Extremeboy from bleeping computer asked me to post here.

[Santos]

Hey,

Please see our conversation below. I don't know what is going on but a registry key that is removed by malwarebytes, just simply comes back.

Sorry for the delay, that is indeed strange, that seems legit. I would ask in the Malwarebytes forum, I can help out if needed too.

http://forums.malwarebytes.org/index.php?act=idx

Hey,

Thanks for your reply. I remove it with MBAM and it comes back. I delete it manually from the registry and it comes back instantly, I change a folder in the registry go back to run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe is back. I don't know what is writing it. What is interesting enough is that if I change HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray.exe then it stays that way, I delete it and it comes back as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray.exe. Really weird. I would think that it is safe it stays at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray.exe.

Take care,

Santos

Hi again,

Is it still being detected? If MBAM removed it and it's not appearing again, then it should be fine.

Hey,

I'm sorry to bother you but I thought that I was clean but I ran Malwarebytes today and smss32.exe registry value is back. I don't know what is going on.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I am referring to my closed thread at http://www.bleepingcomputer.com/forums/topic299712.html

Is my computer still clean?

Take care,

Santos

[Firefox]

Hello Santos, and welcome to Malwarebytes.org

Extremeboy has sent you to the right place, now if you feel your computer is indeed infected, please follow the instructions below to have an expert have a look at your computer and help you clean it up.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please note that it may take 72 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 72 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)

[AdvancedSetup]

Extremeboy should be able to assist you on his own. I would just stay working with him and if he needs information or has questions about our product he'll be able to contact us as well, but as he did say in his reply that he can help you too, so I would take him up on that offer.

Thank you.

[Santos]

Hey,

Thanks Firefox, a new thread has been added. http://forums.malwarebytes.org/index.php?showtopic=43471

Take care,

Santos

[Firefox]

no problem santos, I see you are getting help there now.... Hope you get it all sorted out.