New
#1
Infected registry found by MBAM
Hi
W7 Home 64bit - Windows firewall (highest settings) - MSE (real time protection)
Browser: Firefox in safe mode but IE is still on the computer since i use Windows Live Mail.
MBAM found an infection, quick scan, admin rights:
Malware.Trace: Registry value HKEY_current_user_software\Microsoft\currentversion\Policies\Explorer\DisallowCpl|1
I put it in quarantine.
Next day i had some time and restored the infection. Then i ran (quick) scans with MSE, MBAM and SuperAntiSpyware. Nothing found. Also a scan with Hitmanpro 3.5: nothing found. A full registry scan with SuperAS: nothing found.
A renewed scan with MBAM found it again. I put it back into quarantine.
My questions now are:
Is it a false positive?
If not, can i just delete it from quarantine and that's it? Or do i have to look at the registy entries and change/check something there too?
I also did (quick) scans with those AV programs in safe mode while the infection was in quarantine but nothing found in addition.
I am at a loss that MBAM found something that no less than 3 other AV programs did not find.
Thanks.
Last edited by FranzB; 20 Sep 2011 at 13:53. Reason: text addition