Modified Registry.... Options

[Tanuki]

I posted this in the AdAware-Se forum but it seems to belong here. Sorry

Hi,
this morning when I turned on the laptop the Ad-Aware popped up a screen and proclaimed that there were attempts to modify the registry. Not thinking and being half awake I hit Block for all....big mistake. Now I get several pop-ups saying for example- ramaast.lnk cannot be found. Now I cannot click on any icons as they no longer appear in my task bar. Actually an icon appears but it is the one that means your computer doesn't recognize it...HOw can I get Ad-Aware to unblock or undo the damage?? I cannot even uninstall it because it does not recognize itself. But if I browse for the program (when it asks which program made ramaast.lnk) I can open the core module which can scan etc...I don't know what to do. Any suggestions??

[Ad Astra]

Hi

Have a look at this web site by Doug Knox

http://www.dougknox.com/xp/file_assoc.htm

and download the LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)

Unzip the file and double click on it. When prompted do you want to merge... select yes, Ad-watch will then notice the change and prompt you as well. Make sure you except the change in Ad-watch as well.

If this fails download the EXE File Association Fix (Restore default association for EXE files) fix from the above web site and follow the instructions at the top of the web page to start regedit from Task Manager. Once Regedit starts select file then select import and browse to import the LNK and EXE fixes you have downloaded. You will need to unzip them first.

[Saint]

did this work? I'm goin to try it on mine since my computer is having the same problem.

[spike-nz]

Hi Saint,

If you are showing the same symptoms, then follow Ad Astra's advice - he knows what he is talking about

Regards,

Spike

[David-F]

I've had a very similar problem but the action took out lots of the registry entries .exe .bat .lnk .msi .blah .blah

so this looks like some deliberate behaviour that I'm not familiar with; if I set to automatic wll it behave this way ? what settings do I have to allow to make sure that I can run this software and not cripple my machine and have to refix with lots of registry entry reloads ?

[spike-nz]

Hi David-F,

Active and Automatic have quite different effects on Ad-Watch.

Automatic silently blocks all changes, including any that you have instigated yourself (ie: by installing a program).

Active waits in your system tray and when it detects any change, it pops up a window with the change details, asking whether you want to Accept or Block the change. If the change was caused by you (read the details carefully) then Accept. If it appears on its own, then check the details and start looking for whatever is trying to change your system.

The setting is up to you - I prefer to receive the warnings from Active.

Regards,

Spike

[N.W.S]

Hi

Have a look at this web site by Doug Knox

http://www.dougknox.com/xp/file_assoc.htm

and download the LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)

Unzip the file and double click on it. When prompted do you want to merge... select yes, Ad-watch will then notice the change and prompt you as well. Make sure you except the change in Ad-watch as well.

If this fails download the EXE File Association Fix (Restore default association for EXE files) fix from the above web site and follow the instructions at the top of the web page to start regedit from Task Manager. Once Regedit starts select file then select import and browse to import the LNK and EXE fixes you have downloaded. You will need to unzip them first.

*Does the bowing, prasining, ringkissing and feetmassaging ritual.*

Thank you ever so much. Saved me from a bad scare this morning.

-NWS

[spike-nz]

Hi N.W.S,

All praise to Doug Knox and to Ad Astra (who is on holiday) for giving the link

Regards,

Spike

[Corinne]

I also blocked with Adaware and have gone to dougknox site but on downloading cannot open the downloaded file. The computer says that windows needs to know what program created it . I have no idea what to click. Anything that I try to download comes up with this statement. If anyone can help it would be appreciated.

[VMorris]

Hi,
Now that I have read this topic, I know that choosing "block" could be very hazardous.
But I don't understand how to differentiate between what I should or shouldn't allow.
For instance, I have one up now that is trying to delete data in key Software\MS\Windows\Current\Version\
Run with value "swg" , The old data was the GoogleToolbarNotifier\1.2.908.50
It doesn't seem like I would want to do that (although, I did install the new IE v7 a couple days ago.)
So, the popup is still sitting on my screen while I debate what to do. Does anyone know what this
deletion attempt means?
The other alarm that seems to popup every morning is one that wants to change the value in
key Software\MS\InternetExplorer\Main for "Start Page" from www.yahoo.com to
go.microsoft.com/fwlink/?LinkId=69157. This one has me totally baffled. My home page for IE startup
has always been www.google.com. I don't know why yahoo is in the registry as a start page or why something (someone- Microsoft?) is changing it to go.microsoft.com. Any help on this one?
Thanks,
VMorris (a newbie)

[USHER0001]

I also blocked with Adaware and have gone to dougknox site but on downloading cannot open the downloaded file. The computer says that windows needs to know what program created it . I have no idea what to click. Anything that I try to download comes up with this statement. If anyone can help it would be appreciated.

Go back to the said site and download

ZIP Folder Association Fix (Restores default associations for ZIP Folders - REG File)

If it asks you which program created the file, choose REGEDIT.exe or Regedt32.exe
the Registry Editor(s).

Then install the others, after unzipping them.

[David-F]

The setting is up to you - I prefer to receive the warnings from Active.

Regards,

Spike

Thanks Spike, good to understand that Automatic silently blocks. Active definitely looks like the option I need, however, in some circumstances don't "we" need to automatically block some things all the time ? I have another product as a firewall [not sure if I can use it's name as per the Ts&Cs of the forum but it uses "zones" to indicate where the alert is coming from] and you can select "block always for this activity" on each new activity that arises. Does AdWatch or AdAware allow that type of option ?

David

[spike-nz]

Hi David-F,

No, Ad-Watch itself works solely on which type of setting that you choose - you can, however, create custom rules.

Ad-Watch is not percipient enough to tell who/what is trying to make the change - malware often masquerades as genuine files. Hence my preference for Active...

Regards,

Spike

[silverfox]

I to had the same problem and have downloaded the LNK, COM & EXE registry file from the DougeKnox website.
I can import LNK & COM files to the registry, but I get an error message telling me there is an "error accessing the registry" with the EXE file.

Your assistance would be appreciated....

[spike-nz]

Hi silverfox,

Have a look at this Topic: Missing .exe and .lnk file associations , particularly the 2nd page where chrisofdeath's posts begin:

"If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files. To work around this, press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.EXE and press Enter."

If this doesn't work, renaming the file extension of .exe files to .com can also serve as a workaround. Let us know if this works, or if you have any other questions about the process. Good luck!

Should you have the licensed versions of Ad-Aware SE (Plus/Professional), then I would suggest that you configure Ad-Watch as in the following screenshot.

Open Ad-Watch, click on "Tools" (bottom-right) and then select "Options" - scroll down to "Blocking Options". This screenshot shows what I would consider to be the best configuration for this section (note Active and Automatic in the bottom panel):



Then click on "Events" to take you back to the usual Ad-Watch GUI.

Regards,

Spike