Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RogueKiller found a registry entry: not sure if should delete it


  • This topic is locked This topic is locked
2 replies to this topic

#1 UberedHeavy

UberedHeavy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:32 AM

Posted 01 January 2013 - 11:55 AM

Hi!

After running a RogueKiller scan, it detected some suspicious but somewhat legit looking registry entries which could be the reason of my computers
slow startup speed, but for all safety I decided to post the log here and make sure they are safe to delete.

Heres the log: (only the registry part, everything else was OK)

Registry Entries : 4
[TASK][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


Thanks for the advice in advance. Also, I would like to not to have to run
any Combofix like programs or anything, because I know that this machine is pretty clean.
I just want to know if these registry keys are legit.

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 01 January 2013 - 03:03 PM

Good evening. :)

The first entry is for the HP Support Assistant - assuming you are using a HP computer i'd leave that one alone, unless you don't like the idea: linky
For the other two, I have the same entries in my log so i'd consider them safe and leave them alone, or console me on the fact that we have identical infections. :) For further reading, take a peek here.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:32 AM

Posted 06 January 2013 - 04:05 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users