Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Security Shield 2012 Virus - Registry Key Help

  • Please log in to reply
1 reply to this topic

#1 FiShHeAd99


  • Members
  • 3 posts
  • Local time:09:18 PM

Posted 14 June 2012 - 09:52 AM

Hi, I recently caught the Security Shield 2012 virus. I managed to remove the pop-ups and blocking internet access by deleting suspicious folders.

However Malware keeps detecting a trojan registry key -

" HKCU\Software\Microsoft\Windows\CurrentVersion\Run "

Everytime I remove it, it appears again when I rescan after a restart. Hitman Pro and rkill can't detect it, only Malwarebytes. Any advice??

" Malwarebytes Anti-Malware

Database version: v2012.06.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-PC [administrator]

14/06/2012 15:39:40
mbam-log-2012-06-14 (15-39-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228642
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


BC AdBot (Login to Remove)


#2 Aaflac


    Doin' Dis 'n Dat...

  • Malware Response Team
  • 2,307 posts
  • Gender:Not Telling
  • Location:USA
  • Local time:03:18 PM

Posted 16 June 2012 - 11:44 PM

Welcome to the forum, FiShHeAd99!

It should be a false positive from a definition update gone astray. (v2012.6.14.01)

Run MBAM once again.

When MBAM starts, you are asked to update the program. Please do so.

On the Scanner tab:
Make sure the Perform Full Scan option is selected.

When the Scan is completed, a report opens in Notepad.

Please provide the entire contents of the MBAM report in your reply.

Also download RogueKiller

•When you get to the website, go to where it says:
(Download link) Lien de téléchargement: Posted Image
•Click the dark-blue button to download.
•Save to the Desktop

•Close all windows and browsers
•Windows Seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

Edited by Aaflac, 16 June 2012 - 11:46 PM.

Old duck...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users