[SOLVED] Removing Malware Registry Keys safely?

[Mads Haugaard]

Hi everyone. I've recently been unlucky with a program and have gotten some malware on my pc, which I assume causes a windows booting issue I've been having.

Currently, Malwarebytes has detected 11 Trojans in Registry Keys, and last time (many years ago) when I was removing registry key viruses, it bricked my OS. How do I safely go about removing the malware (with malwarebytes) without risking bricking my system?

For context:
The program that I installed was for a controller Emulator PS4 to XBox, and right after it asked me to restart, so I did. And then the <Mod Edit>-show began. Issues booting up past bios, (blinking " - " at top left corner of the monitor) and odd crashes etc. Pretty much can't load windows 9/10. I tried to use System restore point, a day prior to when it was installed, and it failed, giving an unspecified error. ( Tried multiple times and different restore points)

Am I overthinking it, and should I just backup my stuff and let it remove it and take my chances or are they better ways to help insure it wont brick my OS? Sorry if this seems silly, but I'm generally curious if there's a proper way.

 

[USAFRet]

should I just backup my stuff and

...and do a full wipe and reinstall.

11 identified Trojans...what else is in there?

 

[Mads Haugaard]

...and do a full wipe and reinstall.

11 identified Trojans...what else is in there?

While a complete re-install would be ideal, I have about 2-3 years worth of stuff on my main drive. It would take quite some time to get everything back to normal again. Which would be the last resort.
Heres a picture of the registry keys it flagged: https://gyazo.com/a3466687a734ad9a258887d94a611418 (Screen shot)

 

[USAFRet]

While a complete re-install would be ideal, I have about 2-3 years worth of stuff on my main drive. It would take quite some time to get everything back to normal again. Which would be the last resort.
Heres a picture of the registry keys it flagged: https://gyazo.com/a3466687a734ad9a258887d94a611418 (Screen shot)

I would absolutely not trust such a system, no matter what your antivirus/antimalware found.
What did it NOT find?

Yes, a full wipe and reinstall without a proper backup, or "2-3 years worth of stuff " is painful.

Is that more painful than a trojan lurking in there, compromising the system behind the scenes?

Some of these things are on a timer. Hiding innocuously until sometime in the future, after you think you've eradicated it.
Then...bam. It fires itself up, contacts homebase, and you're screwed.

Yes, really.

Its your data and system...all up to you.
I know what I would do.

 

[Mads Haugaard]

I would absolutely not trust such a system, no matter what your antivirus/antimalware found.
What did it NOT find?

Yes, a full wipe and reinstall without a proper backup, or "2-3 years worth of stuff " is painful.

Is that more painful than a trojan lurking in there, compromising the system behind the scenes?

Some of these things are on a timer. Hiding innocuously until sometime in the future, after you think you've eradicated it.
Then...bam. It fires itself up, contacts homebase, and you're screwed.

Yes, really.

Its your data and system...all up to you.
I know what I would do.

Would you recommend a wipe of all my drives,? that would be 4,5tb of data lol. Also, would you recommend using a cd, over the feature windows has, the "reset this pc" ?

 

[USAFRet]

Not "reset".
Boot from a newly built Win 10 USB, and full wipe and reinstall.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

And this install is done with ONLY the desired OS drive connected.


'wipe all drives"? Well......depends on what is on them.
If some of the things you've downloaded over time exist on those drives, then maybe.

Again, this speaks to having a good backup routine.
Drive space is cheap. Your data is not.

 

[DSzymborski]

If a full OS wipe leads to the loss of important data, that's a sign of negligence involving PC maintenance. All important data should be backed up at all times. Ideally in the form of multiple backups.

Buy a hard drive of sufficient drive to back up any data on the OS drive, back it up, and then full wipe and reinstall. When the dog poops on the kitchen floor, you clean it up; you don't just put newspaper over it.

 

[Mads Haugaard]

Not "reset".
Boot from a newly built Win 10 USB, and full wipe and reinstall.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

And this install is done with ONLY the desired OS drive connected.


