time. As you might has noticed from my previous posts, my computer was infected with koolynoody, a downloader. I used ccleaner and spybot. Both failed. Now i used CA Yahoo antispy. It detected KoolyNoody and i manually deleted all entries in registry that were not fixed. Now today again i found it in my registry. I took registry back up and stored it.

Also i found 2 explorer.exe in task manager. Is it possible? Please take a look at the images.

Also please tell me how to prevent koolynoody to make the registry entry again.

Please feel free to contact me.

regards

Dilip

i used to use system mechanic... it was giving a good protection for my registry ... it would block even when we ourselves are installing any software, i had to unlock it first then install software.......

as long as the malware will remain on ur system u will get those registry entries back. the right way to do it would be first to scan ur system with a good antivirus (try avira) http://www.free-av.com/en/download/index.html and get rid of any copies of the malware on ur hdd, then clean the registry.

but if u still feel too vulnerable then to prevent such malicious modifications u should use a HIPS(host based intrusion prevention system). You can find this feature in comodo firewall (free to use).Free Firewall Antivirus Software Download by Comodo

every modification by any any software on ur computer would first need authentication from you. u can also set it to learn so it does not bother you for legit sw. its also a great firewall, though i discontinued using it since i don't feel like i need so much security now that i use avira and sygate firewall ... tho u might find it usefull.

tc.

PS: the registry is a crucial part of the windows os so 'locking' it up will probably result in a non functional pc :P

Remove KoolyNoody Hijacker - Hijacker Removal Instructions.
Spybot or AD-adaware also recommended.

Try FireFOX browser. Seems to affect IE only.>
Para two;
Two explorer.exe . But usage is NIL . How ? wait.
similarly you get multiple entries for svchost.exe.

http://www.anvir.com/ .
Download (free)application
Gives details of all programs at start up etc.
[quote]
Hmm, www.koolynoody.net isn't loading right now.

The computers that run www.koolynoody.net are having some trouble. Usually this is just a temporary problem, so you might want to try again in a few minutes.

Sponsored Resource

Want more detail? See which nameservers are failing.
Nameserver trace for www.koolynoody.net:

* Looking for who is responsible for root zone and followed l.root-servers.net.
* Looking for who is responsible for net and followed f.gtld-servers.net.
* Looking for who is responsible for koolynoody.net and followed ns.johnruffo.com.

Nameservers for www.koolynoody.net:

* ns.johnruffo.com returned (SERVFAIL)
* ns2.johnruffo.com returned (SERVFAIL)

and i see a lot of unnecessary processes running in ur task manager... get rid of them. specially the second explorer.exe!? one of them is probably malware.

get process explorer and find out from where the processes are running and whether they are legit or not..

@moderator:
IB.net server problem often this evening.
Trying annexure fifth time. here.
Unable to edit previous post and add annexure. there.

Well I don't think that it's a good idea to completely lock the registry since apps usually write to the registry during the operating time.

Clean up ur system using any good software.
Open the registry editor and deny write permissions to evey user account on ur system. You can also disable your registry editing using group policy editor (gpedit.msc)

Free online scan & remove viruses/malwares e.t.c , visit http://housecall.trendmicro.com/