Jump to content
Sign in to follow this  
Thailand_for_YOU

The Same Registry Threats Detected Time After Time

Recommended Posts

Hello,

I have scanned and quarantined the following threats several times. I was requested to reboot, and after each reboot the same threats were detected again and again.

Here is the log:

--

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 10/19/2009 at 03:20 PM

Application Version : 4.29.1004

Core Rules Database Version : 4172

Trace Rules Database Version: 2093

Scan type : Quick Scan

Total Scan Time : 00:29:25

Memory items scanned : 645

Memory threats detected : 0

Registry items scanned : 599

Registry threats detected : 3

File items scanned : 17743

File threats detected : 0

Adware.Vundo Variant

HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32

HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID

---

Please advise what to do.

Share this post


Link to post
Share on other sites

In the post you're referred to, you wrote: "All indications are that this "may be" a false positive." That well may be, but why it's impossible one and for all to quarantine these threats?

Furthermore, I tried to submit a Customer Service Report (also several times) and every time it failed due some problem with diagnostics - was not able to finish it. The error is as following:

--

Microsoft Visual C++ Runtime Library

Runtime Error!

Program: C:\Program Files\Internet Explorer\iexplore.exe

This application has requested the Runtime to terminate it in an unusual way.

Please contact the application's support team for more information.

--

That's why I decided to turn to the forum.

Still do not know what to do.

Share this post


Link to post
Share on other sites
In the post you're referred to, you wrote: "All indications are that this "may be" a false positive." That well may be, but why it's impossible one and for all to quarantine these threats?

Possible reason 1: These keys are being restored by some program that you have on your system. In other words, SAS quarantines them and they promptly get restored by program X.

Possible reason 2: The keys' security permissions is set to a setting that SAS cannot override. SAS fails to remove them because of their security setting in the registry.

Furthermore, I tried to submit a Customer Service Report (also several times) and every time it failed due some problem with diagnostics - was not able to finish it. The error is as following:

--

Microsoft Visual C++ Runtime Library

Runtime Error!

Program: C:\Program Files\Internet Explorer\iexplore.exe

This application has requested the Runtime to terminate it in an unusual way.

This is typically not a problem on the SAS CSR website, but is a problem with IE8. If you have the Google toolbar in IE8, try removing it via Add or Remove Programs in the Control Panel. This toolbar has been known to cause the above problem. Be sure that IE8 is closed down when you do the removal....and reboot after you do the removal. Then see if you can submit a SAS CSR.

If the above does not work, close down IE8 and go to Control Panel>Internet Options>Advanced tab and RESET the Internet Explorer settings by click on the RESET hot key under "Reset Internet Explorer settings". Confirm and let it reset the settings.

If neither of the above work, reload

Share this post


Link to post
Share on other sites

I performed a scan today - no threats were detected (to my amazement).

In reply to your previous post:

I have no Google Toolbar installed.

I downloaded and repaired Microsoft Visual C++ 2008, as you suggested, but still can't complete diagnostics (same result).

Share this post


Link to post
Share on other sites

In the link below, it describes how to start IE8 without any add-ons running. Start IE8 without any add-ons and see if you can submit a SAS CSR.

http://www.nirmaltv.com/2009/04/28/how- ... t-add-ons/

If you can, then it means that one of the add-ons is causing the problem. It is now just a matter of finding which one.

I suspect that the registry detections were a false positive and SAS corrected it.

Also did you try ?

If the above does not work, close down IE8 and go to Control Panel>Internet Options>Advanced tab and RESET the Internet Explorer settings by click on the RESET hot key under "Reset Internet Explorer settings". Confirm and let it reset the settings.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...