After ComboFix: Illegal Operation, Registry Key Marked for Deletion

eduede · 15 Nov 2012

Ok, so I'm working on a computer who's owner ran a program called ComboFix. Now, whenever you try to launch a program (say, Chrome, word, etc.) we're getting a popup that says something like "Illegal Operation Attempted on registry key marked for deletion."

I was thinking I'd have him restart the computer but "marked for deletion" makes me think this thing will not be able to reboot.

Let's troubleshoot this!

eduede · 15 Nov 2012

Just had client run "sfc /scannow". System returned: "Windows Resource Protection did not find any integrity violations."

Sir George · 15 Nov 2012

eduede said:

Ok, so I'm working on a computer who's owner ran a program called ComboFix. Now, whenever you try to launch a program (say, Chrome, word, etc.) we're getting a popup that says something like "Illegal Operation Attempted on registry key marked for deletion."

I was thinking I'd have him restart the computer but "marked for deletion" makes me think this thing will not be able to reboot.

Let's troubleshoot this!

See if this helps;

If you get the message;
Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

HTH

eduede · 15 Nov 2012

I'm being told that this has fixed the issue. Any clue what happened?

gregrocker · 15 Nov 2012

Apparently owner failed to reboot as prompted by ComboFix.

Rootkits are very hard to get rid of fully so owner can expect more problems and should be preparing if necessary for a Clean Reinstall - Factory OEM Windows 7.

Britton30 · 15 Nov 2012

It may be helpful to read some of this thread: Do not use Combofix on your own!!