Scotty Asking For Permissions

Question

After MBAM found and cleaned up C:\WINDOWS\SYSTEM32\DRIVERS\rndismpp.sys I have started to get Winpatrol Alerts as to whether to allow a change in a couple of entries to the registry.

The first is labeled as a .REG file and the system asks to change regedit.exe %1 to regedit.exe %1*

Th other is labeled as a .SCR file and the change is from %1 /s to %1%* At the top of the second entry it says "NAME" and under that "Company Name".

I have no idea what any of of this means or if a HJT log would be required for further analysis. I do remember that MBAM made some reference to root kit as per the above file. Thanks for any help. As careful as I try to be I guess stuff still sneaks in.

Message Edited by dalem29 on 06-14-2008 07:10 PM

Message Edited by dalem29 on 06-14-2008 07:13 PM

Message Edited by dalem29 on 06-15-2008 06:48 AM

joe53 · Answer

It wouldn't surprise me that WinPatrol alerts you to registry changes after MBAM deletes a nasty. Can you give the exact text of the WinPatrol alert?

The .SCR file extension can refer to a script, or to a screensaver- did you change your screensaver lately?

However, if MBAM had detected/removed that rndismpp.sys on my PC, I would probably run a HJT logfile by the experts, just to be sure I was clean.

dalem29 · Answer

Hi Joe:   It just basically asks if it is OK to make the change...doesn't explain what the change would amount to. I'll go ahead and post a log and see if there is anything else in there.

dalem29 · Answer

Not sure why this thread is sitting up here above the fold?

joe53 · Answer

@dalem29 wrote:
Not sure why this thread is sitting up here above the fold?

I imagine you must have floated this thread to the top at some point.

To remove it, click on it to open it. Then click on "Thread Options" at the top, and select "Un-Float this Thread".

Virus & Spyware

Scotty Asking For Permissions

Was this post helpful?