PDA

View Full Version : 3408AC0D-510E-4808-8F7B-6B70B1F88534 remainder of the Search-Protect malware



janineoke
2014-09-26, 16:56
Hi,
Thankyou for the forum, I have used it and been very pleased with the information I have come across.

I have found that Spybot has come across 2 persistent malware registry points and I have been able to match one of them and take it away.

It had 3408AC0D-510E-4808-8F7B-6B70B1F88534 in it and matched one of the previous threads exactly so I deleted it.

I therefore have one persistent 3408AC0D-510E-4808-8F7B-6B70B1F88534 point in the registry and so I did a control F and found 3 of them in the following registers:

1. HKEY_CLASSES_ROOT\Wow6432Node\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
2. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

3. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}


And now I am unsure if I should delete all or just one of them as spybot only comes up with this one:

Win32.2UrFace.bho: [SBI $62251A5D] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

which I should perhaps assume is number 1, but as there is not mention of Wow6432Node I am a little unsure especially as I have rarely changed regedit.

Also perhaps the other 2 are being missed by spybot?

kindest regards and thanks again for this service,
Janine

tashi
2014-09-26, 17:30
Hello janineoke, :greeting:

To request assistance in the malware removal forum please see the FAQ which includes guidelines in post #1 and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Questions regarding Spybot-S&D support can be asked here: Spybot-S&D Forums (http://forums.spybot.info/forumdisplay.php?f=4)

However it might be best if someone takes a look at the system, if you take that route please follow instructions on how to provide the logs from Farbar Recovery Scan Tool and aswMBR. Then start a new topic here in the malware removal forum and someone will advise when available. :)

Best regards.