Tjyylli

Making a sword in the stone, in a medieval world without magic

How to explain that I do not want to visit a country due to personal safety concern?

What does it mean to make a bootable LiveUSB?

Why must traveling waves have the same amplitude to form a standing wave?

Bash replace string at multiple places in a file from command line

Good allowance savings plan?

How could a female member of a species produce eggs unto death?

Co-worker team leader wants to inject his friend's awful software into our development. What should I say to our common boss?

Life insurance that covers only simultaneous/dual deaths

What are the possible solutions of the given equation?

Why doesn't the EU now just force the UK to choose between referendum and no-deal?

How to answer questions about my characters?

It's a yearly task, alright

Can anyone tell me why this program fails?

PTIJ: Who should pay for Uber rides: the child or the parent?

At what level can a dragon innately cast its spells?

Old race car problem/puzzle

Science-fiction short story where space navy wanted hospital ships and settlers had guns mounted everywhere

Why would a flight no longer considered airworthy be redirected like this?

What is a good source for large tables on the properties of water?

Sword in the Stone story where the sword was held in place by electromagnets

What is the greatest age difference between a married couple in Tanach?

Why did it take so long to abandon sail after steamships were demonstrated?

Rules about breaking the rules. How do I do it well?

what does it mean for MalwareBytes to find malicious registry keys but nothing else?

UAC being turned off once a day on Windows 7Unresponsive desktop, but almost nothing else?Can't open Control Panel or IEWhat does version mismatch meanWhat does ComSpec mean?Multiple explorer.exe processes consuming large amounts of memoryHow to copy registry keys for this?Ghost USB drives don't go away on Windows 10need default value data for registry keysWhat does `@` represent when dealing with Windows registry keys?

3

I have a machine that is obviously infected, and when I ran MalwareBytes it told me that it found some "malicious" registry keys (surprisingly enough these contained file path to currently non-existent javascript files). But, that's it. Full scan did not uncover any malicious files, or malicious hidden processes in memory. Like, maybe the (hidden?) process that for whatever reason periodically injects keystrokes (hotkeys?) into whatever currently open window.

Then on another, not obviously infected, machine it found a "malware.trace" registry key but again no files or processes etc.

How does this jive with people's experience with MalwareBytes? Does it usually find registry key symptoms of an infection but nothing else? Or is it a common thing to have no infection but some malicious registry keys in place anyway?

windows rootkit malware-removal malware-detection

share|improve this question

asked Mar 19 '12 at 17:35

EndangeringSpeciesEndangeringSpecies

3532517

add a comment | 

3

I have a machine that is obviously infected, and when I ran MalwareBytes it told me that it found some "malicious" registry keys (surprisingly enough these contained file path to currently non-existent javascript files). But, that's it. Full scan did not uncover any malicious files, or malicious hidden processes in memory. Like, maybe the (hidden?) process that for whatever reason periodically injects keystrokes (hotkeys?) into whatever currently open window.

Then on another, not obviously infected, machine it found a "malware.trace" registry key but again no files or processes etc.

How does this jive with people's experience with MalwareBytes? Does it usually find registry key symptoms of an infection but nothing else? Or is it a common thing to have no infection but some malicious registry keys in place anyway?

windows rootkit malware-removal malware-detection

share|improve this question

asked Mar 19 '12 at 17:35

EndangeringSpeciesEndangeringSpecies

3532517

add a comment | 

I have a machine that is obviously infected, and when I ran MalwareBytes it told me that it found some "malicious" registry keys (surprisingly enough these contained file path to currently non-existent javascript files). But, that's it. Full scan did not uncover any malicious files, or malicious hidden processes in memory. Like, maybe the (hidden?) process that for whatever reason periodically injects keystrokes (hotkeys?) into whatever currently open window.

Then on another, not obviously infected, machine it found a "malware.trace" registry key but again no files or processes etc.

How does this jive with people's experience with MalwareBytes? Does it usually find registry key symptoms of an infection but nothing else? Or is it a common thing to have no infection but some malicious registry keys in place anyway?

windows rootkit malware-removal malware-detection

share|improve this question

asked Mar 19 '12 at 17:35

EndangeringSpeciesEndangeringSpecies

3532517

share|improve this question

asked Mar 19 '12 at 17:35

EndangeringSpeciesEndangeringSpecies

3532517

share|improve this question

asked Mar 19 '12 at 17:35

EndangeringSpeciesEndangeringSpecies

3532517

asked Mar 19 '12 at 17:35

EndangeringSpeciesEndangeringSpecies

3532517

asked Mar 19 '12 at 17:35

EndangeringSpeciesEndangeringSpecies

3532517

3 Answers
3

active

oldest

votes

5

It might be the case that another program (like your antivirus, CCleaner, or some other anti-malware app you've used) already deleted the files but left the Registry keys behind. It might also be the case that the malware relocated itself one or more times while trying to evade detection, or created decoy registry keys.

