beavis4ever
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by beavis4ever
-
-
Working on a customers PC here. He has apparently paid for a license to this software. I believe it may be from they same company that has Advanced Registry Optimizer but not positive. Anyway, I have 2 entries for it in my scanlog as Backdoor.bot. It seems odd because there were not any other instances of that infection found on this PC.
Here is the log from /developer scan. I had an error 23 at the beginning of the scan.
-
The computers may have seemed clean, but it isn't possible to completely clean it up. Like I said, no computer infected with Virut can ever be trusted again, unless you reformat the hard drives.
Why would that be? Can you give details or any links to support this? I have done probably a dozen ever since Jan/Feb and never heard any complaints from those people. If I am not cleaning up peoples PCs properly, I want to know. Thanks!
-
The laptop I was cleaning up definately did not have TeaTimer running. I installed Spybot but never use the extras other than Immunize. It is usually the tool used to cleanup the pieces Combofix and Mbam didn't remove and older junk. This is the first time I have ever had this problem w/ Mbam and Vista and believe it has to be related to the latest version. Xp has the same reg key present but w/o UAC it's not a big deal.
I am pretty sure Windows Defender is not the culprit. If you turn off UAC, you will not get the blocked startup program message.
-
I am also having an issue with the UAC blocking MalwarewareBytes Reboot startup item. This is with a fresh install of Mbam on Vista. If you delete the reg key it is recreated at next boot. Turning it off w/ msconfig avoids getting the message. This is happening w/o even doing a scan w/ Mbam.
Just wanted to adjust what I said. If you try to remove the reg key w/ HJT it is not removed. HJT is making a backup but not removing it. Deleting the reg key through regedit does remove the entry permanently. It does not returning after rebooting. I was trying to use HJT like others here, and didn't do another HJT scan after trying to remove it. I was just rebooting and assumed it was being recreated. Sorry for the mix up, but I am 100% sure now that my statement is correct.
I am going to let this laptop go out with the way it is now, and hopefully the reg key issue doesn't return for the customer.
-
I have had luck cleaning up virut infected exe files w/ Dr. Web Cureit and sometimes the old Norton Prescan. Html iframe infections are a bit more of a hassle. CA seems to be able to clean the html files as opposed to most AVs just deleting them. Only problem is all the exe files will have date and time of when they were cleaned instead of their normal timestamp.
-
I am also having an issue with the UAC blocking MalwarewareBytes Reboot startup item. This is with a fresh install of Mbam on Vista. If you delete the reg key it is recreated at next boot. Turning it off w/ msconfig avoids getting the message. This is happening w/o even doing a scan w/ Mbam.
Advanced System Optimizer
in File Detections
Posted
Thanks! I know it's hard to tell what's legit and what isn't anymore just by the name. Lots of Fake Alert programs going around with similar type names. Nothing looks bad about it other than running at startup. It's not something I would use on my PC. If it was a trial or free program, I would have just uninstalled it.