Random Chit Chat
- Thread starter Rubber314Chicken
- Start date
Could you be a little more vague...
If you ran MalwareBytes and it found registry values that were malicious, this is not exactly something to be overly alarmed about. A lot of Malware will corrupt the registry or create malicious values. I would actually be glad that it caught it. The question is, however, if those values were created maliciously, or if there were maliciously changed and are now gone. The only way to really tell is through your normal day to day use. The "Win 7 Antivirus 2012" program (fake antivirus malware) will modify the registry values to point all executibles to launch through that program. MalwareBytes will delete these values (which are the ones that handle executibles) so when you try to launch any program after the malware has been cleaned, Windows has no idea what to do.
Any issues like the above?
VINMAN46
Daemon Poster
- Messages
- 1,123
Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 7466
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/29/2011 11:50:41 PM
mbam-log-2011-12-29 (23-50-41).txt
Scan type: Quick scan
Objects scanned: 167940
Time elapsed: 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HKEY_CURRENT_USER (Backdoor.Agent) -> Value: HKEY_CURRENT_USER -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKEY_CURRENT_USER (Backdoor.Agent) -> Value: HKEY_CURRENT_USER -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 7466
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/29/2011 11:50:41 PM
mbam-log-2011-12-29 (23-50-41).txt
Scan type: Quick scan
Objects scanned: 167940
Time elapsed: 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HKEY_CURRENT_USER (Backdoor.Agent) -> Value: HKEY_CURRENT_USER -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKEY_CURRENT_USER (Backdoor.Agent) -> Value: HKEY_CURRENT_USER -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Well, it's a good thing you ran a scan. Those weren't existing values that were modified but there were newly created malicious keys. However, those were created by some program that's probably still on your PC. I noticed that you're running MalwareBytes 1.51 and 1.60 is the current version. I would download the latest version of rkill, rename it to some random word (some malware is programmed to stop the rkill.exe from being run) and then run that. Update MalwareBytes and run once again.
foothead
Omnicide now.
- Messages
- 10,027
- Location
- My own personal hell
I just got back to my computer after using a cell phone all week. My monitors now feel indescribably huge.
foothead
Omnicide now.
- Messages
- 10,027
- Location
- My own personal hell
Rick Santorum.
