Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regarding Remove Windows Basic Antivirus (Uninstall Guide)


  • Please log in to reply
3 replies to this topic

#1 erluck53

erluck53

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 28 February 2012 - 01:42 PM

I did the removal as per the instructions, but then I had questions about the following:

1. Regarding the Associated Windows Basic Antivirus Files:

%AppData%\NPSWF32.dll
%AppData%\Protector-<random 3 chars>.exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Basic Antivirus.lnk
%Desktop%\Windows Basic Antivirus .lnk

I only could find %AppData%\result.db and deleted it. None of the others were in the named locations. Does this mean they are no longer there?

2. Regarding the Associated Windows Basic Antivirus Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "levuvuaofd"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-27_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
... and many more Image File Execution Options entries.

What does "... and many more Image File Execution Options entries." mean? Is removing all the above registry entries not a complete fix?

Thanks for any info!

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:18 PM

Posted 28 February 2012 - 10:34 PM

If you followed the steps in the guide, MBAM should have removed most of the files and all of those Image File Execution Options.

The file listings and registry key listings at the bottom are for reference only. No need to search for them.

#3 erluck53

erluck53
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 28 February 2012 - 11:43 PM

Thank you. I appreciate the info. So even if the registry entries exist, I can ignore them? Or is it better to get rid of them completely? The fix you provided seems to have worked so far, although this evening I am noticing the computer is running hotter than usual.

Edited by erluck53, 29 February 2012 - 02:44 AM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:18 PM

Posted 29 February 2012 - 08:29 AM

The computer running hotter would have nothing to do with this infection. I think that is more coincidence than anything else.

I suggest not removing Registry entries unless you 100% know what you are removing is the correct thing. Removing the wrong entries could have a harmful effect on your computer, while leaving those entries in wont affect it at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users