Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What does this value in registry mean?


  • Please log in to reply
3 replies to this topic

#1 petyper

petyper

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 13 May 2017 - 02:39 AM

Hey guys, I want to ask about the more technical detail on why do I have this value added to my registry and what harm a type like this one can do, also what are shell execution hooks? I recently did a AdwCleaner scan and it found and removed the following:

[-] Value deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER [ENABLESHELLEXECUTEHOOKS]

So if you could give me a short description about it, what does shell execute hooks means, what harm can they do, how hard is to get one on a pc. All that info, would be great!

It also found these two:

[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp

 

Note that I installed Chrome two days ago and I just use it for flash player if needed, mainly a Firefox user.

Thanks!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:45 PM

Posted 13 May 2017 - 11:37 AM

That is Avira's adware...Avira Safesearch....which is actually Ask. Allow AdwCleaner to remove. It may be installed in other browsers

you have, too. Check their extensions.

 

Suggest you run these programs, too.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 petyper

petyper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 13 May 2017 - 04:20 PM

Hey, thank you for the answer!
 

 

 

That is Avira's adware...Avira Safesearch....which is actually Ask. Allow AdwCleaner to remove. It may be installed in other browsers

you have, too. Check their extensions.

 

I just want to ask if this applies also to:

[-] Value deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER [ENABLESHELLEXECUTEHOOKS]

 

Thank you!



#4 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:45 PM

Posted 13 May 2017 - 07:24 PM

It could be....or it could be some other adware. That is why I suggested using the other programs...to remove adware and malware. No one

program finds all. All three of those should take 30 minutes or less to install and run.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users