Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Malware that keeps coming back

Mar 1, 2018 11:50AM PST

I am sorry this is the 2nd time I am trying to post this. I must've hit a wrong key or something that posted it way before I was ready. Anyway I Have Windows 7 64-bit and I have 3 objects that Malwarebytes detects when I run the program. I quarantine them and then delete them. The problem is the next day the same 3 objects are back again. I tried going into safe mode and running Malwarebytes to see if that would get rid of them, but it did not. If it makes a matter, I have one in Registry Key 1 and 2 in Registry Key 2. Could somebody on here give me some idea how I could go about removing them once and for all? If somebody could tell me how I would attach a copy of the report that I get at the end of the scan. Thank you in advance for any help you may be able to offer me.

Discussion is locked

- Collapse -
Answer
Do you have a name for this malware.
Mar 1, 2018 12:03PM PST

Will help to track it down.
Dafydd.
PS to post a pic use imgur, photobucket or similar.

Post was last edited on March 1, 2018 12:14 PM PST

- Collapse -
Answer
File names
Mar 1, 2018 12:30PM PST

This is what I have from the text file that Malwarebytes generated.

Registry Key: 1
PUP.Optional.Conduit, HKU\S-1-5-21-1028929707-1170824990-1914099039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, [528], [236865],1.0.4130

Registry Value: 2
PUP.Optional.Conduit, HKU\S-1-5-21-1028929707-1170824990-1914099039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, [528], [236865],1.0.4130
PUP.Optional.Conduit, HKU\S-1-5-21-1028929707-1170824990-1914099039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [528], [236865],1.0.4130

- Collapse -
This fix is a bit lengthy...
Mar 1, 2018 12:39PM PST

Post was last edited on March 1, 2018 12:46 PM PST

- Collapse -
One Other Possibility...
Mar 1, 2018 7:09PM PST

For backups, certain files and registry entries are stored in the "System Restore" section which reside in the C:\System Volume Information folder. If that's the case here, occasionally, Windows software can't do an effective deletion of the infected files because they're protected. If the Malware entries you've listed reside in the "System Volume Information" folder, you'll need to temporarily disable System Restore to be rid of the detections.

To temporarily disable SR, open the Control Panel, then the System icon, then the "System Protection" tab, then click on the "Configure" button. Select the option to "Disable System Protection", click on "apply", then OK. Then restart the computer. Upon restart, follow the same instructions above but re-enable SR to create a new restore point.

Hope this helps.

Grif