Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Registry Keys keeps re-appearing after removal

12 Apr 2016   #1
Exfso

Windows 7 Professional
 
 
Registry Keys keeps re-appearing after removal

I was running my AVG utilities program around a week ago and it kept finding 2 empty keys marked for removal. One of which sparked my interest.
The two keys are:
HKEY_CURRENT_USER\Software\Locky
HKEY_CURRENT_USER\Software\6925KrIr4fw

The locky entry scared the pants off me. I have done a full check with, eset, malwarebytes, fixmestick, and I cannot find any dodgy stuff on the computer, all seems to be operating normally.
I have tried removing both these keys within regedit, and they disappear until I reboot the computer and then they re-appear.
About a month ago I received an email with a word attachment which I promptly deleted as I have read that this is one of the common ways for ransomware to attack. I never open any attachments unless I am 100% certain of their content and certainly not word/doc attachments.
I was wondering if this attachment although deleted immediately did something. Eset have said to me that I should probably reformat and start again, I know this is a possibility, but was wondering if anyone here has struck this scenario.


My System SpecsSystem Spec
.
12 Apr 2016   #2
AddRAM

Windows 7 Pro x64 Windows 10 Pro x64
 
 

Get rid of AVG, cleanup your registry with Ccleaner and nothing else.

https://www.piriform.com/ccleaner/download


HKEY_CURRENT_USER\Software\Locky is not in my registry and won`t even come up on a google search.
My System SpecsSystem Spec
12 Apr 2016   #3
Exfso

Windows 7 Professional
 
 

Quote   Quote: Originally Posted by AddRAM View Post
Get rid of AVG, cleanup your registry with Ccleaner and nothing else.

https://www.piriform.com/ccleaner/download


HKEY_CURRENT_USER\Software\Locky is not in my registry and won`t even come up on a google search.

Just used CCleaner and those two empty keys are still in the registry.. As I said, I have removed them before with Regedit and they disappear until I do a reboot and then they re-appear..
My System SpecsSystem Spec
.

12 Apr 2016   #4
AddRAM

Windows 7 Pro x64 Windows 10 Pro x64
 
 

Then something you have installed keeps re creating them.

https://www.google.com/search?q=hkey...ftware%20Locky

From what I read, your best bet IS to reinstall

But read through the articles, maybe there`s a cure.

And please tell me you DO NOT have a mail program installed on your PC ???
My System SpecsSystem Spec
12 Apr 2016   #5
wasnotwas

W10 Pro x64, W7 Pro x64 in VMware
 
 

Quote   Quote: Originally Posted by AddRAM View Post
Get rid of AVG, cleanup your registry with Ccleaner and nothing else.

https://www.piriform.com/ccleaner/download


HKEY_CURRENT_USER\Software\Locky is not in my registry and won`t even come up on a google search.
I found this at MBAM (using DuckDuckGo search) - apparently there's ransomware called Locky that's delivered via Office docs and email attachments

https://blog.malwarebytes.org/threat...ok-into-locky/

also
?Locky? crypto-ransomware rides in on malicious Word document macro | Ars Technica

at Microsoft
Ransom:Win32/Locky.A

does not necessarily mean the OP is infected.
My System SpecsSystem Spec
12 Apr 2016   #6
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Exfso View Post
I was running my AVG utilities program around a week ago and it kept finding 2 empty keys marked for removal. One of which sparked my interest.
The two keys are:
HKEY_CURRENT_USER\Software\Locky
HKEY_CURRENT_USER\Software\6925KrIr4fw

The locky entry scared the pants off me. I have done a full check with, eset, malwarebytes, fixmestick, and I cannot find any dodgy stuff on the computer, all seems to be operating normally.
I have tried removing both these keys within regedit, and they disappear until I reboot the computer and then they re-appear.
~~~
Manually remove those two keys again.
Reboot into the Windows Safe Mode:
Safe Mode
(Not safe mode with networking.)

If booting to the safe mode prevents the keys from being created again, then the troubleshooting steps in this tutorial might help you find the offending app: Troubleshoot Application Conflicts by Performing a Clean Startup

If the keys are created again - even in the safe mode - then we can try Process Monitor's boot logging.
My System SpecsSystem Spec
12 Apr 2016   #7
Exfso

Windows 7 Professional
 
 

I use Office 2010. Getting late here will have a go at those suggestions tomorrow, thanks people, very much appreciated
My System SpecsSystem Spec
13 Apr 2016   #8
Exfso

Windows 7 Professional
 
 

I have a guru from bleeping computers working on this, he has me jumping through hoops. Will keep this up to date.
My System SpecsSystem Spec
16 Apr 2016   #9
DBone

Windows 7 Home Premium x64 SP1
 
 

Exfso are you using Bitdefender Anti-Ransomware?
My System SpecsSystem Spec
16 Apr 2016   #10
Exfso

Windows 7 Professional
 
 

Quote   Quote: Originally Posted by DBone View Post
Exfso are you using Bitdefender Anti-Ransomware?
Yes I am. The guy from Bleeping computers has had me try at least a dozen ideas, none working as yet, but still trying to isolate the cause.
My System SpecsSystem Spec
Reply

 Registry Keys keeps re-appearing after removal




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
AuditPol.exe - Where are the registry keys?
Hey everyone, This may be a dumb question but when we set up the Advanced Auditing features on our Win 7 image, where are the registry keys for those settings stored? I already looked at /HKLM/Security/Policy/PolAdtEv however I have nothing under Security at all (not expandable). I can confirm...
System Security
Unusual registry keys
All, Today was not a good day - I ran Windows update and after restarting, my computer hung at the ""Preparing to configure Windows. Do not turn off your computer." message. Took numerous reboots, including safe mode and using a previous restore point to get things running again. After all of...
General Discussion
corrupted registry entries on user profile after malware removal
Running Windows 7 x64 I had a recent infection with the Windows 7 Security Center virus and used the BleepingComputer.com article to remove the malware. Part of the process involved running MalwareBytes to finally delete the infectious file. Once removed I deleted all the system restore points...
General Discussion
Deleted Registry Keys
Hi, Am on Windows 7, and reinstalled it couple of times before, although it works probably, but games dont work, gives me crashAPP message, and even failed to install it. even play player dont play some files. am wondering is this is due to deleted Reg keys, and how can I restore deleted reg...
Performance & Maintenance
How do I know what is the function of some keys in registry?
uhh That is a good Thread tittle :p well yeah, i mean when im in regedit, i want to know what some keys are for... but still it is just a big damn tree, im wondering how some people make tutorials of, how to change an option in desktop!, how did they know that if you modify certain keys you...
Customization
Registry keys not identified
Hello All, I have been trying to create a registry entry which my Script searches for and performs a certain action upon successfully identifying it. HKLM/Software/XYZ Say XYZ is the key I am creating. XYZ also has a subkey making it HKLM/Software/XYZ/ABC Now I am adding a string value to ABC...
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:34.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App