Jump to content

[ok now] Possible FP (not IP)


Recommended Posts

Hi, I have a user on a forum who gets continuous Vundo.Variant detection. I looked and saw no Vundo remains on the machine.

Here is the dev log :

Malwarebytes' Anti-Malware 1.40

Version de la base de donn

Link to post
Share on other sites

I am unable to locate any instances where these were not deleted by forum helpers and/or attached to malware files .

It is likely that these keys were part of the "immunization" that another vendor was doing for a while .

To delete these please reset their permissions first and then run another scan , this will correct the issue .

Link to post
Share on other sites

Ok, I'll do that (with RegAssassin). I'll tell the user (he thought he had Vundo but couldn't find it).

Thanks for your attention. :)

I don't think reg assassin will work here , there are DACL and ACL issues with the "immunization" . I was using subinacl to fix these before , we had quite a ot of them .

Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.