Kavu

>shadowwar >miekiemoes Thank you for your quick responses. I have not run (on my own anyway) the setup exe to install this program. The setup exe appears to have come installed w/new computer and likely sits waiting for activation in bundled Lenovo s/w. Same timeframe anyway. I do not see the program in my list of installed programs. And the option to install has not been presented to me as of yet...but then I haven't utilized many of the Lenovo bundled 'extras'/companion apps etc. I guess I was just surprised that it showed up all of a sudden as a PUP and dates back to 2013......so must be just a new addition to the scan db? As I am not interested in any registry cleaner or 'reviver', I have removed it. Thank you again for your prompt and informative responses.

Possible False Positive?.... Has been on computer(Lenovo) since 2013, showed up today as PUP Virus Total scan shows it completely clean: https://www.virustotal.com/en/file/b762e28c5d17d70a063ee51b82026a9b3ff952bfbe89a76bf647a3c836d6a41b/analysis/ Attached: zipped exe file: RegistryReviverSetup_3.0.1.144_CO1.exe Malwarebytes txt file: PUP.Optional.RegistryReviver.A.txt PUP.Optional.RegistryReviver.A.txt RegistryReviverSetup_3.0.1.144_CO1.zip

Yep, fixed...thanks. You guys are awesome and wicked fast as well :-)

6/7/10 Going 'Rogue' here as well.... Re: file - 'mpnwmon.sys' Note that my 'Rogue.FakeMSE was located in the Microsoft Security Essentials files in C:\Program Files\Microsoft Security Essentials\Drivers\mpnwmon....as well as in 2 System restore folders. I submitted the file to VirusTotal and report was clean: http://www.virustotal.com/analisis/7e97e8d...4243-1275933544 And file 'mpnwmon.sys' properties show it to be a Microsoft file, digitally signed 11/20/09. So, what say you(Malwarebytes)....False Positive? ----------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4176 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/7/2010 2:30:17 PM mbam-log-2010-06-07 (14-30-17).txt Scan type: Full scan (C:\|) Objects scanned: 324645 Time elapsed: 1 hour(s), 53 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Microsoft Security Essentials\Drivers\mpnwmon\mpnwmon.sys (Rogue.FakeMSE) -> No action taken. [106660DC692B083A5FD9BEDCA290F58C] C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP828\A0121549.sys (Rogue.FakeMSE) -> No action taken. [106660DC692B083A5FD9BEDCA290F58C] C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP829\A0121553.sys (Rogue.FakeMSE) -> No action taken. [106660DC692B083A5FD9BEDCA290F58C] ---------------------- mpnwmon.zip