SpyBot Registry Help

Printable View

2015-04-23, 06:29
secretdefender

2 Attachment(s)

SpyBot Registry Help

What is safe to delete from the registry errors spybot finds? Hoping someone would take the time to let me know so i don't have to trial and error. Thanks

Used to use 1.4 until recently 2.4. How come 1.4 will find a few things that 2.4 does not and vice versa? Same updated defintions.

2.4 :

rootkit:

:: RootAlyzer Results
File:"Unknown ADS","C:\WINDOWS\$NtUninstallKB40611$:SummaryInformation:$DATA"
File:"Unknown ADS","C:\WINDOWS\Prefetch\3325467223:2825242937.EXE-0EBBBE84.pf:$DATA"

Check Registry files, there is no need for to check out the other files listed in the attachments. One section says internet explorer and media player; i don't have either one installed (k-lite media player classic different than microsofts media player [think it's refering to microsoft] is what i use) should be deleted?

2.4 = 150417-1812.txt attachment

1.4 = 150419-1927.txt attachment (fake bho and fraud xpdefender, two sections that 2.4 does not find are safe to delete, don't have to read those entries)
2015-04-23, 06:37
secretdefender

Sorry i forgot. I ran this too. Safe to delete?

SuperAntiSpyware:

Trojan.Agent/Gen-Backdoor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167895.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167896.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1875\A0168889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184887.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184919.EXE

Trojan.Agent/Gen-Sirefef
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1876\A0184053.SYS
2015-04-23, 08:36
tashi

Hello secretdefender, :greeting:

Quote:

Originally Posted by secretdefender

Used to use 1.4 until recently 2.4. How come 1.4 will find a few things that 2.4 does not and vice versa? Same updated defintions.

2.4 :

rootkit:

:: RootAlyzer Results
File:"Unknown ADS","C:\WINDOWS\$NtUninstallKB40611$:SummaryInformation:$DATA"
File:"Unknown ADS","C:\WINDOWS\Prefetch\3325467223:2825242937.EXE-0EBBBE84.pf:$DATA"

2.4 = 150417-1812.txt attachment

1.4 = 150419-1927.txt attachment (fake bho and fraud xpdefender, two sections that 2.4 does not find are safe to delete, don't have to read those entries)

Spybot 1.4 is a legacy version and not supported. The two RootAlyzer Results from version 2.4 as shown don't appear to be an issue.

Quote:

Originally Posted by secretdefender

Sorry i forgot. I ran this too. Safe to delete?

SuperAntiSpyware:

Trojan.Agent/Gen-Backdoor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167895.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167896.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1875\A0168889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184887.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184919.EXE

Trojan.Agent/Gen-Sirefef
C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1876\A0184053.SYS

We don't analyze logs from SuperAntiSpyware, you can ask in their forums. :)

I see you posted here and here. What is your operating system please.

Best regards.
2015-04-24, 06:13
secretdefender

Yes i did post in a couple of other places. I'll just say those didn't work out. Sorry about superantispyware wasn't sure, thanks for link.

It maybe legacy or outdated but i don't understand why different things are found.

I usually removed everything spybot finds but on the recent update one or more of the registry errors you see in the log caused no boot. A system restore fixed it, now only delete ones i know for sure at this time.

Problems i do have: Have Firefox and Opera. Sometimes not always slow browser or not loading as if not connected to the internet (my connection is fine); usually is fixed of the files i always remove. Opera will not load at all even after the files i remove ebay login page instead it says invalid certificate. Certificates are not the problem otherwise it would not have loaded in the beginning (it may not be one of the errors i didn't fix or something else). Firefox loads ebay fine same certificates.

XP SP3 - i know outdated and no longer support but it runs fine
2015-04-24, 08:35
tashi

Hello secretdefender,

If you run outdated software and an unsupported operating system there will be issues.

XP: Microsoft Countdown
Infection rates

Perhaps someone should take a look at the system.

Please start a topic in the Malware Removal Forum and a volunteer analyst will advise.

First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Also provide a link back to this thread please.

Best regards.