Search the Community
Showing results for tags 'quarantie'.
Hello everyone, Today I performed a full system scan with MBAM which detected the infected registry key: HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace). It was quarantied, and I permanently deleted it and disconnected the infected PC from the network. After Searching I found some topics about it claiming it keeps appearing in scans, like this one: http://forums.malwarebytes.org/index.php?showtopic=124721&st=0. So I rebooted into Safe Mode and fully re-scanned my system with MBAM, found nothing and the registry key was nowhere to be found when I searched for it manually. Then I restarted the PC normally and re-connected it to the network, and when I looked for the registry key again it was there. So again, I disconnected and fully scanned, but MBAM found no infected objects, which made me worry - how was it so easily removed from my PC while others struggle to remove it, and while the registry key still exists? Just to mention, maybe it indicates something: the computer was connected to the internet only during the first scan when I first found the malicious registry key. During the other 2 scans that came after it was disconnected, but between those two it was connected for some time, and though I doubt it I think it may be the reason for the reappearing of the registry key and the fact it was not detected on the next scans. There were no other infected objects MBAM detected, and there is no "Socks" folder in AppData\Roaming that contains data collected by a keylogger as described in the topic from the link above. I seriously consider formatting and re-installing Windows, I easily get anxious from such things and I think the computer might still be infected in some ways. Thank you very much, I'll appreciate any help or suggestion!