Results 1 to 4 of 4

Thread: How can a registry key with no program associated be malware?

  1. #1
    Member
    Join Date
    Oct 2010
    Posts
    32

    Default How can a registry key with no program associated be malware?

    Spybot found the following key and removed it:

    Fraud.Sysguard: [SBI $F62BE2C3] Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1844237615-764733703-682003330-1003\Software\SolutionAV

    Now it does not look like a system key i.e something that adjusts windows properties.

    And no mention is made of needing to remove any accompanying software. So how could a simple key entry like this be harmful?

    I have done some more research while typing this and the key is associated with antivir a malware fraud scam. I had this on my system a while back and resolved it by noticing that it took a few seconds after boot up for antivir to run and start blocking access to all programs. During this time I ran spybot and it cleared it up. I then DLed Avira (the legitimate one) and ran it as well. It found a number of things and quarantined them (it does not seem to be capable of removing anything it can only quarantine things)

    Was Fraud.Sysguard completely removed?

    I have looked up ways to remove all aspects of this program and it seems like the instructions were written by the same people who wrote the malware. All instructions I found just said remove the malicious exe, dll, and key entries with no explanation of what files these are, or where they are.

    I just want to know did spybot remove everything. If not does anyone know of a site that does give detailed instructions for its removal?

    I have seen some other posts here such as:

    http://forums.spybot.info/showthread...Fraud.Sysguard

    Were Shelf Life gives tha advice to DL Malwarebytes and RootRepeal I will do this and run them to be safe. That post is quite old does spybot now do a complete removal?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,476

    Default

    Quote Originally Posted by Klawdek View Post
    I just want to know did spybot remove everything. If not does anyone know of a site that does give detailed instructions for its removal?

    I have seen some other posts here such as:

    http://forums.spybot.info/showthread...Fraud.Sysguard

    Were Shelf Life gives tha advice to DL Malwarebytes and RootRepeal I will do this and run them to be safe. That post is quite old does spybot now do a complete removal?
    If you would like someone to take a look at the system please see the FAQ which also includes instructions on posting a preliminary DDS.txt log:

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start a new topic in the Malware Removal Forum and a volunteer analyst will advise you when available.

    FYI,
    Note that all instructions given are customized for that member's personal computer only, the tools used may cause damage if run on a machine with different specs/infections. Please do not take fixes given to another user and apply to your own machine.
    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member
    Join Date
    Oct 2010
    Posts
    32

    Default

    When I started this post I intended to only ask if a registry key that is not a windows XP key and the associated software is not present, could somehow affect the system?

    While typing the message I started looking things up and the questioned got more complex.

    I also want to know if the current version of SpyBot completely removes Fraud.Sysguard?

    I do not believe that those questions require the posting of a DDS.txt log, in fact such a posting in my circumstance would violate the very rules you referred to as I am not having any signs of infection at this time.

    Sorry my original post was so confusing

    BTW this forum has cool icons for posting

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,476

    Default

    Hello Klawdek,
    Quote Originally Posted by Klawdek View Post
    Spybot found the following key and removed it:

    Fraud.Sysguard: [SBI $F62BE2C3] Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1844237615-764733703-682003330-1003\Software\SolutionAV
    (Registry key, nothing done)
    Quote Originally Posted by Klawdek View Post
    Was Fraud.Sysguard completely removed?
    <snip>
    I just want to know did spybot remove everything. If not does anyone know of a site that does give detailed instructions for its removal?
    Quote Originally Posted by Klawdek View Post
    When I started this post I intended to only ask if a registry key that is not a windows XP key and the associated software is not present, could somehow affect the system?
    Without seeing a log all would be guessing.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •