Quick Trojan Question (Editing Registry)

Windows XP Home Edition, SP1

I decided to do a Trend Micro scan and it found 16 infected files from the BKDR_Sandbox.a trojan... I suspect i got this virus from a spyware attack a few months ago because the trojan attaches itself to a malware program (all of which is resolved)... So I had Housecall delete the specified files it found, and now i'm using Trend Micro's instructions for editing my registry:


http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SANDBOX.A

"Removing Other Entries from the Registry

Still in the Registry Editor. double click and delete the following in the left panel:
HKEY_LOCAL_MACHINE>Software>%random%
NOTE: %random% is a random combination of letters and numbers (for example: 2S2ZBHT56WKHYT, 4T2ZXHT56LKJXC.)
Also delete the corresponding file in the value field (the right-most part) in the registry.
The random registry entries are made by this malware and can be safely deleted.
Close Registry Editor."

Just wanted to make sure i'm deleting the right entry in the registry, here is an attachment of what i see in the specified path:


There are no other entries with the random letters/numbers in that section so i'm assuming this is what they are referring to with the instructions...



and again, I have Norton antivirus w/ updates definitions, a firewall, and adequate spyware protection so i'm okay in that department... thanks for your time fellas....

 

That 2#58F7... key looks pretty random to me.

Just to be safe backup that whole key before you start deleting...

 

thx for the response alanc... could you specify how i would back up that specific key...

i do have RegCleaner and Erunt installed, I could make a backup of the entire registry with Erunt if need be but if there's a simpler/shorter way of backing up that specific key, do tell =]

 

Highlight the key, then click Registry > Export Registry File

Give it a name like 'leftoverspywaresandboxtrojanbs' (or whatever) and off you go.

 

thanks for the quick response alanc... i deleted the key (after backing it up), rebooted and noticed no ill effects... i'll hold onto it for a few more days to make sure no problems arise and then chuck it... glad that's resolved

 

Good job dude