I've had good luck with MalwareBytes; it has detected and removed a lot of malware that other antivirus and anti-malware apps have failed to detect or remove. Every time someone I know gets tricked into installing one of those socially-engineered malware apps, like Microsoft Antivirus [insert year], MalwareBytes has had no problem removing it. That said, I don't trust any single program to catch everything. When someone gives me an infected computer, I usually run MalwareBytes, Spybot S&D or Ad-Aware, and Microsoft Security Essentials.

If you're still suspicious of an infection after running several detection and removal programs, BleepingComputer has some very helpful resources for identifying and removing malware, including instructions on how to use HijackThis to identify suspicious activity on your computer.

share|improve this answer

edited Mar 19 '12 at 18:07

answered Mar 19 '12 at 17:40

robrob

12.3k43979

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  MWB will also detect some 'normal' keys, such as disabling the Windows Firewall or Security Center notifications, as malicious, since those are commonly set by spyware.
  
  – EKW
  Mar 19 '12 at 18:25
  

  
  
  
  

add a comment | 

0

Don't panic, anything that MalwareBytes finds, please trust in them and remove whatever it finds, put it in Quarantined.

I just did a scan with Avast & all clear, then after I did a Quick scan with MalwareBytes, it found a registry key. Seems you can't trust just a single service. That's why I also use spybot.

share|improve this answer

edited Nov 7 '13 at 11:19

Jawa

3,15982435

answered Nov 7 '13 at 10:54

2labem2labem

1

add a comment | 

0

Malwarebytes seems to do a really good job for everybody at our company 1xtechnologies.com in keeping our machines clean and running perfectly. Nothing but good things to say about it.

share|improve this answer

answered 18 mins ago

Eric WinchesterEric Winchester

1

New contributor

Eric Winchester is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f402487%2fwhat-does-it-mean-for-malwarebytes-to-find-malicious-registry-keys-but-nothing-e%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

5

It might be the case that another program (like your antivirus, CCleaner, or some other anti-malware app you've used) already deleted the files but left the Registry keys behind. It might also be the case that the malware relocated itself one or more times while trying to evade detection, or created decoy registry keys.

I've had good luck with MalwareBytes; it has detected and removed a lot of malware that other antivirus and anti-malware apps have failed to detect or remove. Every time someone I know gets tricked into installing one of those socially-engineered malware apps, like Microsoft Antivirus [insert year], MalwareBytes has had no problem removing it. That said, I don't trust any single program to catch everything. When someone gives me an infected computer, I usually run MalwareBytes, Spybot S&D or Ad-Aware, and Microsoft Security Essentials.

If you're still suspicious of an infection after running several detection and removal programs, BleepingComputer has some very helpful resources for identifying and removing malware, including instructions on how to use HijackThis to identify suspicious activity on your computer.

share|improve this answer

edited Mar 19 '12 at 18:07

answered Mar 19 '12 at 17:40

robrob

12.3k43979

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  MWB will also detect some 'normal' keys, such as disabling the Windows Firewall or Security Center notifications, as malicious, since those are commonly set by spyware.
  
  – EKW
  Mar 19 '12 at 18:25
  

  
  
  
  

add a comment | 

5

It might be the case that another program (like your antivirus, CCleaner, or some other anti-malware app you've used) already deleted the files but left the Registry keys behind. It might also be the case that the malware relocated itself one or more times while trying to evade detection, or created decoy registry keys.

I've had good luck with MalwareBytes; it has detected and removed a lot of malware that other antivirus and anti-malware apps have failed to detect or remove. Every time someone I know gets tricked into installing one of those socially-engineered malware apps, like Microsoft Antivirus [insert year], MalwareBytes has had no problem removing it. That said, I don't trust any single program to catch everything. When someone gives me an infected computer, I usually run MalwareBytes, Spybot S&D or Ad-Aware, and Microsoft Security Essentials.

