So here I was, toying around my PC. I downloaded a tool from Friendster that'd allow me to upload my pics directly to its server via my account, and it's in the format of .reg file (Registry Editor File). So I opened it, and here's where the problem showed up:

http://i217.photobucket.com/albums/cc41/frankz0509/Clipboard02.png

I don't know how that happened, I am the domain administrator, and I can't recall modifying any settings in the Administrative Tools, nor within the Control Panel. But just in case I did, can you guys please offer a suggestion?

Thanks,
F.

Err.

Never open .reg files for any reason. Ever.

Secondly, if you're on an administrator account, it looks like something has disabled regedit.

User Key: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\
System]
Value Name: DisableRegistryTools
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = allow regedit, 1 = disable regedit)

I would assume your key is currently set to 1, you could try modifying it yourself, but you will need access to a registry editor.

Or, you can run HijackThis! which can catch reg hacks like this.

-Neo

Hmmm... might work, thanks Neo. But, I can't modify the registry, right? :o I can't even open RegEdit.exe.

Also, nothing wrong on [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ System] appeared on HJT.

That gave me the idea. Maybe I should modify the Group Policies instead.

what do you mean nothing is wrong?

HJT shouldn't display anything, if it shows that string in it's scan, that indicates there's an issue.

The only other thing that might be an issue is that there's something just suppressing regedit.

See if you can Start --> Run "Regedt32"

-Neo

I said nothing wrong appeared on HJT because that exact registry key did not appear on the quick scan, not every string change, or whatever.

Also, regedt32.exe doesn't work too. It'd display the same message as the one I posted about. Maybe I should change something in the Administrative Tools?

Could it be possible that it's the work of some malicious culprit in code (malware)?

Side note: Hey Neo, cool avy and siggy. :)

Never open .reg files for any reason. Ever.
But what if I make them myself? After all, that used to be the only way to point StarCraft to a custom server, which I shall not talk any more about since it is against the EULA. ;) Of course, blizz caught on and best I can tell, those registry entries are no longer used...

Just to be sure, you haven't installed any programs to restrict access to the registry, various parts of the hard drive, etc? They use something like that at my university on the public computers, that disables the cmd and the Run dialog and restricts access to the C drive, so you shouldn't be able to do much of anything. (Of course, there are holes, such as if you can get around the drive protection, programs like regedit are not restricted themselves. Oops.)

.reg files inject information into your computer's .DLL files basically. They can fuck up your computer if you don't know what you're doing. Be sure to open them with Notepad first to make sure they're not anything suspicious or unrecognizable.

Other than that, if you're running Vista right-click>run as administrator. If XP I dunno, make sure you're in admin profile.

Modred don't be a smartaleck =P

Frank if you're on an administrator account and can't access regedit, you may have to install a third-party registry editor. You may also wish to install and/or run scans with an updated Adaware, Spybot, Windows Defender, etc...

Redcloak posted this thread on BF, which gives you 12 months of Spysweeper for free -- you might take a look at it... http://www.blizzforums.com/showthread.php?t=14811

(SpySweeper is really, really good)

-Neo

Quit pointing out unreal facts, Lithium. .reg files do not inject to or modify any .dll file. It simply adds or modifies data on the central registry (stored as .dat file). Other than that, nothing more.

Neo, thanks for the neat suggestions. Although I don't really know any external reg editor as REGEDIT basically does everything. I'll try SpySweeper for the duration.

Err.
Never open .reg files for any reason. Ever.
-Neo
Well uh I gots to for my wine on linux :p.Yeah LINUX WANNA FIGHT :P.

Anyways it seems you have installed a fake .reg meaning a virus and/or spyware.

Ok peeps. Obviously if you know what you're doing, you can run REG files. I know I've written a few for various reasons.

But this goes along with the basic advice you give anyone. Don't open attachments, and Don't run suspicious EXEs. It follows that you don't run a reg file regardless of the source.

You can try to run this: http://www.kellys-korner-xp.com/regs_edits/regtmcmdrestore.vbs

It will restore access to regedit I believe.

You can also google something like "unable to open regedit" or "restore regedit" or something similar to research it yourself.

-Neo

Thanks, but *dumb question*, how do I open the vbs file? Double-clicking it opens notepad. :/

Edit ADD: OK, so I downloaded Registry Organizer, and was able to make the tweak with the registry key you gave me earlier. Thanks. Everything's fine now.

Whoops, I meant .dat files, my bad.

Sorry Frankz, vbs is a vb script, it opened fine for me so I wasn't thinking.

-Neo

vbs are visual basic scripts you can open them in about anything that opens text.Its just how you use the vbs codes.

Now if you want to learn how to write to use vbs go to w3schools.com While using notepad++