BLEEPINGCOMPUTER NEEDS YOUR HELP!
BleepingComputer is being sued by Enigma Software because of a negative review of SpyHunter.
A case like this could easily cost hundreds of thousands of dollars. If we have ever helped you in the past, please consider helping us. To learn more and to read the lawsuit, click here.
CONTRIBUTE TO OUR LEGAL DEFENSE
All unused funds will be donated to the Electronic Frontier Foundation (EFF).
LET OTHERS KNOW
You can press escape or click on the X to close this box.
Strange Registry Keys located in HKCU & HKU
Posted 13 August 2009 - 03:55 PM
I am concerned because I am fairly knowledgeable about computers and the registry but I have never seen anything like this before. Typically things like this sound off my virus/worm/keylogger..etc alarms.
BC AdBot (Login to Remove)
Posted 13 August 2009 - 04:00 PM
What virus/spyware scans have you used so far?
Posted 13 August 2009 - 04:05 PM
I am going to post a screenshot of the HKEY_USERS. The weird keys that appear under HKEY_CURRENT_USER also appear under one of the HKEY_USERS subkeys. It's hard to explain so I will post the screenshot(s) in a second (after I get them loaded into Image Shack)
Posted 13 August 2009 - 04:11 PM
Lets take a look with Malwarebytes
Please download Malwarebytes' Anti-Malware from here:
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If Malwarebytes won't install or run
Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Posted 13 August 2009 - 04:13 PM
AppEvents, Console, Control Panel, etc.
But then it also has all these extra keys with gibberish in them
I am not sure what these are or what caused them or if they are a sign of some kind of virus/worm/hacking attempt
Posted 13 August 2009 - 04:14 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users