'wipe all drives"? Well......depends on what is on them.
If some of the things you've downloaded over time exist on those drives, then maybe.

Again, this speaks to having a good backup routine.
Drive space is cheap. Your data is not.

Well, thanks for your input. I'll think about formatting my other drives. Now comes a tricky question how do YOU avoid malware? You seem pretty safety-orinted when it comes to security. The program of which caused me all of this, actually works as intended, but with the downside of the virus part lmao. I need an alternative program to do the job, and as you said, don't trust any malware programs. So do you only go with your gut, or is there a new revolutionary anti-virus I haven't heard about, because in all my years of using a pc, I've never used an active anti-virus / detecter before. Only Malwarebytes every now and then to check up on my pc. Sorry if this seems a stupid question. And I know not to trust shady sites ofc. Do you use a virtual machine to test the waters?

 

[Mads Haugaard]

If a full OS wipe leads to the loss of important data, that's a sign of negligence involving PC maintenance. All important data should be backed up at all times. Ideally in the form of multiple backups.

Buy a hard drive of sufficient drive to back up any data on the OS drive, back it up, and then full wipe and reinstall. When the dog poops on the kitchen floor, you clean it up; you don't just put newspaper over it.

I'm working on getting an extra storage device rn. Just so I'm clear - ofc I have backed up my most important files. No doubt, and it's on a cloud and a usb stick. When I say that I have a lot of data that I would hate to re-acquire, I simply mean I have so much work put in to my current system, like settings, programs that are setup very specifically to my liking, Files that are where I want it to be etc. It's mostly the hassle of having to remove countless of hours of work, to remove malware that could easily be acquired a week later. I'll do a wipe today hopefully.

 

[kanewolf]

Well, thanks for your input. I'll think about formatting my other drives. Now comes a tricky question how do YOU avoid malware? You seem pretty safety-orinted when it comes to security. The program of which caused me all of this, actually works as intended, but with the downside of the virus part lmao. I need an alternative program to do the job, and as you said, don't trust any malware programs. So do you only go with your gut, or is there a new revolutionary anti-virus I haven't heard about, because in all my years of using a pc, I've never used an active anti-virus / detecter before. Only Malwarebytes every now and then to check up on my pc. Sorry if this seems a stupid question. And I know not to trust shady sites ofc. Do you use a virtual machine to test the waters?

The safest way to avoid mallware is to not download random software, especially "free" or cracked software. If there is ever a doubt, then only run it in a VM with virus protection enabled. A VM you can wipe out and start over.

 

[Mads Haugaard]

The safest way to avoid mallware is to not download random software, especially "free" or cracked software. If there is ever a doubt, then only run it in a VM with virus protection enabled. A VM you can wipe out and start over.

Sadly, sometimes you have to scrounge around on shady sites to find what you need. Which was my case yesterday. I'll see about getting a vm up and running when I', done.

In a completely different problem I have, which I may as well ask here and now, I have quite a few games on my Main drive, which is also why I'm usually bummed when having to format.
The reason being that some games will not run, or have game-breaking issues IF it's not located where my OS is. I tried searching for an answer couple years ago, to no avail. Do you perhaps have a clue? this could help me with formatting easier the next time, by not having a bunch of crap on my main drive.

 

[USAFRet]

Well, thanks for your input. I'll think about formatting my other drives. Now comes a tricky question how do YOU avoid malware? You seem pretty safety-orinted when it comes to security. The program of which caused me all of this, actually works as intended, but with the downside of the virus part lmao. I need an alternative program to do the job, and as you said, don't trust any malware programs. So do you only go with your gut, or is there a new revolutionary anti-virus I haven't heard about, because in all my years of using a pc, I've never used an active anti-virus / detecter before. Only Malwarebytes every now and then to check up on my pc. Sorry if this seems a stupid question. And I know not to trust shady sites ofc. Do you use a virtual machine to test the waters?

The best AV exists between your ears.

And yes, I have multiple VM's spun up, both Windows and Linux. Often running 24/7.

