1 reply to this topic

[buddha]

im after some help and advice from the members of the forum

ive been using malwarebytes for quite a while now and need some advice on the removal of positives from my system

i have 2 infected keys in my registry that i cant remove via either malware bytes or reg edit as on re-boot the threat is still their?

below ive placed the infected keys any help would be much appreciated!


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.


i look forward to hearing from anyone who can shed light on this matter

thanks in advance

best wishes leigh

[Katana]

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

• Please Read All Instructions Carefully
  
• If you don't understand something, stop and ask! Don't keep going on.
  
• Please do not run any other tools or scans whilst I am helping you
  
• Failure to reply within 5 days will result in the topic being closed.
  
• Please continue to respond until I give you the "All Clear"
  (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
  
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  
  
• Double click combofix.exe & follow the prompts.
  
  
• When finished, it will produce a log. Please save that log to post in your next reply
  
  
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Quote

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs