Deleted infections that show up in scan, come back when I reboot

[miekiemoes]

Hi,

yes, if you permit the startup programs, then you won't get that balloon again. You'll only get it again when you install a new program. Then it will be a matter of permitting it again.

As a matter of fact, the current programs you have should protect you enough already. Windows defender monitors the registry as well here, but many people are having problems with using it and can actually cause more problems because of that, because some changes may not be blocked.

So, try first of the Permit works. Only permit when you know the program. If you don't know the program, then don't give permission in Windows defender. Keep in mind that this will give the balloon then everytime again unless you select to remove the blocked startup programs. And that's why I guess that the Windows Defender registry changes scan is more for advanced users since many don't always know if a program is good or bad.

[Brenda W]

Hi,

Mieke, I tried something. In Windows Defender, I removed malwarebytes completely from the list. This did two things. Firstly it has stopped the balloon and the icon from coming up on restart anymore but unfortunately, the two imperfections are back after I did a malwarebytes scan.

I just cannot win!

I think you are right, I think I am going to have to disable 'Windows Defender Real Time'and rely on the other antivirus/malware that I have.

Just a quick question for you. If I have Windows Defender Real Time disabled, can I enable it any time I like, to do a quick scan with it? Then after the scan, I can then disable it again?

[miekiemoes]

Hi,

You can scan with Windows defender any time without enabling the realtime scanner. This is the on demand scan

[Brenda W]

Hi, You can scan with Windows defender any time without enabling the realtime scanner. This is the on demand scan B)

Okay. Well I think this is about as good as I can get it now. Thank you for all your help and patience Mieke and if I need any help in the future, I will come to you.

Thank you very very much.

[miekiemoes]

You're most welcome Brenda B)

[Brenda W]

Sorry to bother you again Mieke,

The two infections or problems as they were, are back again and I have Windows Defender real time set to 'off'and I have unblocked malwarebytes numerous times but they still come back after a while when I do a scan in malwarebytes!

Sorry to be a pain but have you any other ideas how I get rid of these forever?

[miekiemoes]

Hi Brenda,

As I said previously, it's iolo system mechanic that sets these incorrect values for those in the registry. As has been reported here: http://www.malwarebytes.org/forums/index.p...ost&p=86492

So the only way is to not use iolo registry mechanic anymore. Or just ignore those detections in mbam.

They are nothing really to worry about anyway as they are no malware or whatever, just a incorrect value set in the registry

[Brenda W]

Hi,

It seems to be okay now, cannot understand it. The balloon and icon still come up and show that malwarebytes needs to be unblocked each time, but I never had to do this before and I could use malwarebytes as normal just from the shortcut icon on the desktop. I should explain that I have the free version of malwarebytes and not the paid version. I don't know if this makes any difference.

Hi Brenda,

As I said previously, it's iolo system mechanic that sets these incorrect values for those in the registry. As has been reported here: http://www.malwarebytes.org/forums/index.p...ost&p=86492

So the only way is to not use iolo registry mechanic anymore. Or just ignore those detections in mbam.

They are nothing really to worry about anyway as they are no malware or whatever, just a incorrect value set in the registry

I have the 'iolo' program on that list as shown in Windows Defender. Should I do something with it in there perhaps? Disable it or something?

[miekiemoes]

Hi,

but I never had to do this before and I could use malwarebytes as normal just from the shortcut icon on the desktop

That's because Windows Defender blocks the execution of the malwarebytes cleanup after reboot:

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

So, please add it to trusted in Windows defender (the balloon).

For iolo, it's this startup that causes the incorrect values in the registry:

O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

So please block this one in Windows defender.

[Brenda W]

Hi,

That's because Windows Defender blocks the execution of the malwarebytes cleanup after reboot:

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

So, please add it to trusted in Windows defender (the balloon).

It is showing that Malwarebytes is the only one that is blocked when I go to 'Blocked Programs', in Windows Defender. In the Windows Defender list I have 'Malwarebytes'set as 'Permitted'and when I right click Malwarebytes I have a little menu pop up which gives three options. They are; 1.Start-up, 2.Publisher and 3.No Grouping. I now have Start-up checked. I do not know if this is right.

