Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Legitimate Software or Malware?


  • Please log in to reply
6 replies to this topic

#1 CLWICLWOI

CLWICLWOI

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 06 February 2010 - 12:43 AM

I am running Windows XP SP2 on an HP 630 media center computer, about 5 years old; I have kept it updated on a regular basis. I have used Norton Antivirus and Internet Security (updated each year) since Day 1 on this computer, and have used SpyBot Search and Destroy regularly as well. Recently, I have noted a marked slowdown with several functions. Again, I ran SpyBot S&D, and also AdAware, and fixed everything these programs found.

This evening, I decided to check the Registry for anything that obviously didn't belong. I made a list of all software with which I was unfamiliar found in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE, then looked up each with Google. I was able to eliminate all but five entries as being used by legitimate software on my computer, but I am hesitant to eliminate ANYTHING from the registry until I'm absolutely certain that they're malware. The entries in question are:

from HKEY_CURRENT_USER Software:
Leadertech - PowerRegister - not sure if this is Adware or not
ORL - VNCHooks - this one I'm pretty sure is malware from what I read

from HKEY_LOCAL_MACHINE Software:
58f - nothing found on this
COft5Y - nothing found on this
Motive - Acme - this program is found on my C drive under Documents and Settings/All Users/Application Data. From my own reading, I'm not sure if this is a friendly keylogger (I have used remote support chat from Symantec/Norton on one occasion), a bad keylogger, or just plain malware.

If these five items were found in your Registry, would you keep them, or blow them away? Thank you in advance for any advice you can offer!

MAD in IA

BC AdBot (Login to Remove)

 


#2 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:05:27 PM

Posted 06 February 2010 - 08:11 AM

Wise move not fooling with registry. I would run Super Anti Spyware and Malwarebytes Anti Malware. IMHO these two will do a better job. Both are use by many on this site. I noticed you are still using SP-2, I would recommend after your sure you have a clean system installing SP-3 from M/S. It has a lot of security items in it. It is a large update so make sure you have enough hard drive. Once all that is done I would defragg.

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,106 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:27 PM

Posted 06 February 2010 - 09:44 AM

It's impossible to tell...if some some items in the registry are not the result of HP installation.

When I look in the software keys in the registry...I know what I have installed and I know what I've uninstalled. So I delete the values relative to known uninstalls.

On items I'm not sure of...I double-check against the Web.

Various items are installed which do not necessarily directly correlate with the known name of the program or the listed vendor.

Louis

#4 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:05:27 PM

Posted 06 February 2010 - 06:52 PM

Believe me I can't help you with your registry. If I was me I would run the programs I have posted along with the other security you have and if they find something and clean it up I would not blow any (delete) thing from the registry.

#5 44guy

44guy

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 06 February 2010 - 07:46 PM

Good post I have also been puzzled by registry entries. Best left alone I guess.

Will you recognizable old times of Bleeping please recommend some legitimate, good anti spyware to me?
I got rid of Adware which apparently carried trugan spy ware with it.

44 guy

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,106 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:27 PM

Posted 06 February 2010 - 08:53 PM

SUPERAntiSpyware and Malwarebytes are both reliable programs.

Louis

#7 44guy

44guy

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 07 February 2010 - 08:47 AM

SUPERAntiSpyware and Malwarebytes are both reliable programs.

Louis


Thank you Louis, As usual, you are very helpful and I trust your expertise.

44 guy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users