Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Riddle me this batman..


  • Please log in to reply
5 replies to this topic

#1 jordannnnnn

jordannnnnn

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:01 PM

Posted 24 November 2009 - 09:36 AM

Alright guys,
I'm back... and once again I need YOUR help.

THINGS I THINK YOU SHOULD KNOW:
-I'm currently using XP
-I've mainly been using Malwarebytes, SuperAntiSpyware, & Sygate Personal Firewall
-I also have Command Antivirus, Spybot, & AdAware.
***I know that's wayyyy too many. I don't even have anything to steal, but I don't want a virus turning my computer into poo.***


THE PROBLEM I NEED HELP WITH:
Aside from your advice on which free antivirus/spyware/malware tools to keep,

I would like to know why I seem to be having no problems with anything on my computer,
yet every so often Malwarebytes has been detecting & removing Rogue.AntiVirus from my computer.
SHOWS UP AS:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus (Rogue.AntiVirus) -> Quarantined and deleted successfully.


**I have all 4 reference #'s from the quarantine section from each day MBAM found it if that helps.**

I would really like to know what this is, where this keeps coming from, and how to stop it!
Any help would be GREATLY APPRECIATED!!!

THANKS!
:thumbsup:

Edit: Moved topic from XP to the more appropriate forum and added a topic descriptor. ~ Animal

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:01 PM

Posted 24 November 2009 - 10:04 AM

Re software: I would ditch Ad-Aware for sure...I don't like to stray from known effective AV programs either, but that's a personal bias.

Before I jumped to conclusions about any entries which are being deleted by a protective program...I would take a little trip to the registry...and actually verify that there is a reg entry for said malware item.

I don't find anything about rogue.antivirus as a specific malware item. I don't claim to understand the Malwarebytes logs/reports, but...a looki in your registry should shed some light.

I would also ask...if you were using XP's System Restore when you had your malware problems.

Louis

#3 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:02:01 PM

Posted 24 November 2009 - 10:12 AM

From what I have seen in the past, HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus (Rogue.AntiVirus) could be a part of Antivirus 2008 or 2009.

For the sake of you and your computer, my advice would be, have a look here, update your Malwarebytes and scan again, and if anything still shows in the scan logs, post in the Am I Infected forum with your results. Someone will surely be able to point you in the proper direction.

Hope this helps,
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#4 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 24 November 2009 - 01:01 PM

Since it's coming up repeatedly, it could be a false positive or an error at their end. If so, you're not the only one with this issue and it might be worth your time to look at the Malware Bytes forums. I had a very similar problem with Super Anti Spyware and it was an error at their end.

#5 jordannnnnn

jordannnnnn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:01 PM

Posted 26 November 2009 - 08:37 AM

Also,
I think you should know...

-Malwarebytes doesn't always detect it.
-Sometimes it will be there, MBAM will quarantine and "remove it".
-Other times it tells me no malicious threats were detected..
-Id say less then 1/3 of the time i scan it shows up. But when it does, its always that same one. But for some reason MBAM has given it a different reference number each time.

I have NO idea where it keeps coming from.
Infact, I just did a scan again, and BOOM!, MBAM found it again.



In response to hamluis's post about the registry,
what exactly would you need to determine whats there?

***Also, Is there anything else you would recommend using other then Malwarebytes, SuperAntiSpyware, Sygate Personal Firewall, Spybot, & Command??

Edited by jordannnnnn, 26 November 2009 - 09:41 AM.


#6 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 27 November 2009 - 12:46 PM

Get spywareblaster. The download link is in my signature. It stops threats from entering your system in the first place. It is not an active running program, you just run it and download the updates for it every week or so.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users