Bigpapabear Posted November 8, 2013 ID:751471 Share Posted November 8, 2013 MalwareBytes shows in Quarantine the following... 1)- "Trojan.Agent - registry value - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|20353 2)PUM.USERWLoad- Registry Value - HKCU\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows|Load I'm running windows 7 ultimate and I can not get rid of these...In MWB, I click delete all, then do the reboot as asked and then run MWB again and they are still there...I booted into safe mode and did the same procedure with the same results...I tried deleting with Regedit and it will not allow me to delete..I'm set up as Administator , tried both regular boot up and safe mode, and the same results. I'm using Microsft Security Essentials which shows the following..I don't know if this is part of the above items showing in MWB, but again I can not delete..I found a file in the same location with the same name, "005d03e8.exe" and by changing the name first, then the extension I was able to delete said file, but I can not do the same with the registry or this file line.3) Trojan:Win32/Dusvext.B - located at file C:\Users\Me|AppData\Local\Temp\005d03e8.exe I would greatly appreciate any help or information about these. I've attached 2 screenshots showing the results after doing "remove all" and rebooting. Thank you folks and hope you all have a great day. Link to post Share on other sites More sharing options...
kevinf80 Posted November 8, 2013 ID:751487 Share Posted November 8, 2013 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 10, 2013 ID:752031 Share Posted November 10, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts