Quote:
Hi 1972vet,
What I meant was after running regbackup.bat. I followed the next step which was regedit, but was unable to delete Secret in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run path as I couldn't find the reg (Secret) there, and therefore could not proceed with the next step.
|
Just because you couldn't find the reg key I referenced doesn't mean you can't proceed to the next step in those instructions.
The fact that you can't locate that Reg key is a good thing. The malicious software would have grabbed that key and created the entry "secret"...The reg key referenced in your dss scan log here is of course, different but got my attention nonetheless:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8a3920-d98b-11dc-a3b7-00114368b89a}]
AutoRun\command- F:\Secret.exe
explore\Command- F:\Secret.exe
open\Command- F:\Secret.exe
...This obviously is not what I thought it was...witness, your reboot without the message indicated, so we both can sigh with relief!
The next step in the instruction was to download and run combofix. Why then are you not able to perform that step?