Entrar
 
HomeBibliotecaWikiAprenderGaleriaDownloadsSuporte ComunidadeFóruns
Recursos para Profissionais de TI >
Remnants of malware in the registry

Respondido Remnants of malware in the registry

  • sábado, 5 de maio de 2012 03:57
     
     
    Entrar para Votar
    0

    Hi, Everyone.

    I was infected by a malware on my Windows 7 laptop, now I have managed to delete the malicious files but it still has a registry entries that Windows will not allow me to delete, here is the registry location: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run and the Value is: Name "7285" and the Data "C:\PROGRA~3\LOCALS~1\Temp\msbrrzk.com" please help me delete this entry in the registry.

    Regards,

     

Todas as Respostas

  • sábado, 5 de maio de 2012 07:51
     
     
    Entrar para Votar
    0

    You haven’t said what is preventing the deletion, so I suggest you download and run HijackThis on the left here http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

    The rogue Run key should appear as an 04 entry. If it does, put a tick alongside it and click Fix. If you recognise any other ‘rogue’ entries, put a tick against these as well.

     
  • domingo, 6 de maio de 2012 05:35
     
     Resposta Proposta
    Entrar para Votar
    0

    Hi,

    In your case the best way to verify that your system is not infected anymore by malicious registry keys or infected files is probably malwarebytes.

    Do a complete scan and it will detect your key in question and you will be able to quarantine it and delete it. For free.

    Otherwise, 

    The best way to clean a messy infected windows system, with years of success, is to use a Linux based USB Antivirus like supplied in the following link:

    CD http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

    or USB http://forum.avira.com/wbb/index.php?page=Thread&threadID=94935

    For sure the best thing is to never get infected. But the best way to remove malware/virus/spyware/worm/trojan/rootkit is:

    Cleaning at an elevated level of control on files. Otherwise you will pass hours clicking in front of your windows workstation while your files are revised by a Hacker? Forget it, reboot with the USB thumb drive from BIOS. Some old machine cant boot from USB so you need a CD or DVD.

    Linux at the service of windows! Perfect match.

    Good Luck in your PC Experience

    Best Regards,

    POMM


     
  • domingo, 6 de maio de 2012 06:49
     
     
    Entrar para Votar
    0

    @BurrWalnut

    I will follow your instructions. Thank you for the advise


    Regards,


     
  • domingo, 6 de maio de 2012 06:50
     
     
    Entrar para Votar
    0

    @Pierre-Olivier

    The malware is cleaned by malwarebytes and that is the only registry file that was retained so I have decided to manually delete it and it gave an error (the one I have mention). I will try later the suggestion of Burr and also your Avira suggestion. Thank you so much for your help. I will post my update within today PH time or by tomorrow.

    Regards,

     
  • domingo, 6 de maio de 2012 20:01
     
     Respondido
    Entrar para Votar
    1

    Unless you have applied virus removal successfully, try the following:

    Always disable starting these unwanted "creatures" in Autoruns (Sysinternals). Then inspect the virus in Process Explorer, then kill it and clean your computer...

    Regards

    Milos

    • Marcado como Resposta speedup070605 segunda-feira, 7 de maio de 2012 08:33
    •  
     
  • segunda-feira, 7 de maio de 2012 08:33
     
     
    Entrar para Votar
    0

    Hi Milos,

    Thank you for your suggestion, the application you have suggested help me to delete the registry entry.