Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Copy of Windows not gneuine after trying to remove malware

09 Oct 2014   #11
Terrek

Windows 7 Home Premium 64bit
 
 

Hi all, my copy of windows seems to be fine now, but today SuperAntispyware detected Web Protect again, 11 files in my registry. I'm not sure how it got back in there, as I have not installed or downloaded anything since the original issue occurred two weeks ago. Malwarebytes and Adaware have not detected in the last 2 weeks...


My System SpecsSystem Spec
.
09 Oct 2014   #12
Gator

Dual Boot: Windows 8.1 & Server 2012r2 VMs: Kali Linux, Backbox, Matriux, Windows 8.1
 
 

I would clear your downloads and temp folders. Run CCleaner and check all boxes (minus wipe free space, it takes forever). Run CCleaners registry tool (mainly for the backup needed when trying the next step)

Check the registry for 'WebProtect' (Press Ctrl + F to search the registry once you are in it) You already have a backup of your registry from CCleaner so now Delete any and all entries that are found searching for 'Webprotect' you can do search with asterisks as wild cards. Example: *web*protect* will bring results for WebProtect and any other form of it that may have a word before web, inbetween web and protect and after protect.

Download Autoruns for Windows and delete all entries highlighted in YELLOW.
(Run as administrator)
Autoruns for Windows

Also check for any folders on your computer named with Web Protect in it.

Take note of the file Superantispyware is flagging and see if you can find the location of the file and delete it.
My System SpecsSystem Spec
09 Oct 2014   #13
Terrek

Windows 7 Home Premium 64bit
 
 

Hi Gator thanks for the response. Unfortunately I deleted the entries with Superantispyware without writing down what they were. I found one entry while searching the registry, but it just looked like a shortcut and not a program. Autoruns for windows flagged 3 things in yellow, but I didn't delete them yet since I don't know what they are and if it would be safe to delete them.

They are:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip File not found: rdpclip

HKLM\System\CurrentControlSet\Services
SBRE File not found: C:\Windows\system32\drivers\SBREdrv.sys

WMI Database Entries
BVTConsumer File not found: KernCap.vbs
My System SpecsSystem Spec
.

09 Oct 2014   #14
Gator

Dual Boot: Windows 8.1 & Server 2012r2 VMs: Kali Linux, Backbox, Matriux, Windows 8.1
 
 

It is safe to delete all entries in yellow. They are typically missing files leftover from old uninstalled programs. Autoruns is also a good tool to help get rid of infections, which is the reason I had you download it in the first place. Sometimes you will completely delete malware from every place but it will still have an entry on startup and autoruns is a good tool to get rid of them.
My System SpecsSystem Spec
10 Oct 2014   #15
Terrek

Windows 7 Home Premium 64bit
 
 

Ok I deleted all the yellow entries. What does it mean when an entry is red? I have quite a few of those but didn't see a description anywhere.

I forgot to list this in my last post, but CCleaner detects an obsolete software key: HKLM\Software\AVC3 just about every time I start up my computer, even though I have deleted it several times.
My System SpecsSystem Spec
10 Oct 2014   #16
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Possibly a residual from BitDefender?
Have a look in Scheduled Tasks and see if there's anything there.
My System SpecsSystem Spec
10 Oct 2014   #17
Terrek

Windows 7 Home Premium 64bit
 
 

I don't believe I ever had BitDefender, the only thing in red under scheduled tasks is

\Microsoft\Windows\NetTrace\GatherNetworkInfo c:\windows\system3\gathernetworkinfo.vbs

there are several entries each under Explorer flagged in red for WinRAR and WinRAR32 and two for the AdAware context menu
My System SpecsSystem Spec
10 Oct 2014   #18
Gator

Dual Boot: Windows 8.1 & Server 2012r2 VMs: Kali Linux, Backbox, Matriux, Windows 8.1
 
 

Red highlights just means there is no description or publisher or it means that verification of the digital signature failed.

In your case, these are fine and can be ignored.
My System SpecsSystem Spec
10 Oct 2014   #19
Terrek

Windows 7 Home Premium 64bit
 
 

Ok cool, I will keep running my scanners probably at least once a day for awhile. Hopefully this thing is really gone for good now.

Thanks for all the help guys
My System SpecsSystem Spec
Reply

 Copy of Windows not gneuine after trying to remove malware




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How do I remove this virus/malware url?
I tried programs and features and search, but came up empty. It constantly shows up in Firefox and Chrome ...
System Security
la.flvmplayer.exe Malware - How To remove?
This nuisance la.flvmplayer.exe (trojan?) arrived on my computer piggy backing on a legitimate d/load (a video I believe). It causes the browser to open several windows with ads and promotions. I can't find the file as no doubt it has disguised itself. Running a full scan with Lavasoft Adaware...
System Security
Cannot remove Conduit malware
Hi guys, Hopefully someone out there can give me a hand. I've checked many websites but I'm not really able to find a good answer to my problem. I have a PC, running windows 7 ultimate 64bit, that has the conduit malware on it. Our work antivirus/malware, Webroot, detects it but is unable to...
System Security
Remove malware by formatting
Hi, When the C: and D: drives are infected, the formatting of them can kill all the malware existing on those two? Machine: Windows 7.
System Security
need help to remove malware please.
Hello, I'm having a malware-nightmare and hoping someone can advise. Thanks in advance. I'm running Windows 7 Service Pack 1 64bit with Internet Explorer 9. While browsing on 29th Oct 2011 at 15:08: my AV (Virgin Media Security) flagged a Trojan-detected message from the task bar; IE...
System Security
unable to remove malware? bug?
not sure how but ive picked up what i think is some malware. its an add-on tool bar called 'searchqu' and is by 'bandoo media inc' i noticed it in my toolbar and deactivated it but my computer was progressively slower than normal. i decided to look into it when i kept getting 'windows explorer...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App