Author Topic: registry problem (Read 9885 times)

krypton · « **on:** August 26, 2010, 07:06:22 AM »

hello

i buy new laptop with windows xp and i scan for viruses and i not get any virus in scanning. i scan with mbam and i got 3 infeced files.

wat i do. see this mbam file. thnks

Pondus · « **Reply #1 on:** August 26, 2010, 07:27:46 AM »

it is only registry trace. update MBAM scan again and click remove selected button to quarantine

krypton · « **Reply #2 on:** August 26, 2010, 07:36:37 AM »

i tried to remove it but it goes in quarantine. and then i thought if i remove any file from registry then may be my pc will give error anytime in future. so i again restore them all.

can u tell me if i delete those registry infected files then is this ok?

mikaelrask · « **Reply #3 on:** August 26, 2010, 08:01:47 AM »

it will be okey to let malwarebytes remove them because it first makes a back up on the file in its quarantine and then remove it. if it should turn out to be an false threat you can easily restore the file from the quarantine option in malwarebytes antimalware.

SafeSurf · « **Reply #4 on:** August 26, 2010, 09:25:59 AM »

krypton,

The MBAM scan you just did was only a Quick Scan. Ironically, it looks very similar to the one you had on 8/22/2010, which was a full scan and had the same problems but also identified a Trojan as well in this previous thread: http://forum.avast.com/index.php?topic=63076.15. Is this a new machine or the same machine? If you bought a new machine, why did it only come with XP SP2 instead of XP SP3?

I also suggest you update MBAM and run a FULL scan. Thank you.

krypton · « **Reply #5 on:** August 26, 2010, 12:02:16 PM »

Quote from: SafeSurf on August 26, 2010, 09:25:59 AM

krypton,

The MBAM scan you just did was only a Quick Scan. Ironically, it looks very similar to the one you had on 8/22/2010, which was a full scan and had the same problems but also identified a Trojan as well in this previous thread: http://forum.avast.com/index.php?topic=63076.15. Is this a new machine or the same machine? If you bought a new machine, why did it only come with XP SP2 instead of XP SP3?

I also suggest you update MBAM and run a FULL scan. Thank you.

hey there

yes i bought new laptop. i have desktop also as my last topic i said.

i updated mbam today and then i scan. then also infected registry shown.i done full scan. see file plz.wat i do. can i move them in qurantine? and then i delete those files from quarantine. is those infected files are important or can make problem in future if i delete them from qurantine?

Pondus · « **Reply #6 on:** August 26, 2010, 12:18:36 PM »

you move them to quarantine and let them stay there for 30 days, if the machine works okay then you can delete form quarantine
that is why you should never delete, always move to quarantine first

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

krypton · « **Reply #7 on:** August 26, 2010, 12:30:14 PM »

if i move them into quarantine. then also it performs its work or it get useless?

if mbam shows false postive and if i move important file which is important for my pc to get work then how my pc will work if i move those files in qurantine?

superhacker · « **Reply #8 on:** August 26, 2010, 02:27:47 PM »

Pondus,SafeSurf,mikaelrask,and krypton:
May be no one of you read the log"sorry to say that"the infected items are just bad policies to disable security center and mbam will not remove any thing it will set new clean values(0=>1,1=>0)

DavidR · « **Reply #9 on:** August 26, 2010, 04:46:16 PM »

@ krypton
These all relate to the Windows Security Center (WSC), have you made any changes in there relating to not notifying you about Windows Updates, Firewall and Antivirus not being enabled/running, etc. ?

These settings should by default be set to notify you if any of them are not running/enabled.

If they set 'not to notify you' as these are it could be a pre-emptive measure for malware to try and disable your security so that the WSC doesn't warn you they aren't running/enabled.

As has been said in this case they aren't deleted or moved to quarantine but the values are set their default setting so you are warned if any of the three are nor running/enabled.

superhacker · « **Reply #10 on:** August 26, 2010, 05:22:00 PM »

Quote from: DavidR on August 26, 2010, 04:46:16 PM

@ krypton
These all relate to the Windows Security Center (WSC), have you made any changes in there relating to not notifying you about Windows Updates, Firewall and Antivirus not being enabled/running, etc. ?

These settings should by default be set to notify you if any of them are not running/enabled.

If they set 'not to notify you' as these are it could be a pre-emptive measure for malware to try and disable your security so that the WSC doesn't warn you they aren't running/enabled.

As has been said in this case they aren't deleted or moved to quarantine but the values are set their default setting so you are warned if any of the three are nor running/enabled.

Sorry DavidR to say that but after re-install windows xp mbam always detect those "infected" values so krypton dont do anything that is mbam and default system setting"BUT even before mbam detect those security center is fully working,may be something wrong

"

essexboy · « **Reply #11 on:** August 26, 2010, 05:27:03 PM »

Some firewalls and AV's set those keys automatically - notably Norton - Did your re-install have a trial version AV on it ?

superhacker · « **Reply #12 on:** August 26, 2010, 05:32:34 PM »

Hi essexboy even The Fresh Copy of win xp will lead mbam to detect those registry values and note that security center is fully working

,"I test it my self"

krypton · « **Reply #13 on:** August 26, 2010, 05:51:43 PM »

Quote from: DavidR on August 26, 2010, 04:46:16 PM

@ krypton
These all relate to the Windows Security Center (WSC), have you made any changes in there relating to not notifying you about Windows Updates, Firewall and Antivirus not being enabled/running, etc. ?

These settings should by default be set to notify you if any of them are not running/enabled.

If they set 'not to notify you' as these are it could be a pre-emptive measure for malware to try and disable your security so that the WSC doesn't warn you they aren't running/enabled.

As has been said in this case they aren't deleted or moved to quarantine but the values are set their default setting so you are warned if any of the three are nor running/enabled.

i got msg to put automatic update for my windows.

my firewall in already on

my antivirus also updated.

DavidR · « **Reply #14 on:** August 26, 2010, 06:25:30 PM »

Quote from: superhacker on August 26, 2010, 05:22:00 PM

<snip>
Sorry DavidR to say that but after re-install windows xp mbam always detect those "infected" values so krypton dont do anything that is mbam and default system setting"BUT even before mbam detect those security center is fully working,may be something wrong "

Well I don't know how that can be as the default setting is for WSC to 'notify' rather than disable the notifications.

I don't reinstall my system on a regular basis, and it is around 18 months or so since I got this system with winXP Pro SP3 installed and no changes to the defaults and at that time I will have also installed avast, SAS Pro and MBAM free, yet I never had any alerts from any of them on what was a clean install of XP Pro.

So since then something has changed in MBAM (as I don't think it has in XP) that is mis-identifying this, but even so I can't recall ever having MBAM flag these on this system.

Author Topic: registry problem (Read 9885 times)

krypton

registry problem

Pondus

Re: registry problem

krypton

Re: registry problem

mikaelrask

Re: registry problem

SafeSurf

Re: registry problem

krypton

Re: registry problem

Pondus

Re: registry problem

krypton

Re: registry problem

superhacker

Re: registry problem

DavidR

Re: registry problem

superhacker

Re: registry problem

essexboy

Re: registry problem

superhacker

Re: registry problem

krypton

Re: registry problem

DavidR

Re: registry problem