Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have annoying popups believe to be malware?


  • Please log in to reply
12 replies to this topic

#1 irishsooner1962

irishsooner1962

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 07 December 2009 - 03:10 PM

first time to discuss and hope to fix a problem or problems.

last 2-3 weeks i have been getting popups either on mozilla firefox or explorer ie8. has to deal with security download offers, registery defender, norton, mcafee, some others. also get google popups on some kind of advertising or news story.

kaspersky av9 does not show anything that i see as of now. it did but might have erased the detected threats. windows defender does show:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pasotolaz

runkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pasotolaz

file:
c:\windows\system32\yaluvufa.dll

that was my suspicion: something to do with yaluvufa! also remember seeing something on vundo.fa and vundo.ml from kav9 last week.

i'm using hp m1270n with windows xp media center sp3. i have also used hijackthis but know not to show the log here. thought it best to start here and not the hijack forum. also trend and not the one described in that forum. thanks for any help

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 07 December 2009 - 03:42 PM

Please download Malwarebytes Anti-Malware (v1.42) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- If Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it here so the research team can investigate.

If you cannot use the Internet or download any required programs to the infected machine, you are going to need access to another computer (family member, friend, library etc) with an Internet connection. Save mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive. If you cannot copy files to your usb drive, make sure its not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe. If that did not work, rename it explorer.exe.
  • Double-click on the renamed file to start the installation.
  • If that still did not work, then try changing the file extension. <- click this link if you do not see the file extension
    If using Windows Vista, refer to these instructions.
  • Right-click on explorer.exe and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on explorer.com (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe and rename it to wuauclt.exe.
  • Double-click on wuauclt.exe to launch the program.
  • If that did not work, then change the .exe extension in the same way as noted above.
  • Double-click on wuauclt.com (or whatever extension you renamed it) to launch the program.
Note: If installation coninues to fail in normal mode, try installing and performing a Quick Scan in "safe mode". Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a safe mode scan, reboot normally, uninstall MBAM, then reinstall it and perform another Quick Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 irishsooner1962

irishsooner1962
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 07 December 2009 - 06:56 PM

thank you for fast reply and will follow what was given as soon i can next few days. i will follow up with the results or ask back if i run into trouble.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 07 December 2009 - 08:21 PM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 irishsooner1962

irishsooner1962
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 December 2009 - 05:42 PM

followed the information given, had no trouble installing and running the app. here is my log file

Malwarebytes' Anti-Malware 1.42
Database version: 3325
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/8/2009 4:32:43 PM
mbam-log-2009-12-08 (16-32-43).txt

Scan type: Quick Scan
Objects scanned: 111815
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bolapuno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hafurive.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hizupoye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nugedoka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\panasoba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pufikere.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puyekebi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tiyebuki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wupudihi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zojoludi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

knew that vundo was the big thing but didn't know the rest. wonder when it is good to do a full scan and not quick scan? also should i have kaspersky av9 and defender on the computer or would kaspersky be fine alone. also i sure mbam should stay on the pc and scan from time to time? :thumbsup:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 08 December 2009 - 06:09 PM

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

should i have kaspersky av9 and defender on the computer or would kaspersky be fine alone.

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

As a general rule, using more than one anti-spyware program like Malwarebytes' Anti-Malware, SuperAntispyware, Spybot S&D, Ad-Aware, etc will not conflict with each other or your anti-virus if using them as stand-alone scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware. However, if using any of their real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc) together at the same time, there can be conflicts when each application tries to compete for resources and exclusive rights to perform an action. Additionally, competing tools may even provide redundant alerts which can be annoying and/or confusing.

I recommend taking advantage of the Malwarebytes Anti-Malware Protection Module which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology monitors every process and stops malicious processes before they can infect your computer. Enabling the Protection Module feature requires reqistration and purchase of a license key that includes free lifetime upgrades and support. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 irishsooner1962

irishsooner1962
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2009 - 06:13 PM

this is my result from the help i received:

Malwarebytes' Anti-Malware 1.42
Database version: 3334
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/9/2009 5:07:24 PM
mbam-log-2009-12-09 (17-07-24).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 269178
Time elapsed: 50 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

getting ready to go on to the next advice.

#8 irishsooner1962

irishsooner1962
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 December 2009 - 08:39 PM

ran norman malware cleaner and it detected kaspersky av9.exe was infected with w32/greybird.alqv and deleted. now i don't have anti-virus running since the exe is gone so i guess i should remove and reinstall my anti-virus software? actually here is the log:

Norman Malware Cleaner
Version 1.5.0.5
Copyright © 1990 - 2009, Norman ASA. Built 2009/12/09 03:41:46

Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/12/09 03:41:46, Variants: 4474713

Scan started: 09/12/2009 17:32:46

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 3
Logged on user: ROBERTJMSCOMPUT\Owner

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "c:\windows\system32\yaluvufa.dll" -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop -> NoChangingWallPaper = 0x00000000
Changed service configuration for "Browser" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF
Failed to start service "Browser" (0x0000042C)


Scanning running processes and process memory...

Number of processes/threads found: 1084
Number of processes/threads scanned: 1084
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 60s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe (Infected with W32/GrayBird.ALQV)
Deleted file

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Infected with W32/GrayBird.ALQV)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> AVP = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe""
Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:*:Enabled:avp"
Removed registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:*:Enabled:avp"
Removed service: AVP
Deleted file

Scanning: H:\*.*


Running post-scan cleanup routine:

Number of files found: 159553
Number of archives unpacked: 0
Number of files scanned: 159532
Number of files not scanned: 21
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 1h 48m 40s

Edited by irishsooner1962, 09 December 2009 - 08:52 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 09 December 2009 - 10:54 PM

After you reinstall Kaspersky run a full system scan and let me know the results.

You can also remove Norman.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 irishsooner1962

irishsooner1962
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 10 December 2009 - 07:23 PM

this is what was found:12/10/2009 5:58:45 PM Detected: http://www.viruslist.com/en/advisories/37584 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

remember seeing this before i started coming to this site after scanning kav couple weeks back.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 10 December 2009 - 11:35 PM

The link to Viruslist.com opens to a blank page for Vulnerabilities Descriptions.

npswf32.dll is a Shockwave Flash plug-in for web browsers and is legit. Older versions of Adobe Flash Player and Shockwave Player are vulnerable to exploits and should be updated. If not some security programs will detect and alert you to the vulnerability so it can be updated or patched.

Edited by quietman7, 10 December 2009 - 11:37 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 irishsooner1962

irishsooner1962
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 11 December 2009 - 01:10 AM

went and updated flash, remove reader and went with freeware foxit! seems to have more capabilities and less of a system hog. everything is working ok as of now and will run scans from time to time. kept malwarebytes on the system as added protection. i removed windows defender because kav had conflicts when i re-installed kav. i also have ccleaner on the pc and wonder if it is good to have and use? i know registry cleaners can be tricky. thanks for the help throughout the last few days also! :thumbsup:

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 11 December 2009 - 07:15 AM

While CCleaner is safe and useful for removing temporary and junk files, I do not recommend using the built-in registry cleaner unless you have a good understanding of the registry. In fact, I don't recommend using registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users