Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking for more help with possible malware


  • Please log in to reply
9 replies to this topic

#1 rp-57

rp-57

  • Members
  • 469 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:08:02 AM

Posted 20 September 2015 - 03:07 PM

Hello,

 

Recently I ran across something of which I thought is malware after doing some AV scans.

 

and scans detected 2 threats.

 

I asked for help here and boopme replied back to me to download mini tool box and post the reply of which I did that.

 

Then he asked me to use windows tweaking tool box and I did that also.

 

And I just did a scan with emsisoft AV and that has detedcted the same things that I was getting before.

 

And

 

 

I would like for some one to help me with this and let me know how to remove it for good and if there is a

some thing that will remove it for good.

 

I would like a honest opinion and I won't run any programs until I hear on what to do.

 

Thankyou

 

Have a good day.

 

Test result

Emsisoft Anti-Malware - Version 10.
Last update: 9/20/2015 12:14:39 PM
User account: LOIS-PC\Regina

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    9/20/2015 12:25:04 PM
Value: HKEY_USERS\S-1-5-21-571887048-3635618051-2789970995-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-571887048-3635618051-2789970995-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    173450
Found    2

Scan end:    9/20/2015 1:08:11 PM
Scan time:    0:43:07

Value: HKEY_USERS\S-1-5-21-571887048-3635618051-2789970995-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-571887048-3635618051-2789970995-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    2
 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:02 PM

Posted 20 September 2015 - 03:09 PM

Hi there,

The two detections by EAM are policies that will disable Task Manager and Registry Editor if both are set to 1.

They are commonly set by a variety of programs, and can be exploited by malware - which is why Emsisoft products detect and remove them.

#3 rp-57

rp-57
  • Topic Starter

  • Members
  • 469 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:08:02 AM

Posted 20 September 2015 - 03:25 PM

Thankyou for the quick reply,

and I understand what you are saying but the 2 detections was picked up by another av as well.

so how do I get rid of the 2 threats or is there a way at all?



#4 superking75

superking75

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 AM

Posted 20 September 2015 - 03:43 PM

On maleware I use avg free as my primary, and scan with malwarebites once a week as my secondary.



#5 rp-57

rp-57
  • Topic Starter

  • Members
  • 469 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:08:02 AM

Posted 20 September 2015 - 03:48 PM

Funny because I already use AVG and Malwarebytes to.



#6 superking75

superking75

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 AM

Posted 20 September 2015 - 03:57 PM

oh



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:02 PM

Posted 20 September 2015 - 04:00 PM

Is your copy of EAM free or paid?

You can choose to quarantine or delete these policies, no harm in doing either.

#8 rp-57

rp-57
  • Topic Starter

  • Members
  • 469 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:08:02 AM

Posted 20 September 2015 - 04:11 PM

EAM I used it for a Free scan from bleeping.

I did quarantine the detections with EAM.

 

But I want to keep them off for good and I keep asking the same question here but I don't get much help on how to get rid of the detections other than quarantine and when I do that the detections come right back.



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:02 PM

Posted 20 September 2015 - 04:24 PM

Since the policies can be set by multiple programs, I wouldn't worry about it too much.

What happens if you choose to delete the detections rather than quarantine?

#10 rp-57

rp-57
  • Topic Starter

  • Members
  • 469 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:08:02 AM

Posted 20 September 2015 - 04:26 PM

Doesn't matter if I delete or quarantine the threats come back even if I use adwcleaner.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users