Results 1 to 5 of 5
  1. #1
    New Lounger
    Join Date
    Aug 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    suspicious registry entries

    In my Win7 SP1 registry there are several unusual keys. I know Astromenda is malware and I would like to delete it but I get error that it "Cannot be deleted". These entries do not appear in my other Win7 machines. Notice the similarity with the Chrome key? How are they related? Any suggestions appreciated.
    KEYS
    HKEY_CLASSES_ROOT\.htm\OpenWithProgids
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithP rogids
    sub-keys
    AstromendaHTML.HW47S6QVR7N3IFVGMNWWCPHJ
    ChromeHTML.HW47S6QVR7N3IFVGMNWWCPHJUY
    The sub-keys reaccur for .html, .shtml,.xtm, .xhtml classes as well.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts

  3. #3
    New Lounger
    Join Date
    Aug 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Astromenda is not listed in Programs and features nor in all programs nor does a search show any results anywhere. But in doing a "find" in regedit for ChromeHTML I found AstromendaHTML keys also listed next to ChromeHTML with the similar .HW extensions shown above. When I try to delete those Astromenda keys I receive error "Cannot remove...". Need to clean the registry only.

  4. #4
    New Lounger
    Join Date
    Aug 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Bruce R. Any suggestions when Astromenda only shows up in registry and nowhere else and won't allow deletion?

  5. #5
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,613
    Thanks
    147
    Thanked 870 Times in 832 Posts
    Two useful programs for getting rid of browser hijackers are AdwCleaner and Junkware Removal Tool and it doesn't matter if whatever it is, isn't listed in Programs and Features.

    Bruce's linked article gives a quickie on running AdwCleaner, but wasn't quite right.

    It doesn't put an icon on your desktop but will open to its working UI.

    Click on Scan and it may list some items in the lower pane that it considers PuPs, of which you deselect any you want to keep.

    When it has completed its scan, click on Report and it will show you what it has found and will delete when you close the report and click on Cleaning.

    It will then produce another report after the reboot to show what it has deleted.

    JRT can be useful to run after ADW as it can find bits that ADW may have missed - you just let it run until it completes and reports.

    The JRT download link is lower down the AdwCleaner page. http://www.bleepingcomputer.com/download/adwcleaner/

    NB - If your username is your email address then you should change it, otherwise you could end up with all sorts coming down the line - this is a public forum and open to all sorts.
    Last edited by Sudo15; 2015-07-17 at 17:29.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •