Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about removing registry values that are associated with antivirus suite


  • Please log in to reply
5 replies to this topic

#1 nugetsnfries

nugetsnfries

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 07 May 2010 - 09:38 PM

HKEY_CURRENT_USER\Software\avsuite
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"


The above are the registry values that I obtained from a guide (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-suite), Malware Bytes did not remove these registry values, since they are associated with antivirus suite, should I remove them myself, or is there a default value that I should set them to?


Unfortunately for me, I did not come across this guide until I self-tangled with the scareware...I manually killed the process tree via task manager on reboot and ran Malware Bytes. It detected 1 infected object each time I ran the scan, I noticed that they were all coming from the same registry folder "avsuite", thus I removed the whole folder. Upon subsequent rescans, antivirus suite seems to be gone, but I'm a bit worried about the above still.

Edited by nugetsnfries, 07 May 2010 - 09:43 PM.


BC AdBot (Login to Remove)

 


#2 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:07:21 AM

Posted 07 May 2010 - 10:56 PM

Hi there, nugetsnfries. :flowers:

:thumbsup: to Bleeping Computer.

I have looked at that tutorial and checked these registry keys myself.

First, backup your registry.
How to back up and restore the registry in Windows XP
Back up the registry in Vista and Windows 7 (use Method One: System Restore)


Now, you can delete all of those keys you listed except this one:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

Change the no to yes.

All the others can be deleted. They are related to the proxy settings set by the malware or settings that it implemented (incorrect settings).

Be careful when deleting them. If you delete the wrong key(s), you will do damage to the registry. If this happens, you can restore the registry from the backup you made earlier (but let's hope we don't have to).

Next, visit this: How did I get infected? :trumpet:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#3 nugetsnfries

nugetsnfries
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 07 May 2010 - 11:03 PM

Thanks for the welcome and the reply :D

And haha, I have no clue how I was infected, I guess I'll have to watch more closely if I just leave my computer idling around...it's never happened before but hey, there's a first time for everything right?

Though, i'm pretty sure it's because of Norton slacking off... :thumbsup:

Edited by nugetsnfries, 07 May 2010 - 11:05 PM.


#4 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:07:21 AM

Posted 07 May 2010 - 11:11 PM

but hey, there's a first time for everything right?


Hehe...well, I've never had my "first time" with an infection, and I'm hoping to keep it that way.

A lot of it depends on good habits: having a good, solid anti-virus (keep it updated and scan frequently!) and firewall, practice safe browsing habits, use a browser other than Internet Explorer (I recommend Firefox), and scan often with on-demand scanners like MBAM and SUPER. Oh, update Windows, too.

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new malware infections appear. Each vendor has its own definition of what constitutes spyware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus provides the most complete protection.

As a general rule, using more than one anti-spyware program like Malwarebytes' Anti-Malware, SuperAntispyware, Spybot S&D, Ad-Aware, etc will not conflict with each other or your anti-virus if using only one of them for real time protection and others as stand-alone scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware. However, if using all their real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc) together at the same time, there can be conflicts when each application tries to compete for resources and exclusive rights to perform an action. Additionally, competing tools may even provide redundant alerts which can be annoying and/or confusing.

Also, I don't recommend Norton for more than a few reasons (case in point here :thumbsup: ).

Avast is better. :flowers:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#5 nugetsnfries

nugetsnfries
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 07 May 2010 - 11:32 PM

Yup, my habits definitely suck :thumbsup:

Unfortunately for me, my school requires Norton to be installed in order to use its network (and along with other things)...its a pain in the ass to get off my system so after the first year, I got lazy and just left my computer with just Norton...what a bad idea that was :flowers:. And get this, every year we have to re-install the school's network settings and a new version of Norton (which, by the way requires the older version to be removed, along with all other antivirus systems...haha....), all in all, guess I should kick myself in the ass and get another antivirus. I normally turn to AVG, but I'll give Avast a try.

....Norton's picking up Trojan Horses from Avast's temp files during avast's scan....shut up Norton >.>;

#6 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:07:21 AM

Posted 09 May 2010 - 02:04 PM

Yup, my habits definitely suck :flowers:

Well, we'll have to do something about that. :thumbsup:

Unfortunately for me, my school requires Norton to be installed in order to use its network (and along with other things)...its a pain in the ass to get off my system so after the first year, I got lazy and just left my computer with just Norton...what a bad idea that was :trumpet:. And get this, every year we have to re-install the school's network settings and a new version of Norton (which, by the way requires the older version to be removed, along with all other antivirus systems...haha....), all in all, guess I should kick myself in the ass and get another antivirus. I normally turn to AVG, but I'll give Avast a try.

....Norton's picking up Trojan Horses from Avast's temp files during avast's scan....shut up Norton >.>;

Well, you shouldn't be running Norton and Avast at the same time. Time for the canned speech:

The primary concern with using more than one anti-virus program is due to conflicts that can arise when both are running in real-time mode simultaneously. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to a "False Positive". If one finds a virus and then the other also finds the same virus, both programs will be competing over exclusive rights on dealing with that virus. Each anti-virus will attempt to remove the offending file and quarantine it. If one finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a virus has been found when that is not the case.

Anti-virus scanners use virus definitions to check for viruses and these can include a fragment of the virus code which may be recognised by other anti-virus programs as the virus itself. Because of this, most anti-virus programs encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. However, some anti-virus vendors do not encrypt their definitions and will trigger false alarms if used while another resident anti-virus program is active.

Further, dual installation is not always possible because some anti-virus programs will detect the presence of others and may insist they be removed prior to installation. To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

Most anti-virus vendors recommend that you install and run only one anti-virus program at a time:
Symantec's statement.
Avast's statement.
AVG's statement.
Dell Support advises the same for their systems.

In contrast, using more than one anti-spyware running in real-time mode simultaneously increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system as what can occur when using more than one anti-virus. Even if your anti-spyware programs are not running in real-time, the overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware.

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new malware infections appear. Each vendor has its own definition of what constitutes spyware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus provides the most complete protection.

As a general rule, using more than one anti-spyware program like Malwarebytes' Anti-Malware, SuperAntispyware, Spybot S&D, Ad-Aware, etc will not conflict with each other or your anti-virus if using only one of them for real time protection and others as stand-alone scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware. However, if using all their real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc) together at the same time, there can be conflicts when each application tries to compete for resources and exclusive rights to perform an action. Additionally, competing tools may even provide redundant alerts which can be annoying and/or confusing.

However, you can over do it with resource heavy programs that will slow down you system performance. Sometimes you just have to experiment to get the right combo for your particular system as there is no universal solution that works for everyone.


Is Norton an absolute requirement for every PC connected to your school's network? My university's network just requires that you keep an up-to-date AV...but you get to pick which one you use. They offer Sophos for free, but I don't like it....hogs resources like Norton, ZERO customization, etc....so I use Avast. :inlove:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users