I did a quickscan with malwarebytes and a few of the registry keys were infected with adware.zugo so I quarrantined and deleted them. was this the right thing to do? also, I read that there's a program or website available that scans the registry keys in your computer to make sure nothing is missing or corrupt. can you direct me to this website/program? thanks
-
-
Alienware-Joel Notebook Consultant
If you can't heal them, quarantine and deleting them is the next best thing.
If your M11X is running fine still without any errors I wouldn't worry.
You have a load of missing registry keys in your computer, uninstalling programs often leave a load behind for example.
Websites that scan your registry keys are probably fake. There is one or two that scans for only Microsoft items only which is legit. Your registry is unique; it contains activation keys for games for example. You get your pc scanned online by an unreliable website then they can see your registry.
Other programs that offer to scan missing/corrupt files probably are cleaning programs, just removing junk registry keys off your pc.
If you’re still paranoid, go into your malwarebytes, find the log of the infection and copy and paste where the adware was hiding and i'll have a look. -
Registry Keys Infected
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl (Adware.Zugo) ->
HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) ->
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl.1 (Adware.Zugo) ->
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) ->
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> -
Alienware-Joel Notebook Consultant
You can relax, nothing important has been removed, only what Zugo has created.
What has happened is Zugo got onto your system via IE I'm assuming, how is unknown, but there's various ways in which this could of happened.
Brought this along to your laptop
HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457}
Which then allowed it to drop it's lovely created adware and by looks of it it's backup.
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl.1
It was then just simply adding values to Microsoft Internet Explorer to load the toolbar in IE.
That's roughly what happened, hopefully it proves to you that the keys deleted were created by Zugo, it didn't infect any important keys/values.
When malwarebites scanned it, it deleted the keys which were the ones it either dropped or created. It added itself to IE, so no damage is done removing it from IE (think of adding a cherry to a chocolate cake. You then remove the cherry and it' still a chocolate cake without damaging it).
Sidenote, before someone moans at the way it could have gotten into the system. For all we know Lupin may have downloaded it, installed it into program files and boom HKEY_CURRENT_USER\Software\Zugo therefore is created. There are many ways it could have entered into the system, I'm just assuming it was a sneaky adwareLast edited by a moderator: May 8, 2015 -
thanks for the help!
-
Alienware-Joel Notebook Consultant
More than welcome
please help
Discussion in 'Alienware M11x' started by LupinTheThird, Apr 21, 2011.