For iolo, it's this startup that causes the incorrect values in the registry:

O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

So please block this one in Windows defender.

I cannot 'block' iolo.

[Brenda W]

Sorry, I accidentally sent the last message without finishing.

What I was about to say was; I cannot 'block iolo', once again I have three options with what to do with this. 1.Remove, 2.Disable or 3.Enable. I have it set to 'Disable' at the moment. I do not know if this is right.

[Brenda W]

Mieke,

I have just tried something, I do not know if this will work yet. I have removed Malwarebytes'completely from the Windows Defender list. A window popped up which said 'are you sure you want to remove the application from the list of programs that start automatically with Windows?'

Perhaps this is what it needed. I will try it and let you know.

[miekiemoes]

Hi,

Yes, iolo has to be set to disabled, otherwise it will create those faulty registry entries again and mbam will detect it afterwards again as well.

I have just tried something, I do not know if this will work yet. I have removed Malwarebytes'completely from the Windows Defender list. A window popped up which said 'are you sure you want to remove the application from the list of programs that start automatically with Windows?'

When you run malwarebytes again and it detects something, it will ask to reboot your computer, so it will do the cleanup after next restart since malwarebytes will create a startup entry then. When your Windows defender gives that balloon again related with malwarebytes, you should tell Windows defender to "enable" it.

[Brenda W]

Hi Mieke,

I have now 'Disabled' 'iolo' and 'Enabled' malwarebytes in Windows Defender.

I do not know if you know about this, but I received an e-mail from one of my friends who is an MVP. He sent me this below. It might be worth your while checking it out. He has advised me to get this and install it.

Microsoft released the following on the 29th of September

http://www.microsoft.com/security_essentials/resources.aspx

Microsoft Security Essentials, get that and install it, it will shut down

Defender as a default action.

You will not need AVG either.

[miekiemoes]

Hi,

Yes, that's a good choice, so go ahead and install it.

BTW, I'm a Microsoft MVP either: https://mvp.support.microsoft.com/profile=1...44-832186937aeb

[Brenda W]

Yes, a good choice, so go ahead and install it.

Before I install it, do I need to uninstall AVG first? Then install it?

BTW, I'm a Microsoft MVP either: https://mvp.support.microsoft.com/profile=1...44-832186937aeb

Yes, I already knew this and I have seen the website. You are a very clever girl. ;-)

[miekiemoes]

Yes, better to uninstall AVG first.

[Brenda W]

Hi Mieke,

Okay, I have now got rid of AVG and downloaded MSE. It is very impressive but the balloon and icon still comes up and show in the system tray. Still none the wiser!

If you hear of anything or see a similar problem elsewhere in these forums, could you let me know so I can get rid of this problem?

[miekiemoes]

Hi Brenda,

This isn't actually a problem though. This is the way Windows Defender works. When a startup key (related with a program) is added to the registry, Windows Defender then shows the balloon. Then it's up to you to allow it or block it. If you block it, then Windows defender will give the message everytime again after reboot, unless you choose to delete that startup key.

Not sure for what program it is giving this balloon now. If it's for iolo, select to remove that startup again, or do this via msconfig.

To do this, go to start and in the searchfield, type: "msconfig".

There select the tab "startup" and in there, uncheck "Dell PC TuneUp Startup". Click apply > OK.

Then reboot.

But as I said, if Windows defender is too confusing for you as a realtime scanner, I suggest you disable it as well via msconfig.

You can still use Windows Defender as an on demand scanner though.

[Brenda W]

Hi,

Just a bit of information for you. Since I have installed MSE, Windows Defender is showing as being turned off.

This is as my friend said it would be. He stated that once MSE was installed, by default it would automatically turn off Windows Defender.

This still does not stop the balloon and icon coming up, even though Windows Defender is off.

I will give your other idea a go from the start menu and see what this does.

[miekiemoes]

Hi,

Since you still get that balloon, it looks like it's still enabled though...

Yes, go ahead and disable it via msconfig.