Any suspect website gets checked in Linux.
And software, a Windows VM.

And of course, a multi-layer backup routine.
Somewhat modified since I wrote this a few years ago, but the basics:

What is your backup situation at home?

What is your backup situation at home? And if you don't do that, why not? Every single day, I read multiple threads here of "How do I get my stuff back?" or "That drive had 5 years of photos of my kids!!" Be it a dead drive, dropped phone, virus, accidental deletion, formatting the wrong...

forums.tomshardware.com

An 8TB external drive can be had for under $150.
That is large enough to have an Image of each drive individually, and a full months worth of Incremental images.
How much is your data worth?

 

[Mads Haugaard]

The best AV exists between your ears.

And yes, I have multiple VM's spun up, both Windows and Linux. Often running 24/7.

Any suspect website gets checked in Linux.
And software, a Windows VM.

And of course, a multi-layer backup routine.
Somewhat modified since I wrote this a few years ago, but the basics:

What is your backup situation at home?

What is your backup situation at home? And if you don't do that, why not? Every single day, I read multiple threads here of "How do I get my stuff back?" or "That drive had 5 years of photos of my kids!!" Be it a dead drive, dropped phone, virus, accidental deletion, formatting the wrong...

forums.tomshardware.com

An 8TB external drive can be had for under $150.
That is large enough to have an Image of each drive individually, and a full months worth of Incremental images.
How much is your data worth?

Seems a little "too much" for me, my data is not something that will leave my life having from a string - ever. Worst case would be someone getting access to my bank, which would be hard with 2 step auth. Personal images are kept on a usb device aswell. I'll see about a vm machine.
EDIT: I'll see about getting an SSD to for backups.

 

[USAFRet]

Seems a little "too much" for me, my data is not something that will leave my life having from a string - ever. Worst case would be someone getting access to my bank, which would be hard with 2 step auth. Personal images are kept on a usb device aswell. I'll see about a vm machine.

As mentioned at the end of that...an external drive or two will suffice.

An external USB drive, connected once a week...update the relevant Images.
Disconnect until next weekend.

Your stuff is easily recoverable...the whole system and config.


I have that NAS setup because it is also my house media server.

 

[Mads Haugaard]

Well, I'll get a storage device then, thanks for your time / help / inputs sir, one last questions, what's your take on this I asked earlier?

"In a completely different problem I have, which I may as well ask here and now, I have quite a few games on my Main drive, which is also why I'm usually bummed when having to format.
The reason being that some games will not run, or have game-breaking issues IF it's not located where my OS is. I tried searching for an answer couple years ago, to no avail. Do you perhaps have a clue? this could help me with formatting easier the next time, by not having a bunch of crap on my main drive. "

 

[USAFRet]

Well, I'll get a storage device then, thanks for your time / help / inputs sir, one last questions, what's your take on this I asked earlier?

"In a completely different problem I have, which I may as well ask here and now, I have quite a few games on my Main drive, which is also why I'm usually bummed when having to format.
The reason being that some games will not run, or have game-breaking issues IF it's not located where my OS is. I tried searching for an answer couple years ago, to no avail. Do you perhaps have a clue? this could help me with formatting easier the next time, by not having a bunch of crap on my main drive. "

Depends on the specific game and how it was installed.

Steam games, for instance, are easily installed on different drives.

Steam games location
In the steam client:
Steam
Settings
Downloads
Steam Library Folders
Add library folder

To move an already installed game
Games library
Right click the game
Properties
Local Files
Move Install Folder


Other game platforms have a similar function, but I don't have that documented.

 

[Mads Haugaard]

Depends on the specific game and how it was installed.

Steam games, for instance, are easily installed on different drives.

Steam games location
In the steam client:
Steam
Settings
Downloads
Steam Library Folders
Add library folder

To move an already installed game
Games library
Right click the game
Properties
Local Files
Move Install Folder


Other game platforms have a similar function, but I don't have that documented.

