Infected Registry Keys and Value in Quarantine - Delete?

Discussion in 'Malware Help (A Specialist Will Reply)' started by bballplaya, Dec 24, 2008.

  1. bballplaya

    bballplaya Private E-2

    I have several Registry Keys and a Registry Value in my MBAM Quarantine that are infected by Adware. Should I delete them? I'm afraid to do so, seeing as the Registry is very very important.

    Keys:
    1. HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS)
    2. HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS)
    3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS)
    4. HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS)
    5. HKEY_CLASSES_ROOT\TypeLib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS)
    6. HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS)
    7. HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS)
    8. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap)
    9. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap)
    10. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/nowstarter.ocx (Adware.CWS)
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap)
    11. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar)

    Value:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\NowStarter.ocx (Adware.CWS)


    I also have a Data Item infected - in my log it says it is in the Quarantine, but it isn't.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1)

    Oh yeah, and a file is infected too. Not sure about this one.
    C:\WINDOWS\Downloaded Program Files\NowStarter.ocx (Adware.CWS)


    All of them have been said to be Quarantined and deleted successfully. However, only the Registry Value, Keys and Files have been quarantined and they are not deleted yet. Where's the Data Item?
     
    bballplaya, Dec 24, 2008
    #1
  2. Corporal Punishment

    Corporal Punishment Head of Software Shenanigans Staff Member

    Corporal Punishment, Dec 25, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds