Results 1 to 2 of 2

Thread: 3408AC0D-510E-4808-8F7B-6B70B1F88534 remainder of the Search-Protect malware

  1. #1
    Junior Member
    Join Date
    Sep 2014
    Posts
    1

    Default 3408AC0D-510E-4808-8F7B-6B70B1F88534 remainder of the Search-Protect malware

    Hi,
    Thankyou for the forum, I have used it and been very pleased with the information I have come across.

    I have found that Spybot has come across 2 persistent malware registry points and I have been able to match one of them and take it away.

    It had 3408AC0D-510E-4808-8F7B-6B70B1F88534 in it and matched one of the previous threads exactly so I deleted it.

    I therefore have one persistent 3408AC0D-510E-4808-8F7B-6B70B1F88534 point in the registry and so I did a control F and found 3 of them in the following registers:

    1. HKEY_CLASSES_ROOT\Wow6432Node\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    2. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

    3. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}


    And now I am unsure if I should delete all or just one of them as spybot only comes up with this one:

    Win32.2UrFace.bho: [SBI $62251A5D] Settings (Registry Key, nothing done)
    HKEY_CLASSES_ROOT\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

    which I should perhaps assume is number 1, but as there is not mention of Wow6432Node I am a little unsure especially as I have rarely changed regedit.

    Also perhaps the other 2 are being missed by spybot?

    kindest regards and thanks again for this service,
    Janine

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello janineoke,

    To request assistance in the malware removal forum please see the FAQ which includes guidelines in post #1 and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Questions regarding Spybot-S&D support can be asked here: Spybot-S&D Forums

    However it might be best if someone takes a look at the system, if you take that route please follow instructions on how to provide the logs from Farbar Recovery Scan Tool and aswMBR. Then start a new topic here in the malware removal forum and someone will advise when available.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •