Jump to content

Recommended Posts

Hi, I recently downloaded Malwarebytes after seeings signs of an infection. I removed about 23 malware but there are these 2 Registry Key type malware that won't go away. No matter how many times I scan and qurantine.

mwab.txt-----> Malwarebytes scan log after quarantining 

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets check further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the logs for my review.

Wait for further instructions
====

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

This fix should remove the registry entries.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

These Protected keys were added by the previous Security Software you installed.
Avast, AVG etc.

HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18AA37360A0698E6A1F54A9E8268FB127B70E189 => could not remove, key could be protected


HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => could not remove, key could be protected
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E64232B7757A335C032414C6888633CC498E7CD6 => could not remove, key could be protected
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA => could not remove, key could be protected

They can only be remove by editing the permission in the Registry.
How to.
https://www.groovypost.com/howto/take-full-permissions-control-edit-protected-registry-keys/

Unless you are at ease in editing the registry I would leave them alone.

Do you have any difficulties not with this computer?

Share this post


Link to post
Share on other sites

Well I think I'll remove it. My PC has slowed down a bit and my Internet has been trash. It might not be the virus but still. I'll be at ease when I remove them.

Share this post


Link to post
Share on other sites

Hi Cyrodalic.

To do a cleanup of FRST64 tool

To remove the FRST64 tool & its work files, do this.  Go to your DESKTOP\FRST folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.

Then run that ( double click on it)  to begin the cleanup process.

.

The first best practice of computer safety is to have backups of the system.  Make regular periodic backups to offline removable media.

Backup is your best friend.

 

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.