NIS / Norton Power Eraser

power eraser in safe mode with networking consistently finds this registry entry as bad, reboots to repair it and is never able to repair it...cant fix it...can anyone explain what this registry entry is and lemme know how to fix this problem?  when this problem is detected, my computer boots up runnin hard and is loud , normally my computer is very quiet ...thx ahead fa any insight or advice... -g-

 

____________________________
Registry Key:HKEY_USERS\S-1-5-21-2808586468-782457892-852998903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideIcons"
____________________________
____________________________
Registry Key:HKEY_USERS\S-1-5-21-2808586468-782457892-852998903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideIcons"
____________________________

File Thumbprint - SHA:
Not Available
____________________________

gia,

 

I just googled on that key and it produced two references -- one here to you and the other to a queried by SafeWeb site which when I followed the link did not produce anything that did relate other than to other messages here ....

 

But the abstract for the reference contained these mysterious words:

 


 

Cant see any difference in te program! Edit:- Oh looks like Firefox 16 support ... Registry Key:HKEY_USERS\S-1-5-21-2808586468-782457892-852998903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideIcons" ... 


 

Are you using Firefox by any chance?

 

Just including this in case it helps someone to help you ....

I would suggest a second opinion scan using the FREE version of Malwarebytes. You can find it here http://www.malwarebytes.org/products/malwarebytes_free/

 

Try this scan in Safe Mode.

Registry Key:HKEY_USERS\S-1-5-21-2808586468-782457892-852998903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideIcons"

 

This registry value holds information about visibility of desktop shortcut icons. The dword value "0x1" indicates that desktop shortcut icons are hidden otherwise shown.

 

"Rclick on desktop->View->Show Desktop Icons" should maintain this value. 

 

Hope that this information will help you.

Hello Peterweb

 

Malwarebytes is not designed to run in safe mode as per Malwarebytes admin. Please see this.

 


You really shouldn't run Malwarebytes in Safe Mode unless it just will not run. It is designed to be run from Normal mode.


taken from

 

http://forums.malwarebytes.org/index.php?showtopic=110626

 

Thanks.

floplot

 

Thanks for that. I will update my mental notes.

hi huwyngr...thanks fa ur help...didnt think of googling that key ....will remember next time fo sho...

 

i am using firefox, lastest build and updated...with several extensions if that is relevant...

 

again, thanks fa ur help... -g-

nerimash...hi and thx fa ur answer...

 

ahhhhhhhhh yes...i got that about th hidden icons...what i cant figure out is why this registry key is sometimes targeted by NPE as bad and then NPE is unable to repair it...and its ALWAYS this one key that NPE finds as bad and cant repair...when it finds other problems, NPE is able to repair/remove them without a hitch...  -g-

 

 

peterweb...hi again...and thx

 

will def run malware bytes scan....thx fa ur help ... -g-

gia,

 

You're welcome -- searching is one of my "skills" and probably moire useful than my technical knowledge these days!

 

Let's hope you can get this sorted out but as a general principle I would suggest:

 

"Don't touch a registry editor with a barge pole unless you know more about the registry than it does ...."

 

They are very dangerous tools since they are the equivalent of brain surgeons without the flexibility that experience brings.

 

I've seen so many computers crippled by someone "tidying up the system"

 

Norton Power Eraser is a very powerful tool I gather -- I've never had to use it -- and if you let it do something without already knowing what the result might be then you can be in trouble, as you have found out unfortuantely.

 

It's not the first time that this specific has come up as you can see from this but luckily in that case it looks as if the person asked before telling NPE to deal with it.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Power-Eraser-Virus-detected-Please-help/td-p/616657 

 

but it's not just Norton:

 

http://forums.malwarebytes.org/index.php?showtopic=103134 

 

But what is interesting is this link

 

http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2012-050914-1455-99 

 

dealing with a specific trojan infection in which it lists what the trojan does and includes:

 

The Trojan then modifies the following registry entry to hide icons:


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideIcons" = "1"

 

so this is not a pure false positive; there is a reason why NPE flags that entry.

 

Do you normally have your desktop icons hidden? If not and NPE flagged that entry because the value had been changed to "1" instead of the default "0"  (In hex code probably) then you could have been infected so the suggestion to get a second opinion from Malwarebytes (free version) is a good one.

 

I can think of two reasons why NPE can't change to key back to the default:

 

 1 -- it has been locked by the malware if you have one

 

 2 -- it is already on the default value and so it reports back it can't change it ......

 

Nobody ever said it would be simple ....... 

hugh…

wow…great reads, all of em…i had some ransomware or ransomlock in 2009, it was pretty new then, locked up my winxp pro…what a nightmare tht was…

i do keep my desktop icons hid…have a toolbar wit some program icons and a few on taskbar…am runnin win7 pro now and th ransomlock article didnt mention win7 as possibly affected…

ran a malwarebytes scan just now, full scan on all partitions and it came up clean…th only reason i know theres a problem with this particular item, is that my computer gets real loud, as tho a scan is runnin, but of course no scan is running, im just booting up at that point…am sure thats a bad explanation but its th best i can do …

right now my computer is quiet and when i booted up this morning, it was quiet and not runnin hard…

noticed also…NPE always wanna make a restore point b4 repairing/removing this problem and am wonderin if system restore is allowing something to run at boot…

as i said, its quiet now and no symptoms this morning…

and again…thank u so much for your time and expertise…i know just enough about computers to get myself in trouble and not enough to get out … :slight_smile:

gia

 

<< ...i know just enough about computers to get myself in trouble and not enough to get out ... :)  >

 

You are not alone ....

 

Since you have hidden the desktop icons you know why NPE is flagging that registry key.

 

If the suggested Malwarebytes scan shows no problems I suggest you relax and enjoy safe computing ......

i will do jus that....thx again ... -g-