Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes flagged registry keys/data


  • Please log in to reply
2 replies to this topic

#1 jedidummy

jedidummy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 21 March 2009 - 12:42 PM

Hi, first time user of Malwarebytes. During my scan I found 1 registry key belonging to Worm.SDbot which I looked up and deleted because it looked obvious its a worm according to reviews. Also in those same reviews this worm was said to make other changes to registry which bring me to my next question.

Malwarebytes found 3 other registry data which it flagged and here are they:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

My question is should I remove them? The weird part is I'm running sp1 and I dont even have a security center as far as I know. Also I have automatic updates turned off, could this be the reason it shows up in registry as disabled?

Normally I would delete them but I've read quite a bit of the horror stories regarding malware and the registry, how they can take down the system with it or false positives that end up cripling the OS like recent example with superantispyware.

So I'm taking the catious route, whats your advice?

And another thing, I just finished complete scan with Malwarebytes and thats the only issues I'm getting, in the registry, no other malware anywhere. Does this mean these registry keys/data are leftovers of a previous infection that was cleaned? Or are they the infection itself? Thanks.

Edited by jedidummy, 21 March 2009 - 12:47 PM.


BC AdBot (Login to Remove)

 


#2 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 21 March 2009 - 02:24 PM

May one suggest you

1)fully update the Malwarebytes program ,
2) run another quick scan,

3) post the FULL reports from the original scan and the new scan for someone to check out for you ?

That way helpers can get a better overview of what may be going on ( or not) on the computer and advise accordingly :thumbsup:

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:02 AM

Posted 21 March 2009 - 02:39 PM

Older infections like Worm.SDbot are more likely without sp2 and/or sp3.

This one does change/disaable the security settings in the registry

[HKLM\SOFTWARE\Microsoft\Security Center]
New value:
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001


http://www.avira.com/en/threats/section/fu...t.40448.22.html
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users