Help deleting re-generating registry key ! (spybot related)

Darkst4r · 12 Jan 2012 at 00:56

Hi, I recently ran a spybot scan to check for nasties. To my surprise it reported on several potentially harmful entries which I swiftly deleted.

After re-running the immunize feature of Spybot (as an administrator) I get a message which reads : "The immunization could not complete, there are 15076 items still unprotected"

It goes on to say that other security software may be blocking them, but I have disabled my anti-virus and I still get the same message.

On reading the log generated by spybot it led me to the "Domains" Folder/Key in the registry. I have deleted this folder before but when I try to do so now it re-generates including all the contents which happen to be the items that Spybot cannot secure against. Included in them are some very shady looking website addresses that I have certainly not visited (yeah yeah you say but it's true !)

How can I delete the contents of this folder permanently ?

I have even tried to delete several manually to see if it made a difference to the spybot reported figure of 15076, but low and behold, they re-generate themselves again.

Can anyone please help me with this issue as I am concerned about my security

Thanks in advance.

Darkst4r · 12 Jan 2012 at 02:15

Malwarebytes found nothing, problem persists.

Darkst4r · 12 Jan 2012 at 02:38

I've noticed it seems to be related to Internet explorer. All the other objects immunise apart from the ones under the Internet Explorer profile. I downloaded IE9 but no difference.

Darkst4r · 12 Jan 2012 at 13:28

Hi thanks a lot for the help. I couldn't settle last night knowing my computer was ill so seeing as I have the week off work I attempted to solve the problem myself before I read the replies.

After scanning with several anti malware programs and anti virus software including a boot time scan they all came up with nothing. I remembered my old friend "Hi-Jack This" and ran a scan.
On producing a logfile and having it parsed there were several entries under "015 -" relating to incorrect internet protocols and trusted website rules. Unfortunately Hi-jack this could not remove them, every time I tried they were again re-generated.

After getting increasingly annoyed I figured my machine was about due for a clean install, it's been about a year since my last one with a mobo, graphics card and ram upgrade inbetween so I bit the bullet, backed up my data and formatted the hard drive.

It's taken me most of the morning putting all my programs and settings back on, but I finally have my PC running better than ever and with no traces of the previous problem or any other.

Thanks again for the quick replies and help though.

Darkst4r · 12 Jan 2012 at 13:56

Deception said:
Lets hope it stays that way

I hope so. I've never experienced such security holes and have certainly never had so much malware turn up until I changed from Firefox to Google Chrome. I think Spybot originally picked up about 8 harmful entries including Zedo and some other pretty high rish stuff.

Needless to say I apologised to Firefox and we are friends again