Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro Antispyware 1.8.9 Found Some "threatening" Values But Could Not Delete. Help?


  • Please log in to reply
8 replies to this topic

#1 THUGLIFE-

THUGLIFE-

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 27 February 2006 - 07:19 AM

Hey my nick name in most online games is THUGLIFE- so thought i would stick with this name.

I recently ran a really great program which combines all the great anti-spyware programs out there and bunches them together in one big scan. It is one of the best I have ever used and very simple. The link to the download is:

www.hitmanpro.nl

After i used it, the programs were able to delete all my spware but at the end of the report, hitman said i had some "orphaned" registry values that could be harmful and could not remove them.

Any one here in net land know if these are indeed harmful and how i could remove these??

Heres the report Hitman generated:

Hitman Pro AntiSpyware 1.8.9
This additional inspection is searching for spyware, viruses, worms and Trojans wich can not (up to now) be found or deleted by the external components.
Legend: certified spyware
found with heuristics
links to spyware

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls is deleted

HKLM\..\Run, ccApp=C:\Program Files\Common Files\Symantec Shared\ccApp.exe is deleted (key is orphan)

HKLM\..\Run, vwrkbml=C:\WINDOWS\vwrkbml.exe is deleted (key is orphan)

HKLM\..\Run, SemanticInsight=C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe is deleted (key is orphan)

HKLM\..\Run, ALUAlert=C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE is deleted (key is orphan)

HKCU\..\Run, tbon=C:\Program Files\TBONBin\tbon.exe is deleted (key is orphan)

HKLM\..\Run, Desksite CMA=C:\Program Files\desksite\bin\cma.exe is deleted (key is orphan)

HKLM\..\Run, KAVPersonal50=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe is deleted (key is orphan)


BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:23 AM

Posted 27 February 2006 - 08:27 AM

You can do a lot of damage to your op system messing with the registry. Unless you know exactly what you are doing and back up the registry before you make any changes at all, you are asking for trouble.

Orphaned pieces of aps in the registry are not as dangerous as altering something that should not be altered. Be careful and learn about the registry before you use anything that alters it.

The best way to keep the registry clean is to not keep adding and deleting programs unnecessarily.

Looks like you deleted several Samantic aps and a Kaspersky ap.

What AV program do you have resident and running now? I hope one!

#3 THUGLIFE-

THUGLIFE-
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 27 February 2006 - 08:30 AM

I am running NOD32

I made sure to install it asap after my Norton was days away from expiration. And i unhooked the internet connection before installing NOD 32

#4 THUGLIFE-

THUGLIFE-
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 27 February 2006 - 08:31 AM

Thanks Enthusiast. Another quick question though. Does anyone know what the "Isdeleted" value means at the end? Does that mean the corresponding program for those values have been deleted?

#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:23 AM

Posted 27 February 2006 - 08:50 AM

At the end of the registry cleaner - is deleted means the "orphaned" entries were deleted, not necessarilly the programs.

You delete the programs using add/remove programs (first choice) or the seperate uninstallers in the programs themselves (if they are not in add/delete in the control panel which you should do first before using a registry cleaner.

Registry cleaners can make errors, and you should be capable of fixing mistakes they can make before using them - like restoring the registry.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:23 PM

Posted 27 February 2006 - 09:54 AM

A small note.... be carefull with Hitman Pro. It already caused a lot of damage on other systems and the different apps it installs with it are not always up to date.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 THUGLIFE-

THUGLIFE-
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 28 February 2006 - 03:54 AM

Thanks a lot guys and good info to know miekiemoes about Hitman Pro. I had no idea it could be harmful due to the scanners it installs

#8 THUGLIFE-

THUGLIFE-
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 28 February 2006 - 03:58 AM

One final question.

i did check all the corresponding programss to the keys that can not be deleted and all the programs are uninstalled so what is your final suggestion. Ignore those registry keys or whats my best option? Anyone know a site or something I can check to find out if any of those exact keys are harmful? Thats my biggest worry. I want to make sure none of those keys are specifically calling up any malware or spyware to my PC.

Cheers ! :thumbsup: :flowers: :trumpet:

Sincerely, Mr.Freezing in Canada

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:23 PM

Posted 28 February 2006 - 07:32 AM

So, as I understand in here, Hitman Pro doesn't delete those keys?
It says some entries are orphaned entries. Some are related to malware, others are legit. So to be sure if those legit entries are really orphaned, I want you to check if next files still exists:

C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\desksite\bin\cma.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe

Let me know in your next reply.
If those entries return all the time in Hitman Pro, also let me know, then I will create a regfix for you to delete those entries.

Edited by miekiemoes, 28 February 2006 - 07:32 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users