View Full Version : Razespyware Registry Keys
The latest scan by spybot has identified the following registry keys as being related to razespyware:-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\LEGACY_SECUREDISK
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\LEGACY_SECUREDISK
I had previously followed all advice and thought that I had sucesfully removed all trace of razespyware.
None of the programs I have tried nor manual editing will allow me to remove these settings.
How can I get rid of these Registry Keys or having removed all other traces of razespyware are these key settings no longer a problem
md usa spybot fan
2005-12-28, 23:24
I had previously followed all advice and thought that I had sucesfully removed all trace of razespyware.
The detection of Razespyware appears to have been introduced with the most resent detection updates:
Detection updates 2005-12-23
http://forums.spybot.info/showthread.php?t=1193
I really have no way of knowing if the "advice" you received "successfully removed all trace of razespyware" or if the detections in Spybot are false positives. Please post the actual detections that you received so that a "Member of Team Spybot" can determine that.
The actual detections will be contained in either your latest Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm log.
Note: By default here are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.
Please post the latest Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm log that shows the problems.
Two methods to copy that information:
Method 1:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the last Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm from when you got the error message. Open it. To copy to the Clipboard > highlight the portion you want to copy (or Right click and select Select All) > Right click > Copy.
Method 2
The Checks.yymmdd-hhmm and Fixes.yymmdd-hhmm files are stored in the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the correct Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm file. Double click on it and it should open with Notepad. To copy to the Clipboard > highlight the portion you want to copy (or Right click and select Select All) > Right click > Copy.
Hello,
the LEGACY_SECUREDISK cannot be removed because of user right problems. Also somebody with adminstrative rights is not able to remove it. We will remove that from the detection (just the two registry keys).
Nevertheless you got rid of all the relevant Razespyware Registry Keys - so donīt worry about that. With the next (maybe overnext) update it should not be flagged any longer. Please ignore that for that time - thx.
rene