Search the Community

Showing results for tags 'malware.trace'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • News and Announcements
    • SUPERAntiSpyware Blogs
  • SUPERAntiSpyware Free Edition and SUPERAntiSpyware Professional
    • Frequently Asked Questions
    • General Questions
    • SUPERAntiSpyware Centrally Managed Solution
    • Marketing and Promotion
    • Suggestions
    • False Positives
  • Malware Removal
    • Malware Removal Discussion
    • Malware Diagnosis and Help
  • SUPERAdBlocker
  • SUPERAntiSpyware Pre-Release
  • Other
    • Off Topic

Found 2 results

  1. Hi, I have found Malware.Trace in my recent scans. I had it removed once, but now I see it again. I am posting a copy of the log below. When I open Regedit to see if I can figure out what it is from the registry, I cannot find the line to WINLOGON SHELL (because I cannot find the string listed between the "{ }'s" in the SAS log) in HKU\S-1-5-21-1025616775-32965946-2427245248-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL ...but I can find WINLOGON SHELL under HKU\S-1-5-21-1025616775-32965946-2427245248-1008\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL .No other program I use (NIS, Malwarebytes, CCleaner) is picking this up. Could this be a false positive? SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/16/2014 at 11:56 AM Application Version : 6.0.1158 Database Version : 11560 Scan type : Complete Scan Total Scan Time : 01:32:15 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 632 Memory threats detected : 0 Registry items scanned : 89028 Registry threats detected : 1 File items scanned : 92999 File threats detected : 9 Malware.Trace (x86) HKU\S-1-5-21-1025616775-32965946-2427245248-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL Adware.Tracking Cookie .doubleclick.net [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] .liveperson.net [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] .advertising.com [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] .advertising.com [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] .ru4.com [ C:\USERS\DALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1FAGKFQX.DEFAULT-1411659007127\COOKIES.SQLITE ] secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CNP8W3UV ] ============ End of Log ============
  2. I've seen ALOT of discussion online about whether this registry entry is likely to be malware or a false positive, and I can't find where any single person has ever gotten a straight answer, anywhere; not on this forum, and not on any other forum, particularly the Malwarebytes forum where noone ever gets a straight answer anyway. . If I don't get one, I'll be giving SuperAntiSpyware bad reviews all over the place. That's an actual straight answer. I am cleaning up my brother's computer, and I don't want for instance to be removing his actual registry entry that works the Windows logon shell! I do NOT think so. Alot of people are reporting that no other antimalware ever finds this malware.trace registry key, and when other scans do find it, they find alot more wrong besides. SuperAntiSpyware is notorious for false positives, so I hardly want to go deleting what only this program finds without specific reason to do so - especially when the tech forums are full of people who aren't convinced it is malware. One person reported that when he removed it, and some other stuff, his computer stopped functioning, which one might expect to happen if one removed the Windows logon shell. Here is the key. Malware.Trace HKU\S-1-5-21-1499385294-1294109063-3957283044-100\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL I'm finding this line all over the internet, with different numbers after 1-5-21 - just noone has ever gotten a straight answer on whether it's real or a false positive. How specifically would one recognize valid Windows registry Logon shell entries?