Mike8
2008-07-20, 19:26
Hi,
I recently cleansed (hopefully!) my computer from the Antivirus-2008 malware. Now, after getting rid of that, I get the following S&D messages:
Category: System Startup global entry
Change: Value deleted
Entry: Antivirus
Old data: C:\Program Files\VAV\vav.exe
New Data: [blank]
Category: Browser page
Change: Value deleted
Entry: Start page
Old data: http://www.microsoft.com/isapi/redir.dll?prd=iepver=6ar=msnhome
New Data: http://www.google.ca
Category: System Startup global entry
Change: Value deleted
Entry: lphcntgj0e77t
Old data: C:\WINDOWS\system32\lphcntgj0e77t.exe
New Data: [blank]
Category: System Startup global entry
Change: Value deleted
Entry: SMrhcjtgj0e77t
Old data: C:\Program Files\rhcjtgj0e77t\rhcjtgj0e77t.exe
New Data: [blank]
Category: System Startup global entry
Change: Value deleted
Entry: SysA2B5.exe
Old data: C:\Windows\SysA2B5.exe
New Data: [blank]
Category: System Startup global entry
Change: Value deleted
Entry: SysA4B7.exe
Old data: C:\Windows\SysA4B7.exe
New Data: [blank]
And I've denied all of these so far, as they're all linked to the virus I had. [except the start home page, which is more likely linked to my having updated Windows Security yesterday]
But I'm wondering if I should allow them, since all S&D bot is telling me is that these .exes have been deleted from the registry? Basically, I'm not sure what this 'value deleted' means. If it means it's a simple acknowledgement that these files have been deleted, great. But if it will then copy these files to some memory or something, then I should just deny them all. Right?
Any help would be greatly appreciated.
I recently cleansed (hopefully!) my computer from the Antivirus-2008 malware. Now, after getting rid of that, I get the following S&D messages:
Category: System Startup global entry
Change: Value deleted
Entry: Antivirus
Old data: C:\Program Files\VAV\vav.exe
New Data: [blank]
Category: Browser page
Change: Value deleted
Entry: Start page
Old data: http://www.microsoft.com/isapi/redir.dll?prd=iepver=6ar=msnhome
New Data: http://www.google.ca
Category: System Startup global entry
Change: Value deleted
Entry: lphcntgj0e77t
Old data: C:\WINDOWS\system32\lphcntgj0e77t.exe
New Data: [blank]
Category: System Startup global entry
Change: Value deleted
Entry: SMrhcjtgj0e77t
Old data: C:\Program Files\rhcjtgj0e77t\rhcjtgj0e77t.exe
New Data: [blank]
Category: System Startup global entry
Change: Value deleted
Entry: SysA2B5.exe
Old data: C:\Windows\SysA2B5.exe
New Data: [blank]
Category: System Startup global entry
Change: Value deleted
Entry: SysA4B7.exe
Old data: C:\Windows\SysA4B7.exe
New Data: [blank]
And I've denied all of these so far, as they're all linked to the virus I had. [except the start home page, which is more likely linked to my having updated Windows Security yesterday]
But I'm wondering if I should allow them, since all S&D bot is telling me is that these .exes have been deleted from the registry? Basically, I'm not sure what this 'value deleted' means. If it means it's a simple acknowledgement that these files have been deleted, great. But if it will then copy these files to some memory or something, then I should just deny them all. Right?
Any help would be greatly appreciated.