Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found cdoosoft in my registry. Need I worry?


  • Please log in to reply
3 replies to this topic

#1 JayoBayo

JayoBayo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 13 January 2011 - 12:20 PM

My XP computer (2002 Optiplex 260 with Pentium 4 and no graphics card) suddenly changed the screen resolution to very large letters and very strange colors and shadings. When I tried to change the display settings, it would automatically restart. I restored C: to an image from 2 months back and now it looks fine again.

Only problem is that now when I run Malwarebytes scan I had the following registry value infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Value: cdoosoft -> Quarantined and deleted successfully. There was also a startmenulogoff registry setting that malwarebytes flagged, but I'm more worried about cdoosoft.

Everything I hear about cdoosoft is bad. Now I'm worried that the registry key shows that there's spyware hiding on the computer somewhere. Is that a correct assumption?

What's also strange is that Malwarebytes didn't find this problem when I ran it 2 months ago before making the image I've now restored to.

My question is, should I go to the forum where you post logs and get help trying to root out viruses, or if everything's working okay should I just leave it? This computer is part of a small network so I don't want to risk infecting any other computers.

Thanks so much,

Jayobayo

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:35 PM

Posted 13 January 2011 - 12:35 PM

Its probably just an orphan key (remnant) left behind after a prior cleaning. When MBAM looks for malware related registry keys it also looks for any physical files associated with them.

After a security vendor updates its product version or releases an update to definition databases, it is not uncommon for subsequent scans to find detection of items, traces of malware files or remnants of registry entries which had previously gone undetected (not reported) by prior scans long after the initial infection was removed. In that same manner, it is not unusual for a detected threat to no longer be detected during subsequent scans after a database update. This can be attributed to further testing after users have submitted a sample file which is then determined to be false positive and removed from the detection list.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JayoBayo

JayoBayo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 13 January 2011 - 01:53 PM

Wow, thank you for your help. I can relax now.
--JayoBayo

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:35 PM

Posted 13 January 2011 - 02:01 PM

You're welcome. Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users