Posted March 13, 201212 yr Recently I was hit with 3 viruses. MSE caught them but one kept coming back. I let Microsoft support take over my computer and after they finished they assured me it was clean. I later found a file on my desktop and I didn't put it there. I deleted it, the short cut and the location it pointed to. I checked my event logs and founf the following entry Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Dofoil.O&threatid=2147653354 Name: TrojanDownloader:Win32/Dofoil.O ID: 2147653354 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Documents and Settings\Dell\Application Data\A6AF17.exefile:_C:\Documents and Settings\Dell\Application Data\A6AF17.exe->(UPX)regkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networksrunkey:_HKCU@S-1-5-21-1390067357-1767777339-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\Pure Networks Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Signature Version: AV: 1.121.908.0, AS: 1.121.908.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8101.0, NIS: 0.0.0.0 After seeing this I went into the registry and did a search for S-1-5-21-1390067357-1767777339-1801674531-1003 which is part of the above path. There are many entries in the registry. I'm familiar with the registry and editing it. However, I do not make modifications to it unless I know for a fact what I'm doing. Do I need to remove these entries from the registry? In my research I also found in Local Security Settings > Local Policies > User Rights Assignments several entries of the same string under the Security Setting column. Do I need to do any thing with these entries? Any help will be greatly appreciated. Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.