Registry Keys keeps re-appearing after removal

Page 1 of 3 123 LastLast

  1. Posts : 34
    Windows 7 Professional
       #1

    Registry Keys keeps re-appearing after removal


    I was running my AVG utilities program around a week ago and it kept finding 2 empty keys marked for removal. One of which sparked my interest.
    The two keys are:
    HKEY_CURRENT_USER\Software\Locky
    HKEY_CURRENT_USER\Software\6925KrIr4fw

    The locky entry scared the pants off me. I have done a full check with, eset, malwarebytes, fixmestick, and I cannot find any dodgy stuff on the computer, all seems to be operating normally.
    I have tried removing both these keys within regedit, and they disappear until I reboot the computer and then they re-appear.
    About a month ago I received an email with a word attachment which I promptly deleted as I have read that this is one of the common ways for ransomware to attack. I never open any attachments unless I am 100% certain of their content and certainly not word/doc attachments.
    I was wondering if this attachment although deleted immediately did something. Eset have said to me that I should probably reformat and start again, I know this is a possibility, but was wondering if anyone here has struck this scenario.
      My Computer


  2. Posts : 13,576
    Windows 10 Pro x64
       #2

    Get rid of AVG, cleanup your registry with Ccleaner and nothing else.

    https://www.piriform.com/ccleaner/download


    HKEY_CURRENT_USER\Software\Locky is not in my registry and won`t even come up on a google search.
      My Computer


  3. Posts : 34
    Windows 7 Professional
    Thread Starter
       #3

    AddRAM said:
    Get rid of AVG, cleanup your registry with Ccleaner and nothing else.

    https://www.piriform.com/ccleaner/download


    HKEY_CURRENT_USER\Software\Locky is not in my registry and won`t even come up on a google search.

    Just used CCleaner and those two empty keys are still in the registry.. As I said, I have removed them before with Regedit and they disappear until I do a reboot and then they re-appear..
      My Computer


  4. Posts : 13,576
    Windows 10 Pro x64
       #4

    Then something you have installed keeps re creating them.

    https://www.google.com/search?q=hkey...ftware%20Locky

    From what I read, your best bet IS to reinstall :)

    But read through the articles, maybe there`s a cure.

    And please tell me you DO NOT have a mail program installed on your PC ???
      My Computer


  5. Posts : 329
    W10 Pro x64, W7 Pro x64 in VMware
       #5

    AddRAM said:
    Get rid of AVG, cleanup your registry with Ccleaner and nothing else.

    https://www.piriform.com/ccleaner/download


    HKEY_CURRENT_USER\Software\Locky is not in my registry and won`t even come up on a google search.
    I found this at MBAM (using DuckDuckGo search) - apparently there's ransomware called Locky that's delivered via Office docs and email attachments

    https://blog.malwarebytes.org/threat...ok-into-locky/

    also
    ?Locky? crypto-ransomware rides in on malicious Word document macro | Ars Technica

    at Microsoft
    Ransom:Win32/Locky.A

    does not necessarily mean the OP is infected.
      My Computer


  6. Posts : 10,485
    W7 Pro SP1 64bit
       #6

    Exfso said:
    I was running my AVG utilities program around a week ago and it kept finding 2 empty keys marked for removal. One of which sparked my interest.
    The two keys are:
    HKEY_CURRENT_USER\Software\Locky
    HKEY_CURRENT_USER\Software\6925KrIr4fw

    The locky entry scared the pants off me. I have done a full check with, eset, malwarebytes, fixmestick, and I cannot find any dodgy stuff on the computer, all seems to be operating normally.
    I have tried removing both these keys within regedit, and they disappear until I reboot the computer and then they re-appear.
    ~~~
    Manually remove those two keys again.
    Reboot into the Windows Safe Mode:
    Safe Mode
    (Not safe mode with networking.)

    If booting to the safe mode prevents the keys from being created again, then the troubleshooting steps in this tutorial might help you find the offending app: Troubleshoot Application Conflicts by Performing a Clean Startup

    If the keys are created again - even in the safe mode - then we can try Process Monitor's boot logging.
      My Computer


  7. Posts : 34
    Windows 7 Professional
    Thread Starter
       #7

    I use Office 2010. Getting late here will have a go at those suggestions tomorrow, thanks people, very much appreciated
      My Computer


  8. Posts : 34
    Windows 7 Professional
    Thread Starter
       #8

    I have a guru from bleeping computers working on this, he has me jumping through hoops. Will keep this up to date.:)
      My Computer


  9. Posts : 431
    Windows 7 Home Premium x64 SP1
       #9

    Exfso are you using Bitdefender Anti-Ransomware?
    Last edited by Barman58; 16 Apr 2016 at 02:42.
      My Computer


  10. Posts : 34
    Windows 7 Professional
    Thread Starter
       #10

    DBone said:
    Exfso are you using Bitdefender Anti-Ransomware?
    Yes I am. The guy from Bleeping computers has had me try at least a dozen ideas, none working as yet, but still trying to isolate the cause.
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:27.
Find Us