Programs being deleted from C:\Program Files (x86)

Well as far as I know, it should be clean now since I quarantined and deleted the exploits shown up by microsoft security essentials, and deleted VirTool:Win32/DelfInject.gen!X shown up by defender offline. I don't think it was vmware as I haven't used it for a long time, I've been using virtual box since, and this issue has only cropped up over the last few days. I didn't keep my windows XP AV updated and didn't scan on the few times I loaded XP environment within vbox, so I'm wondering whether I let the exploits through because of that.

Golden said:

Hi,

Its possible, but I was looking specifically at this item:

Resource Path:\$RECYCLE.BIN\S-1-5-21-1716146104-364351621-1683301092-1001\$RYRILHJ\VMWare.Workstation.v6.5.3.185404.Incl.Keygen-DI\keygen.exe

None-the-less you have deleted that. How is the system now?

Regards,
Golden

Well, the only virus flagged by defender offline was the VirTool:Win32/DelfInject.gen!X which is deleted. The keygen files are deleted but they didn't flag a virus. But I won't know how the system is until I reinstall a couple of programs back to c:/program files (x86) and see if they disappear or not.

True, but those keygens have been on my system for years, so unless they were benign lying dormant and suddenly became active and dropping the malware payload, I honestly don't believe they're responsible.

To add, the fact that malwarebytes disappeared from both my desktop AND laptop, AND both from program files x86, AND both computers had the same java exploit blacole, that's where I put my money.

Golden said:

Roman5 said:

Tso unless they were benign lying dormant and suddenly became active and dropping the malware payload

Thats exactly how some droppers work.

Regards,
Golden

Ah, well in that case, having deleted them will hopefully stop the exploit returning, if it was the keygens that dropped them. Thanks for the tips, I am learning my lessons the hard way.