MadnessMethod

Malwarebytes Confers Mal-free Satus to my PC! Me not so sure

5 posts in this topic

 My PC running Windows XP/SvcPak3 has been acting very strange for several days now. I attributed it to adding a lot of new programs, deleting a lot of old programs, trying to add new hardware devices, etc. But what really took the cake was: after booting up and coming into Windows, any Window--no matter which program--with a vert or horiz scrollbar would start going crazy! Even the little slider bars would bounce around. Back and forth, up and down! I thought, I have used Malwarebytes for free with success often enough, that it is worth paying for. As I tried to make the purchase online, the Language dropdown was spinning so wildly up and down that I had the darndest time picking English!!!

 

 

Anyway, Malwarebytes software does not find anything wrong, but I do not believe it, and have continued to follow my intution as a computer user for many years, and knowing this old machine of mine in particular. So I have been doing more research and investigation, using Task Mgr and Process Explorer a lot. Just now I wondered why explorer.exe was shown running as a background service in Process Expolorer, but not showing as running in the Task Manager.

 

One thing led to another, and I decided to go through my PC's registry line by line to see if anything looked odd. This is the first time in my life I have ever done this hehe! So forgive me if I don't even know how to talk about the registry. But I recognize when something seems potentially odd.

 

So I've been going line by line, opening each folder. When I found the following,  I was spurred to become a member here at the forum:

 

HKEY_LOCAL_MACHINE\SOFTWARE|Classes|bfc\ShellNew\Config 

 

Then inside of the Config folder are 2 items, along with a description and some data for each item:

 

The first item is (Default), Reg_SZ, and for Data, it says (value not set). The second is Command, REG_EXPAND_SZ, and the Data assigned to this item is a string of characters, shown below (the dashes at the start and end of the string are mine added):

 

------%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\syncui.dll,Briefcase_Create %2!d! %1---------

 

Anyway, I thought this looked oddly different from what I had seen up to that point, so I did another flash scan with Malwarebytes, which turned up nothing. I did some searching around the Web, and decided to join this forum to query  users who are surely more computer sophisticated than I. What do you all think?

 

Now I have to continue on through the registry, but need to get ready and go to work soon, too! Any thoughts on what I found?  Is it something odd, or not? If so, why didn'y my new software find this?

 

Thanks for any help and input you may offer!!

 

 

 

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Hello and welcome, MethodMadness: :)
 
Short answer: no one single security program -- not even Malwarebytes Anti-Malware -- can possibly by itself provide 100% protection against all the many, ever-changing malware variants out in the wild.  That's why it's important to have a layered approach to computer security and to practice safe computing practices.  Moreover, today's malware is quite sophisticated and can hide very deep in the system, making detection and removal challenging.
 
Having said that, the experts will need a bit of info about your system in order to best assist you with sorting this out. :)
Please follow the instructions below and post back here with both logs attached to your next reply.
In the interim, I would respectfully suggest that you wait for expert help with editing the registry, as doing so can damage the OS.
 
OTOH, if you think you are infected, then the fastest way to get help is to follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.
A qualified helper will guide you through the cleanup process, either in the malware removal section of the forum, or at the help desk.
 
Thanks!
 
daledoc1
-------------------------------

DDS Instructions

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  •  
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please attach both of the following logs to your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Share this post


Link to post
Share on other sites

Thanks for the extremely quick response, I appreciate it. I am old enough to remember when the Registry did not even have a GUI interface, and was inspected using a DOS command. Thanks for the advice to not modify my Registry without expert advice--I certainly have no intentions of doing so!

 

Be back soon with the info!

Share this post


Link to post
Share on other sites

Hi:

 

OK, thanks for the update. :)

 

Quick note: We don't work on malware diagnostics/removal in this sub-section of the forum. So, if you think you might be infected, please follow the advice in my previous reply, so that you can get expert help most efficiently in the correct section of the forum (or at the help desk). :)

 

Kind regards,

 

daledoc1

Share this post


Link to post
Share on other sites

Thanks for the extremely quick response, I appreciate it. I am old enough to remember when the Registry did not even have a GUI interface, and was inspected using a DOS command. Thanks for the advice to not modify my Registry without expert advice--I certainly have no intentions of doing so!

 

Be back soon with the info!

 

Win3.1x and below used INI files, not a Registry, to store information about applications and application parameters and states.

 

Win95 and above used the Registry and it did provide Regedit (a GUI based utility) to peek and poke the Registry.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.