Yeah yeah I know, but it seems to be more than just a few issues, sometimes I'll see the same issue, on different games. ( even through multiple formats, updates, different drivers etc)
For example, Saints Row series WILL NOT start unless it's on my main drive. no dump files or anything. Just wont run, which also happens on a few other games.
However, Games like Skyrim, Outer worlds, uhm and a few other I forgot, is missing half the sounds in the games.
Some other games , mostly ubisoft games gets very laggy, even tho they are on a ssd or hard drive install.
I asked a couple of other tech guys, and they had no clue on how do solve it, other than just installing it on my main.
Quick Edit: As said, as long as they are installed on my OS drive, all those problems disapear lol

EDIT: Anyway that is a problem for another time, thanks for all the help

 

[USAFRet]

And a VM is not a necessarily guarantee of safety when checking out something.

Some malware can detect that it exists in a VM, and disable itself.
To prevent you checking and investigating.



But yeah...some things do NOT run well or at all if not installed on the "C drive".

 

[Mads Haugaard]

And a VM is not a necessarily guarantee of safety when checking out something.

Some malware can detect that it exists in a VM, and disable itself.
To prevent you checking and investigating.



But yeah...some things do NOT run well or at all if not installed on the "C drive".

Thank you, good to know.

 

[kanewolf]

Sadly, sometimes you have to scrounge around on shady sites to find what you need.

This is a WANT, not a need. There is never a "need" associated with shady sites.

 

[Mads Haugaard]

This is a WANT, not a need. There is never a "need" associated with shady sites.

True, my bad. But it was required to get a newly purchased 100 dollar game to run sadly Or work properly to be specific

 

[DSzymborski]

True, my bad. But it was required to get a newly purchased 100 dollar game to run sadly Or work properly to be specific

And the risk you take by doing this is that you occasionally have to fully wipe and reinstall Windows because of the infections your OS picks up.

• Downloading dangerous programs
• Not having to fully wipe Windows
• Fully functional and protected Windows

Pick two. You want three. You only get two.

 

[Mads Haugaard]

And the risk you take by doing this is that you occasionally have to fully wipe and reinstall Windows because of the infections your OS picks up.

• Downloading dangerous programs
• Not having to fully wipe Windows
• Fully functional and protected Windows

Pick two. You want three. You only get two.

Don't take this the wrong way, I appreciate all the help, but I didn't make this post for people to tell me it's dangerous to download from shady sites, I know that. Everyone does. I done [Profanity deleted] , I know. But the point of the post was to ask how to safely remove registry keys without bricking my OS.

 

[DSzymborski]

Don't take this the wrong way, I appreciate all the help, but I didn't make this post for people to tell me it's dangerous to download from shady sites, I know that. Everyone does. I done <Mod Edit> up, I know. But the point of the post was to ask how to safely remove registry keys without bricking my OS.

And you were told: completely wipe your OS and reinstall. Everyone screws up, but that doesn't mean that the solution is the half-assed route.

Sorry to be so blunt, but you seem to want to be able to download everything you want, but then not have to deal with the consequences. The consequence of shady software infecting your PC is that, sometimes, you need to completely wipe your OS and reinstall. Not run AV software. Not change a registry key. Not disable some system service or manually delete some hidden directories. Wiping the partition and reinstalling.

 

[Mads Haugaard]

And you were told: completely wipe your OS and reinstall. Everyone screws up, but that doesn't mean that the solution is the half-assed route.

Again: pick two. Want to download shady things and have a fully protected and functional Windows? Well, you're going to have to fully wipe the OS drive from time to time.

Which I am going to do as soon as I have a storage solution while I clean up my mess.
I had just hoped it would be fine removing the keys.
Didn't mean to do anything "half-assed".

If I made it sound like I could get away with shady software, then it's my bad. Never meant for it to sound that way. I just never had so much on my pc that it seemed not-worth it to format. Malwarebytes has served me perfectly past, idk how many years, but a lot. Only causing a bricked OS once.



------ EDIT: Problem Solved: I'll Format my pc, and that'll be it. Thanks for the help --------