Jump to content

TonyKlein

Experts
  • Posts

    1,932
  • Joined

  • Last visited

Everything posted by TonyKlein

  1. Well, if you were indeed to have that Start Menu folder as either part or remnant of a Rogue.Antivirus infection, you would definitely be happy to see MBAM remove it. It may or may not be possible for the MBAM development team to further fine-tune that detection, but as I'm not part of the team, I can't really comment.
  2. The "Antivirus" rogue in fact creates a "Start Menu\Programs\Antivirus" subfolder, see here, so therefore this can't be considered a "full" False Positive A quick solution would be to rename that folder to something else, say "Start Menu\Programs\Security
  3. Hi and welcome! I'm not convinced this is indeed a False Positive: http://www.mywot.com/en/scorecard/iwon.com ... but MysteryFCM and /or other MBAM team members will be able to tell you more
  4. There could be a variety of causes for this particular Stop error, the majority of them hardware related. MS has a number of Knowledge Base articles that could apply
  5. Thanks! I think we consider those two remaining detections False Positives as well. The "ASProtect" registry key could be created by any number of applications, and it is harmless by itself anyway. As for "Local AppWizard-Generated Applications", as you can see for yourself it only references legitimate applications, so you can disregard that one as well.
  6. Thanks, exile360 Also, I was careless myself as well. After following exile360's advice, please create the following batfile, call it peek.bat, and run that instead: regedit /e peek1.txt "HKEY_CURRENT_USER\Software\ASProtect" regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications" type peek1.txt >> look.txt type peek2.txt >> look.txt del peek*.txt start notepad look.txt Post the contents of the created look.txt file
  7. Well, you can write that 'detection' off right away then... I have a hunch that the other items may well be False Positives too, but we'd have to see exports of the registry keys in question if we're to be sure Please copy the text in the box below to Notepad and save it to your desktop as reginfo.bat < batchfile removed by TonyKlein pending adaptation > Double-click your newly created reginfo.bat file, and it will run and create a text document on your desktop which will open in Notepad. Copy and paste the contents of that entire file in this thread.
  8. Also, the "BrowserAid" detection is almost certainly a False Positive. It must have been four or five years ago since I last came across one of those.... There is at least one legitimate application (Snagit is one I know of) that registers the exact same key
  9. Look at the reviewer comments though: http://www.siteadvisor.com/sites/pcsecurityshield.com
  10. Hi and welcome. This is no False Positive. MBAM is simply alerting you to the fact that a restriction has been set that prohibits any changes to Active Desktop settings. This may or may not have be caused by malware; You can either opt to have MBAM "fix" it by restoring the defaults for that registry key, or, should you want to leave it, have MBAM ignore that detection.
  11. There's no need to run another anti-spyware. As Tom already pointed out, the CLSID is a known bad one, used exclusively by Vundo/Virtumundo malware; here's another reference. Just have MBAM delete it.
  12. Google is your friend...
  13. I love the show as well. But I've been a Laurie fan ever since "A BIt Of Fry And Laurie"
  14. The first detection appears to be a FP that was corrected a couple of days ago, see here Do make sure you update your MBAM before scanning.
  15. I suggest you rename the file to cmdow.bak, which will cripple it. Then leave it like that for a couple of days, or even weeks. If all your software continues to work the way it should (and I expect it will), feel free to delete it
  16. It is not a virus in the true sense of the word. It's a command line utility that allows manipulation (including hiding) of open windows. Here is some reading. It can however also be used by malware, and many AVs do detect it, see this post. Note that MBAM also detected it at the time. For starters, I suggest you post MBAM and HijackThis logs in our Malware Removal - HijackThis Logs forum Then upload yoir cmdow.exe file in the HJT Log Requested File Upload forum, accompanying it by a link to this topic, so that we can analyze it.
  17. The "W2KLpk" DWORD value isn't always there by default. If it IS present, value data of "00000000" prevents language pack installation, and "00000001" enables it. My guess is that, if the value is absent altogether, Language Pack installation is automatically allowed without prompt I'd have MBAM restore the item from quarantine, then check the Registry to make sure that LP installation is prohibited. This because there was a known Language Pack Installation vulnerability in IE (prolly fixed by now, but nevertheless...) Alternatively (obviously only if MBAM did quarantine this item on your system), you could merge the following regfile (for XP and Vista): Copy the text inside the 'Code' box to Notepad, and save in a location of your choice as Fix.reg (make sure you save as type: 'all files') Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International] "W2KLpk"=dword:00000000 Doubleclick Fix.reg, and answer yes when prompted to add its contents to the Registry Editing the regfile by changing dword:00000000 to dword:00000001 re-enables LP Installation
  18. It's a registry value, the default value data of which determine whether the installation of Language Packs is allowed or prohibited. Certain malware does set a restriction there, but that needn't be the case here. You can simply have MBAM restore that quarantined item.
  19. Hi. This has nothing to do with HijackThis. MBAm is simply alerting you to the fact that a restriction has been set that prohibits any changes to Active Desktop settings. This may or may not have be caused by malware; You can either opt to have MBAM "fix" it by restoring the defaults for that registry key, or, should you want to leave it, have MBAM ignore that detection.
  20. I would not be surprised if they were indeed FPs; this is what it found on my box during a 'standart' (sic!) scan while 'scaning' (sic!)... That said, restart.exe prolly is detected as a Risk tool by various AVs
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.