Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Registry settings in Antivirus XP Manual Removal Guide

  • Please log in to reply
1 reply to this topic

#1 Heywogr


  • Members
  • 3 posts
  • Local time:01:23 PM

Posted 26 April 2010 - 07:12 AM


Am hoping this will be a quick one.

I had computer running XP infected with Antivirus XP malware. I ran the regfix and MBAM scans from below guide:


And appears to have cleared. However, I had previously removed Antivirus Soft malware a day before then was reinfected with Antivirus XP, so to double check removal I went through manual removal steps in above link. All is removed, except the registry settings in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

both exist. Should these be set to 0 as they may allow re-over-ride of AV and Firewall?

BC AdBot (Login to Remove)


#2 Heywogr

  • Topic Starter

  • Members
  • 3 posts
  • Local time:01:23 PM

Posted 26 April 2010 - 07:28 AM


Checking Manual removal for reg entries for Antivirus Soft too (just thought I'd check)
from http://www.bleepingcomputer.com/virus-remo...-antivirus-soft

and the following reg entries are still showing:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

Should I be concerned with any of these?/What should the values be?

Edited by elise025, 26 April 2010 - 08:14 AM.
Moving this topic from Antivirus, Firewall ... forum to Am I Infected forum ~ Elise

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users