Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

regedit.log virus???


  • Please log in to reply
5 replies to this topic

#1 KendamaLover123

KendamaLover123

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 04 September 2016 - 10:11 AM

I just scanned my pc (new) and i downloaded malwarebytes, and it said i have a virus named regedit.log and im not sure if i want to delete regedit.log?? bcuz it says regedit..


Edited by KendamaLover123, 04 September 2016 - 10:12 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:56 AM

Posted 04 September 2016 - 11:49 AM

Welcome to BC...

You can visit the MBAM forum for further info. I did and saw one topic reporting similar to this and it was a false positive.

Trojan.Agent.Trace in regedit.log - possible false positive? - File Detections - Malwarebytes Forums

 

You can submit the file to VirusTotal - Free Online Virus and Malware Scan that will scan the file using more than 50 security programs.

 

Since you have a new computer and new ones most often come bundled with adware, I suggest you run scans using the programs below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 KendamaLover123

KendamaLover123
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 05 September 2016 - 04:45 AM

Heres the VirusTotal scan: https://www.virustotal.com/en/file/fd1490528bb4af472f09817f3d5ec6b0dd4919c1d8b26f24bf546cb188158640/analysis/1473067586/

 

AdwCleaner scan:

 



***** [ Services ] *****

Service Found:  Amazon 1Button App Service


***** [ Folders ] *****

Folder Found:  C:\Users\me\AppData\Local\Host App Service
Folder Found:  C:\Program Files\Booking.com
Folder Found:  C:\Program Files\DriverSetupUtility
Folder Found:  C:\ProgramData\DriverSetupUtility
Folder Found:  C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Folder Found:  C:\Users\me\AppData\Local\Host App Service


***** [ Files ] *****

File Found:  C:\Users\me\Desktop\App Explorer.lnk
File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
File Found:  C:\Users\me\Desktop\App Explorer.lnk


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  App Explorer
Task Found:  ACC
Task Found:  Software Update Application


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
Key Found:  HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
Key Found:  HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Key Found:  HKU\S-1-5-21-2490639554-3381522099-1889184480-1001\Software\Host App Service
Key Found:  HKU\S-1-5-21-2490639554-3381522099-1889184480-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  HKU\S-1-5-21-2490639554-3381522099-1889184480-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Host App Service
Key Found:  HKU\S-1-5-21-2490639554-3381522099-1889184480-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  HKCU\Software\Host App Service
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found:  HKU\S-1-5-21-2490639554-3381522099-1889184480-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found:  HKU\S-1-5-21-2490639554-3381522099-1889184480-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Key Found:  HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************


 



#4 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:56 AM

Posted 05 September 2016 - 05:26 AM

I think you can be confident that what MBAM found is a false positive.

 

Rerun AdwCleaner and be sure to click on Clean when scan finishes. Some junkware and adware found.

 

Be sure to run Junkware Removal Tool, too.


Edited by buddy215, 05 September 2016 - 05:27 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 KendamaLover123

KendamaLover123
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 05 September 2016 - 07:50 AM

I have avast free and if i download JRT do i have to disable avast?

Edited by KendamaLover123, 05 September 2016 - 07:51 AM.


#6 buddy215

buddy215

  • Moderator
  • 13,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:56 AM

Posted 05 September 2016 - 08:06 AM

I would suggest disabling Avast while JRT is scanning. Be sure, of course, to reenable after JRT is finished doing its thing.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users