Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should I delete these entries from registry?


  • This topic is locked This topic is locked
No replies to this topic

#1 villandra

villandra

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 08 January 2012 - 07:37 PM

My computer was infected with Trojan.Win32.FakeAV.oq(v).

Now I selectively can't get the Malabytes Anti-Malaware (MBAM) service to install - it does not appear in services.msc nor in the services tab of msconfig. I have done everything Malabytes' instructions say to do several times.

Here is what remains in my registry after the latest round of uninstalling and running Malabytes' MBAM cleaner, which allegedly removes every trace of the program from your computer. It didn't even remove all the files.

I need to know what thse mean and whether to remove them. MBAM is not currently installed on my system. I need it clean of whatever may be blocking it from installing properly in order to reinstall and run it. Googling LEGACY_MBAMSERVICE led me to a closed discussion on this forum, so apparently there are people here who would know the answer, though unfortunately I did get the idea it might not have been the experts on the forum who finally dug up the answer.

HKEY_LOCAL_MACHINE
System
Control Set 002 (after folder for Control Set 001 w/ + in front of it)
Enum
Root

LEGACY_MBAMCHAMELEON Default REG_SZ (value not set)
NextInstance REG_DWORD 0x00000001 (1)

0000 (Default) REG_SZ (value not set)
Class " LegacyDriver
ClassGUID " {BECCO55D-047F-11D1-AS37-0000F8753ED1}
ConfigFlags REG_DWORD 0x00000000 (0)
Device Desc REG_SZ mbamchameleon
Legacy REG_DWORD 0x00000001 (1)
Service REG_SZ mbamchameleon


LEGACY_MBAMPROTECTOR {Default} REG_SZ (value not set)
NextInstance REG_DWORD 0x00000001(1)

0000 - values the same as above except MBAMProtector instead of mbamchamelon

LEGACY_MBAMSERVICE same values as above.

0000 same values as above except MBAMService

LEGACY_MBAMSWISSARMY same values as above. 0x00000001 (1)





ControlSet003 - the same entries.

CurrentControlSet the same entries.



HKEY_USERS
5-1-5-21-4 long series numbers and dashes
Softare
Microsoft
Windows
Current Version
Applets
Regedit
{Default} REG_SZ (value not set)
FindFlags REG_DWORD 0x0000000e (14)
LastKey REG_SZ My computer]HKEY_LOCALMACHINE]SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShExt
View REG_BINARY 2c long strings of numbers. /f, ae, et.

HKEY_CURRENT_USERS
everything above except the line 5-1-5-21 etc.

----------------------------------------

There was also this value, which I removed; it referrs to a file that is no longer in E:\Program Files.

HKEY_CURRENT_USER
Software
Microsoft
Windows
ShellNoRoam/ MUI Cache
E:\ Program Files\REG_SZ Malabytes Anti-Malware

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users