Jump to content

What to do with infected registry keys and values?


aneye

Recommended Posts

Okay so a little history first, a few days ago windows defender detected a trojan, attached to the file StartupCheck.vbs, which I then proceeded to remove. After this I would occasionally get a popup saying that StartupCheck.vbs could not be found in the system, but it didn't affect the system in anyway so I simply used to close that popup and continue working on my device as usual. Skeptical after the detection of a trojan, I decided to run a full scan using windows defender. Which then detected some sort of mining virus(Coinminer, if I remember correctly, I can't be sure since windows defender protection history is gone ever since I installed Malwarebytes) which I then, also proceeded to remove. The next time I switched on my device I noticed the GPU being used at 8-10% for seemingly no reason, thought the mining virus could still be there, ran a full scan on defender again, found nothing. After a little research, decided to install MalwareBytes. Scanned with MalwareBytes once and it detected 5 threats, 4 of which were associated with registry keys and values, and one being an infected file. Whilst all of them have been quarantined, what do you suggest I do about them? Can they be restored to their original value somehow? What shall I do about the infected file? I haven't got a popup about StartupCheck.vbs ever since I installed MalwareBytes but is there a way to restore an unaffected version of that file too? Attaching MalwareBytes scan result along with this post, any help would be greatly appreciated :)ScanReport.txt

Link to post
Share on other sites

  • Root Admin

Hello @aneye

I'm not sure I understand what it is you're wanting to restore. Did you create the file "StartupCheck.vbs" yourself? It sounds like Windows Defender probably put it in quarantine already and it doesn't sound like it should be run.

There is nothing needed to restore for those Registry keys, they're bad and not wanted.

 

Perhaps gather some more logs for us to see what is running on your computer.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.