Results 1 to 5 of 5

Thread: SpyBot Registry Help

  1. #1
    Junior Member
    Join Date
    Apr 2015
    Posts
    3

    Default SpyBot Registry Help

    What is safe to delete from the registry errors spybot finds? Hoping someone would take the time to let me know so i don't have to trial and error. Thanks

    Used to use 1.4 until recently 2.4. How come 1.4 will find a few things that 2.4 does not and vice versa? Same updated defintions.

    2.4 :


    rootkit:

    :: RootAlyzer Results
    File:"Unknown ADS","C:\WINDOWS\$NtUninstallKB40611$:SummaryInformation:$DATA"
    File:"Unknown ADS","C:\WINDOWS\Prefetch\3325467223:2825242937.EXE-0EBBBE84.pf:$DATA"

    Check Registry files, there is no need for to check out the other files listed in the attachments. One section says internet explorer and media player; i don't have either one installed (k-lite media player classic different than microsofts media player [think it's refering to microsoft] is what i use) should be deleted?

    2.4 = 150417-1812.txt attachment

    1.4 = 150419-1927.txt attachment (fake bho and fraud xpdefender, two sections that 2.4 does not find are safe to delete, don't have to read those entries)
    Attached Files Attached Files
    Last edited by tashi; 2015-04-23 at 07:25. Reason: Moved from the malware forum

  2. #2
    Junior Member
    Join Date
    Apr 2015
    Posts
    3

    Default

    Sorry i forgot. I ran this too. Safe to delete?

    SuperAntiSpyware:

    Trojan.Agent/Gen-Backdoor
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167895.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167896.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1875\A0168889.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184887.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184919.EXE

    Trojan.Agent/Gen-Sirefef
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1876\A0184053.SYS

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,476

    Default

    Hello secretdefender,

    Quote Originally Posted by secretdefender View Post

    Used to use 1.4 until recently 2.4. How come 1.4 will find a few things that 2.4 does not and vice versa? Same updated defintions.

    2.4 :


    rootkit:

    :: RootAlyzer Results
    File:"Unknown ADS","C:\WINDOWS\$NtUninstallKB40611$:SummaryInformation:$DATA"
    File:"Unknown ADS","C:\WINDOWS\Prefetch\3325467223:2825242937.EXE-0EBBBE84.pf:$DATA"

    2.4 = 150417-1812.txt attachment

    1.4 = 150419-1927.txt attachment (fake bho and fraud xpdefender, two sections that 2.4 does not find are safe to delete, don't have to read those entries)
    Spybot 1.4 is a legacy version and not supported. The two RootAlyzer Results from version 2.4 as shown don't appear to be an issue.

    Quote Originally Posted by secretdefender View Post
    Sorry i forgot. I ran this too. Safe to delete?

    SuperAntiSpyware:

    Trojan.Agent/Gen-Backdoor
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167895.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1852\A0167896.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1875\A0168889.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184887.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1894\A0184919.EXE

    Trojan.Agent/Gen-Sirefef
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{739C306C-EA8F-4821-A184-C4C0B0F167C4}\RP1876\A0184053.SYS
    We don't analyze logs from SuperAntiSpyware, you can ask in their forums.

    I see you posted here and here. What is your operating system please.

    Best regards.
    Last edited by tashi; 2015-04-23 at 07:44. Reason: Added
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Apr 2015
    Posts
    3

    Default

    Yes i did post in a couple of other places. I'll just say those didn't work out. Sorry about superantispyware wasn't sure, thanks for link.

    It maybe legacy or outdated but i don't understand why different things are found.

    I usually removed everything spybot finds but on the recent update one or more of the registry errors you see in the log caused no boot. A system restore fixed it, now only delete ones i know for sure at this time.

    Problems i do have: Have Firefox and Opera. Sometimes not always slow browser or not loading as if not connected to the internet (my connection is fine); usually is fixed of the files i always remove. Opera will not load at all even after the files i remove ebay login page instead it says invalid certificate. Certificates are not the problem otherwise it would not have loaded in the beginning (it may not be one of the errors i didn't fix or something else). Firefox loads ebay fine same certificates.

    XP SP3 - i know outdated and no longer support but it runs fine

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,476

    Default

    Hello secretdefender,

    If you run outdated software and an unsupported operating system there will be issues.

    XP: Microsoft Countdown
    Infection rates

    Perhaps someone should take a look at the system.

    Please start a topic in the Malware Removal Forum and a volunteer analyst will advise.

    First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Also provide a link back to this thread please.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •