Windows 10: Spybot picked up Malware in System32

This si what was picked-up from spybot. I'm hesitant to fix the selected items since is in system32.
Should i go ahead with the clean up?

:)

 

Spybot Search and Destroy is picking up HKUS which is says is in Microsoft items

Hi everyone

I need some assistance... when I run the program "Spybot: Search and Destroy" it keeps picking up HKUS\S-1-5-21 where the location is set as a Microsoft item.

Screenshot:





For instance, the first "Internet Explorer" option includes Software\Microsoft\CurrentVersion\Internet Settings\User Agent (is not)

When I click "Fix selected" it doesn't remove them; if I re-run Spybot they're still there.

My question is - from searching the internet I've received conflicting results. In some cases HKUS is supposed to be a terrible virus or malware, but other results say that it's nothing to worry about and is erroneously being reported by Spybot. I know that
Microsoft isn't Malware but it's possible that it's been infected.

Can someone please advise what action I should take regarding this (if any)? I've run Windows Defender and it doesn't pick up anything, same with other anti-malware programs I have.

 

Trogan Virus

i have installed Spybot-Search and Destroy. does a very complete scan of your entire system. it is free, they will accept donations. Spybot will clean up any type of virus and prevent any more to access your system. The alternative malware removal would
be Malwarebytes, which isn't quite as thorough as Spybot,

 

Hi:

Is this the same computer?
Solved Strange Registry Key- Possible spyware - Windows 10 Forums

If so, it's probably advisable to stick with support in one thread in one place at a time.
Malware removal can be tricky, picky and sticky.
And it can be -- at best -- confusing or -- at worst -- dangerous to work simultaneously in multiple places.
A step advised by one helper may be unknown to another helper and that can lead to problems.
So, it might be a good idea to resume that existing thread.
And no two computer disinfection tools/scanners will pick up the same, exact things.

Having said all, that Spybot S&D is not one of the more highly-regarded anti-malware scanners these days.
And, without a scan log or more data, it would be hard to say if this detection might or might not be a false positive.

Just my thoughts,
MM

 

You've already done a full scan with Malwarebytes, TDSSKiller, ADWCleaner and Avast - nothing found. Did you do the ESET Online Scanner as well? (you never mentioned that.) I see ESET found 1 thing, which you deleted.

I agree with MM - Spybot should be uninstalled. If you want something, use SuperAntiSpyware Free.

 

Google search winemt.dat turns up a lot of results for Mountain and wine, but I didn't see winemt.dat

Visit VirusTotal - Free Online Virus, Malware and URL Scanner, upload the file and have them check it.

If it is a virus, yes remove it
Then launch Command Prompt (Admin)
enter the following commnad

SFC /ScanNow

that makes sure that system files from the component store are in the right place. It will put the correct file back if it is needed.

 

Sorry about that, i'm used to using new threads for new issues so that it helps others when searching for similar problems

 

VirusTotal found nothing suspicious



Here's a picture of the file (The file is in a different place than what Spybot reported. Additionally, I had to "Show hidden files" in order to find this)




I've scanned it with Avast and Malwarebytes and they found nothing either
(If it helps, I don't use Norton. I have a hunch that the Norton symbol is there because of the Norton free trial that was pre-installed in my computer when i got it a few years back)

SuperAntiSpyware only found tracking cookies

 

Just looking at that screenshot of the file - in a different position than what Spybot says? That's odd. But, the fact that it has a Norton icon would lead me to believe it's possibly a leftover from Norton? It's all of 1 byte.

 

Yhea, i dunno what to do. I know that, they type of malware spybot picked up is very nasty, but none of the other programs picked it up, nor can i manually find it either.
I'm at a loss of what to do

 

Add the extension .old to it - renaming a file's extension makes it unusable. I doubt you'll find any issues. I think it's a leftover from Norton to be honest, and a FP from Spybot.

 

k thanks for the help

 

You're welcome. Give it a few days and if everything seems fine, you can delete it, and mark the thread as solved.

 

I want to amplify MoxiMomma's and simrick's impression of Spybot S&D as not being your best choice in Virus protection.

Spybot uses the Hosts file (or it used to) to mitigate some malware. If you don't have any special needs for a non-standard Hosts file, then when you uninstall Spybot to replace it with a different AV product, you should also reset the hosts file

# C:\Windows\System32\drivers\etc\hosts
# Copyright (c) Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
See: How can I reset the Hosts file back to the default?
Don't worry about the Windows versions - the Hosts file is standard. The only difference being the addition of IPv6 and letting the DNS handle the localhost name resolution.
There are ample choices available that are superior, or at least less problematic for Windows, to Spybot.
It comes down a preference really. I'm comfortable with Microsoft's Defender, but have used others in the past.

AV products used by other members include:
Avast Free,
AVG Free,
Malwarebytes Free (manual scan as a 2nd line of defense)
--> Malwarebytes Premium is real time protection but is not free,
Panda Free
Super Anti-Spyware Free

But there are more (some might not offer free real-time protection):
Partners in consumer antivirus software for Windows - Microsoft Windows

I've recently been looking at Bitdefender Free.
Bitdefender is always in the top ranks along with Kaspersky (no free product that I know of).
The free version of Bitdefender is 2014 - it's unclear that it is compatible with Win10. There is conflicting information on the Bitdefender 2016 page - probable just an oversight while they were updating the software.
A buy Bitdefender 2016 pop-up has this:




So, I have to ask myself ... what about 2014 - the free version? I have not tried it, so I can't answer my own question.