Registry Infected ?

Hello,

I ran Suprantispyware and detected the following as a
critial threats,
malware.trace

HKEY_USERS\S-1-5-21-3308756216-4230241753-1976524826-1002\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL

Is this a real threat or a false positive?

Because the registry is a core component of your Windows system

Any suggestion?

Thank you,

 

Before you consider going to the Specialist Malware Forum where a trained expert will help, run other scans (not just SAS) such as the real-time Anti Virus software you have installed, or Windows Defender if you have that. And the free version of Malwarebytes
With any of the above, you must update them before scanning.
Allow all of them to delete any malware found and if they quarantine any items empty that folder.
RESTART your system, then run scans again to see if the item you mentioned is still there.
If it is you will need to go to the Specialist Forum and carry out the 'read and run me first' steps and post a new thread with logs there.

 

Hi Max, yes I followed the steps you mention above and I posted a thread in the specialist forum like a week ago, but not answer back, yet. This particular detection from SAS is really alarming me. Thank you for your advice.

 

Yes, my bad! Sorry for that. I am fixing the posts.
Thank you for your response and your help.

vv