rjzdanis Report post Posted May 24, 2016 Hi all. After removing a registry threat and rebooting, the same threat reappears (see below for detail). I have noticed that just as SAS prompts me with the success and reboot message, I also get a message from Avira indicating that it has blocked my registry. I'm inclined to think that Avira is actually preventing SAS from completely removing the offending registry entry. Do you have any suggestions? Thank you. Robert Malware.Trace (x86) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL Share this post Link to post Share on other sites
SAS Malware Research Report post Posted May 25, 2016 Hello rjzdanis, I would like you to submit a support ticket so we can get some more information about this detection. Gabe Burch Share this post Link to post Share on other sites
One_II_Coding Report post Posted January 6, 2017 On 24/05/2016 at 2:34 AM, rjzdanis said: Hi all. After removing a registry threat and rebooting, the same threat reappears (see below for detail). I have noticed that just as SAS prompts me with the success and reboot message, I also get a message from Avira indicating that it has blocked my registry. I'm inclined to think that Avira is actually preventing SAS from completely removing the offending registry entry. Do you have any suggestions? Thank you. Robert Malware.Trace (x86) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL 1 Hey, rzj What SAF Version do you have installed? Please make sure you have the latest SAS, if not download them here: Free Edition users click HERE for 6.0.1232 Professional Edition users click HERE for 6.0.1232 & run a scan That (may) Have fixed the problem, if not: Can you go to (x86) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON# in your windows file browser and post a screen shot or copy and paste the names of the registry files for me? Also, You can try unlocking the file with unlocker and then re-scanning with SAS, it should hopefully work after unlocking the registry file. Unlocker Direct Download: http://www.majorgeeks.com/index.php?ct=files&action=download& About Unlocker: http://www.majorgeeks.com/files/details/unlocker.html Remember to use 'Custom Install' and uncheck all the boxes (unless you want them) when installing unlocker as it will try to install freeware programs. Share this post Link to post Share on other sites
One_II_Coding Report post Posted January 6, 2017 rjzdanis Please let me know if that helped or you still need help. Cheers! Share this post Link to post Share on other sites
GuiltySpark Report post Posted January 6, 2017 You realize this is an old thread and the OP hasn't come back since. Share this post Link to post Share on other sites
One_II_Coding Report post Posted January 6, 2017 7 minutes ago, GuiltySpark said: You realize this is an old thread and the OP hasn't come back since. Yep, but It's always nice to have a solution posted for other members to see. Share this post Link to post Share on other sites
GuiltySpark Report post Posted January 6, 2017 True. Keep it up Share this post Link to post Share on other sites
