Infected - Won't Allow update

[Phil64]

OK - finally finished running the scans - MBAM shows no malware, however the CA antivirus is showing 5 serious infections as follows:

Bifrost - HKey_Current_USer\software\wget

Win AntiVirusPro2006 - HKey_Classes_Root\*\shellex\contextmenuhandlers\shellextension

Win AntiVirusPro2006 - HKey_Classes_Root\Wow6432Node\*\shellex\contextmenuhandlers\shellextension

WinSpywareProtect - HKEY_CURRENT_USER\software\microsoft\windows\currentversion\drivers

WinSpywareProtect - HKEY_CURRENT_USER\software\microsoft\windows\currentversion\drivers\Video\options

They all seem like registry keys, CA Antivirus will not delete - these are the same results as this mornings scan. Can I just use regedit to delete the infected keys?

[LDTate]

I wish we could see the whole key.

Making a mistake in the registry can kill the pc.

These are legit keys, but it's the value / file that's bad but we can't see it.

Unless we can see the value it doesn't do us much good

HKey_Current_USer\software\wget

HKey_Classes_Root\*\shellex\contextmenuhandlers\shellextension

HKey_Classes_Root\Wow6432Node\*\shellex\contextmenuhandlers\shellextension

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\drivers

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\drivers\Video\options

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

[Phil64]

Here is the scan log, didn't show any infections.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

I checked out the keys in Regedit - they are all the same - "Name - ab(Default), Type - Reg_sz, Data - (value not set)"

Maybe its just some leftover Reg entries, didn't want to start deleting. I guess I can just wait and see if anything else acts up, or I'll send a e-mail to CA, I'll be quite upset if they try and charge me $20 to help, like Nortons. You buy the software and when it doesn't stop the infection they charge you get get rid of it. I'll keep you posted or if you have any suggestions please let me know. Once again thanks LD.

[LDTate]

I'll leave this topic open for a few days. Let me know if you find out anything from CA.

[Phil64]

Hey LD,

OK all is clear - CA responded and said to run in Safe Mode. After that everything has been cleared out. I even went to the registry and the offending entries have been deleted.

Thank you, I couldn't have fixed this without you. I appreciate you taking the time to help me. I think you can close this thread now. Have a great New Year and once again thank you.

[LDTate]

Great job

You're more than welcome.

Glad we were able to help

Peace be with you

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.