Jump to content
Sign in to follow this  
arion

identify malware trace help

Recommended Posts

New to superantisypware.com.

With each scan, SASW displays the following line and describes it as Malware Trace.

I need help identifying exactly what it is so as to know what kind of action to take.

Here is the line:

HKU\S-1-5-21-1427607338-3509046766-1038169585-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Is there an online resource where users can positively identify keys?

The only thing that I did read at Microsoft did not sound like malware, but it does identify it code that belongs to XP. Is that a possibility.

What is XP. Is this something different from the old XP operating system?

And, in SASW preferences, it asks if ones wants to use XP graphics or something to that effect.

IS SASW written to operate effectively with WINDOWS 7 which is on the machine in question?

Well, there is more than one question here. If you can help with one or all, your input is appreciated.

Thanks

Share this post


Link to post
Share on other sites

Registry keys like the one you described are shown when a system may have fake processes/shells that are trying to mimic real Microsoft ones.

If you provide us with a OTL log, I can see if your system is infected, and help you remove it/them:

Hello, I will help you remove the fake threats:

Please also download OTL from here.

* Save it to your desktop.

* Double click on the icon on your desktop.

* Click the "Scan All Users" checkbox.

* Push the "Run Scan" button.

* The scan should take just a few minutes.

* Two reports will open (OTL.txt and Extra.txt).

Post both OTL logs. Post each log in separate post.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×