Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Keys Infected. It Is It Safe To Delete Them?


  • Please log in to reply
13 replies to this topic

#1 nerd0795

nerd0795

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 08:30 PM

I'm fixing someone's computer and I scanned with malware byte's anti malware. They have a few registry keys but one registry value.

Is it safe to remove?

Posted Image

Edited by nerd0795, 22 May 2008 - 08:34 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 22 May 2008 - 08:44 PM

What's the full path for this registry value?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nerd0795

nerd0795
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 08:45 PM

ok just a moment I'm controlling someone else's desktop.

#4 nerd0795

nerd0795
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 08:49 PM

Posted Image

Sorry for the long time... it was hard to resize it.

the persons OS is windows XP

Edited by nerd0795, 22 May 2008 - 08:52 PM.


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 22 May 2008 - 08:53 PM

I'd say it's safe to delete.

Of course, you could always create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 nerd0795

nerd0795
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 08:55 PM

O.K i'm deleting them.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:32 PM

Posted 22 May 2008 - 08:58 PM

malwarebytes keeps a good quaratine and allows you to selectively restore

I have seen just a few false positives that are usually corrected in a matter of days and easily fixed by reinstalling an application

nothing about malware removal is foolproof tho
Chewy

No. Try not. Do... or do not. There is no try.

#8 nerd0795

nerd0795
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 09:01 PM

umm... should I allow this?

Posted Image

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:32 PM

Posted 22 May 2008 - 09:10 PM

allow it but unload teatimer when trying to fix a computer, you have SAS loaded also, when doing a scan make sure as many programs are shut down as possible
Chewy

No. Try not. Do... or do not. There is no try.

#10 nerd0795

nerd0795
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 09:13 PM

got another one.

#11 nerd0795

nerd0795
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 09:14 PM

Posted Image
this one safe?

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:32 PM

Posted 22 May 2008 - 09:24 PM

teatimer and mcafee can do as much or more damage than the infection, get a total lock down

I unload both before fighting the infection
Chewy

No. Try not. Do... or do not. There is no try.

#13 nerd0795

nerd0795
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2008 - 09:25 PM

I disabled it... and everything seems good. thank you. I think next time I'll disable it.

Edited by nerd0795, 22 May 2008 - 09:33 PM.


#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 22 May 2008 - 10:16 PM

What Spybot TeaTimer is doing is warning you that the registry is about to be changed. This can be a good thing because it can prevent malware modifying the registry. Unfortunately, Sypbot TeaTimer isn't clever enough to distinguish good registry changes (removing malware) from bad registry changes (getting infected). So you get the warning regardless.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users