After Cleanup- Is this still a sign of Malware?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Don-NYC, Aug 15, 2008.

  1. Don-NYC

    Don-NYC Private E-2

    I accidently ran a downloaded file that was full of trojans, malware, etc. I seem to have most of it cleaned up (from what I can tell) by using a bunch of different automatic Anti-Malware/Trojan scanners (Spybot, Malwarebytes, AVG Free, Windows Defender, Adaware, etc.) but I'm still getting this strange dual alert from WinPatrol every few minutes when my XP system is running:

    The first alert looks like this:

    -----------------------------------
    WinPatrol File Type Change Alert

    File Type: .REG

    Program currently associated with this file type:

    Microsoft Windows Operating System
    Microsoft Corporation

    regedit %1


    A Change was made to use the following program for this file type:

    Microsoft Windows Operating System
    Microsoft Corporation

    regedit %1 %*
    ----------------------------------------------------


    And then a second alert right after looks like this:

    ----------------------------------------------------
    File Type: .SCR

    Program currently associated with this file type:

    Name
    Company Name

    %1 /S


    A Change was made to use the following program for this file type:

    Name
    Company Name

    %1 %*
    ------------------------------------------------


    I say "no" and don't allow the change every time, but it just pops up again a few minutes later. Does anyone know what this means? Could it be a sign that I still have some type of infection? Other than this Winpatrol alert, I have no obvious signs or indications of infection. Thanks!
     
    Don-NYC, Aug 15, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Perhaps! Or perhaps they are just legit changes trying to set the file assocations back to what they need to be for .reg and .scr files.

    The best way to know if you are clean is to follow the instructions in the below link and attach the requested logs when you finish these instructions.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Aug 15, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds