Jump to content

FP or not: Rogue.Control Center?


daledoc1

Recommended Posts

Hi:

Query: Is this real or a FP?

Just installed MBAM < 1 week ago on both platforms.

Deep scans yesterday were both clean.

Quick scans today (after updating to today's defs (3591)) picked up the following on both computers (full log file is attached):

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (Rogue.ControlCenter) -> No action taken.

Should I remove it, or is this real?

(And sorry if I am posting on the wrong board with this -- I am new to your software and to your forum.)

TIA,

daledoc1

Link to post
Share on other sites

OOPS!

What I meant to say, is "is this a real pest (IOW quarantine it), or is it a FP (IOW ignore it)?

AFAIK, I never installed this rogue product (and it did not turn up until installing today's def version). Moreover, the laptop is very new, so I find it oddly coincidental that this "infection" turned up on both machines. (Kinda makes me think it's a FP?)

Thanks for bearing with me, and would appreciate your advice,

daledoc1

Link to post
Share on other sites

Dev Log:

Malwarebytes' Anti-Malware 1.44

Database version: 3591

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

18-1-2010 18:42:53

mbam-log-2010-01-18 (18-42-50).txt

Scan type: Quick Scan

Objects scanned: 120527

Time elapsed: 4 minute(s), 34 second(s)

Registry Keys Infected: 1

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (Rogue.ControlCenter) -> No action taken. [bE25B71FF674433DCF603A14EC6F27D2]

Link to post
Share on other sites

Please do, or you may end up with a blank Add and Remove Programs List...

Hi, Tony:

Thanks.

I restored it from quarantine on both computers.

(And I had created Windows RPs on both of them before the quarantine, just in case.)

As you can tell, although I'm reasonably OK with running computers, I really have NO CLUE about malware and nitty gritty details, such as registry keys and such. Kinda weird, b/c these 2 computers are running different Windows OSs...

So, should I consider this FP as "reported", or is there something else I need to do?

And is there a way to mark this permanently for "ignore", so that it won't turn up on every scan from now on, or should I assume it will be fixed on the next defs version?

Thanks!

daledoc1

Link to post
Share on other sites

And is there a way to mark this permanently for "ignore", so that it won't turn up on every scan from now on, or should I assume it will be fixed on the next defs version?

As Bruce already said, it should be fixed with next update, so no need to take any further action.

Thank you for reporting, and happy surfing! :)

Link to post
Share on other sites

As Bruce already said, it should be fixed with next update, so no need to take any further action.

Thank you for reporting, and happy surfing! :)

I removed this maleware and it wiped out my add/remove screen as advertised. I restored it from quarantine and everything appears to be normal. I re ran a quick screen and the FP did not reappear. The only question I have is do I need to do anything else like a system point restore to ensure everything is back like it should be? I look forward to a reply. I'm a little spooked at the moment.

Link to post
Share on other sites

The only question I have is do I need to do anything else like a system point restore to ensure everything is back like it should be?

No, there's no need to restore a SR snapshot.

All MBAM did was remove a single registry key, and once you've restored it from quarantine you'll be absolutely fine.

Link to post
Share on other sites

No, there's no need to restore a SR snapshot.

All MBAM did was remove a single registry key, and once you've restored it from quarantine you'll be absolutely fine.

Bob/Tony/everyone:

All fixed here.

Restored the item on both computers, then updated to new defs and rescanned -- both computers clean.

Just checked and my "add/remove" screens are fine.

(I assume when you say "add/remove programs" screen you mean CP > "programs and features" (Vista) and CP > "programs" > "programs and features" (7)?

It's been so long since I've used XP, I don't recall what anything was called. :) )

Y'all are GREAT!!!!

Super fast and responsive.

I like the program a lot.

I like the MBAM Free so well and it seems to be running fine on both machines, I think I'll have to uograde to the paid version!

I'm running different ISSs (McAfee & WISE) and different OSs (Vista & 7) on the 2 systems, but, aside from perhaps either NOT configuring MBAM protection module to run at startup or tweaking it for delayed startup (which requires a reg edit?), I should be fine, right? (OK, I probably need to move this question to the other board.)

Thanks!!!

daledoc1

Link to post
Share on other sites

OMG, stupid me remove it from quarantine, how can i get bak the registry key :) the uninstall list now is totally ...

Hi, Eastworm:

I'm not the expert and I'm new to MBAM, but you should be able to open the MBAM GUI/dashboard, click the Quarantine tab, select the item and click the restore button.

I don't think you'll have to reboot before checking to be sure your uninstall list is working again.

If you created a Windows System Restore point before quarantining the item, you could restore back to that point, as well.

Be sure to update your MBAM definitions and rescan afterwards (I had no problem after they quickly updated the defs when they learned of the FP).

If what I suggest doesn't work, you might want to wait for the experts to reply!

Good luck,

daledoc1

Link to post
Share on other sites

hi daledoc1, FYI, i had deleted the registry from my pc, its no longer in quarantine due to my stupidness to go n delete it. :) i had run a few times of system restore but it end up did not restore successfully. i think maybe it is bcos my window explorer will hang for a moment when boot up. is thr any alternative way to get bak the registry key other than system restore? thanks.

Link to post
Share on other sites

Is there any alternative way to get back the registry key other than system restore? thanks.

If you're unable to restore a snapshot from a moment in time before you had MBAM remove the registry key, you do have a problem.

Note that in many cases you can go to an application's Program files folder, find the Uninstall.exe or unins000.exe file, double-click it, and neatly uninstall the software that way

Alternatively, should that fail for some reason, you can generally re-install the application in question on top of itself, which will recreate the uninstall string and make it visible in the Software/Programs and Features List

We could have a look to see whether we can get your SR working again, although, as I don't know in exactly what state your machine is, I can't promise anything. Also, if any Restore Points are corrupted, there's nothing we can do

Anyhow, what operating system are you running?

Also, are you getting any error messages, and if so, what is their exact text?

Link to post
Share on other sites

No, there's no need to restore a SR snapshot.

All MBAM did was remove a single registry key, and once you've restored it from quarantine you'll be absolutely fine.

Thanks for the reply, but, it's not quite correct. I restored and my add/remove page did come back, but, all the dates for when the various programs were installed were redated as to the day I restored the quarantined item was restored. The only way to get back the correct dates was to a system point restore. Just depends on how important the dates are to you.

Link to post
Share on other sites

... but, all the dates for when the various programs were installed were redated as to the day I restored the quarantined item was restored

You're absolutely right, I forgot about that.

Still, no doubt the most important thing is having those Uninstall entries back in the first place

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.