Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Finds Registry Error but Can't Fix it


  • Please log in to reply
No replies to this topic

#1 UndertakerPOH

UndertakerPOH

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 14 January 2010 - 07:53 PM

Hello all, I'm one of those lurkers who has known about Bleeping Computer for some time, I just never registered.

I am having a problem w/ a friend's computer, I seen that a similar post had been made here and thought I'd try it out.

He downloaded a "Registry Cleaner" & is now infected.

So here's the scoop, I've tried turning System Restore off to resolve this problem without any luck.

The problem is in:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\friendlyname (Trojan.FakeAlert) -> Delete on reboot.

But MBAM won't remove upon reboot.

I have updated MBAM since my last log and am currently scanning the pc so I don't have an up to date log as of 1/14/2010.

I will post one tomorrow if needed.

I wondered about backing up the registry and physically removing this bugger or if there is a more simple solution.

I did get this information on the infection:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,05,00,00,ce,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,f4,01,00,00,f4,01,\
00,00,02,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,f4,01,00,00,f4,01,\
00,00,01,00,00,00


Thank you for your help & time.

(If MBAM gets done scanning before I leave his home, I'll post the updated log, I am a member at another help forum and have this posted there for as well)

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users