If you're still suspicious of an infection after running several detection and removal programs, BleepingComputer has some very helpful resources for identifying and removing malware, including instructions on how to use HijackThis to identify suspicious activity on your computer.

share|improve this answer

edited Mar 19 '12 at 18:07

answered Mar 19 '12 at 17:40

robrob

12.3k43979

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  MWB will also detect some 'normal' keys, such as disabling the Windows Firewall or Security Center notifications, as malicious, since those are commonly set by spyware.
  
  – EKW
  Mar 19 '12 at 18:25
  

  
  
  
  

add a comment | 

It might be the case that another program (like your antivirus, CCleaner, or some other anti-malware app you've used) already deleted the files but left the Registry keys behind. It might also be the case that the malware relocated itself one or more times while trying to evade detection, or created decoy registry keys.

I've had good luck with MalwareBytes; it has detected and removed a lot of malware that other antivirus and anti-malware apps have failed to detect or remove. Every time someone I know gets tricked into installing one of those socially-engineered malware apps, like Microsoft Antivirus [insert year], MalwareBytes has had no problem removing it. That said, I don't trust any single program to catch everything. When someone gives me an infected computer, I usually run MalwareBytes, Spybot S&D or Ad-Aware, and Microsoft Security Essentials.

If you're still suspicious of an infection after running several detection and removal programs, BleepingComputer has some very helpful resources for identifying and removing malware, including instructions on how to use HijackThis to identify suspicious activity on your computer.

share|improve this answer

edited Mar 19 '12 at 18:07

answered Mar 19 '12 at 17:40

robrob

12.3k43979

share|improve this answer

edited Mar 19 '12 at 18:07

answered Mar 19 '12 at 17:40

robrob

12.3k43979

answered Mar 19 '12 at 17:40

robrob

12.3k43979

answered Mar 19 '12 at 17:40

robrob

12.3k43979

0

Don't panic, anything that MalwareBytes finds, please trust in them and remove whatever it finds, put it in Quarantined.

I just did a scan with Avast & all clear, then after I did a Quick scan with MalwareBytes, it found a registry key. Seems you can't trust just a single service. That's why I also use spybot.

share|improve this answer

edited Nov 7 '13 at 11:19

Jawa

3,15982435

answered Nov 7 '13 at 10:54

2labem2labem

1

add a comment | 

0

Don't panic, anything that MalwareBytes finds, please trust in them and remove whatever it finds, put it in Quarantined.

I just did a scan with Avast & all clear, then after I did a Quick scan with MalwareBytes, it found a registry key. Seems you can't trust just a single service. That's why I also use spybot.

share|improve this answer

edited Nov 7 '13 at 11:19

Jawa

3,15982435

answered Nov 7 '13 at 10:54

2labem2labem

1

add a comment | 

Don't panic, anything that MalwareBytes finds, please trust in them and remove whatever it finds, put it in Quarantined.

I just did a scan with Avast & all clear, then after I did a Quick scan with MalwareBytes, it found a registry key. Seems you can't trust just a single service. That's why I also use spybot.

share|improve this answer

edited Nov 7 '13 at 11:19

Jawa

3,15982435

answered Nov 7 '13 at 10:54

2labem2labem

1

share|improve this answer

edited Nov 7 '13 at 11:19

Jawa

3,15982435

answered Nov 7 '13 at 10:54

2labem2labem

1

edited Nov 7 '13 at 11:19

Jawa

3,15982435

edited Nov 7 '13 at 11:19

Jawa

3,15982435

answered Nov 7 '13 at 10:54

2labem2labem

1

answered Nov 7 '13 at 10:54

2labem2labem

1

0

Malwarebytes seems to do a really good job for everybody at our company 1xtechnologies.com in keeping our machines clean and running perfectly. Nothing but good things to say about it.

share|improve this answer

answered 18 mins ago

Eric WinchesterEric Winchester

1

New contributor

Eric Winchester is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

Malwarebytes seems to do a really good job for everybody at our company 1xtechnologies.com in keeping our machines clean and running perfectly. Nothing but good things to say about it.

share|improve this answer

answered 18 mins ago

Eric WinchesterEric Winchester

1

New contributor

Eric Winchester is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Malwarebytes seems to do a really good job for everybody at our company 1xtechnologies.com in keeping our machines clean and running perfectly. Nothing but good things to say about it.

share|improve this answer

answered 18 mins ago

Eric WinchesterEric Winchester

1

New contributor

Eric Winchester is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered 18 mins ago

Eric WinchesterEric Winchester

1

New contributor

Eric Winchester is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 18 mins ago

Eric WinchesterEric Winchester

1

New contributor

Eric Winchester is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 18 mins ago

Eric WinchesterEric Winchester

1