Author Topic: Accepted DEFENSE+ popup by mistake, file modified NVIDIA registry??  (Read 1434 times)

Offline kendoka15

  • Newbie
  • *
  • Posts: 1
Hi, I downloaded a keygen off of some website, and so I had to turn off the antivirus part of CIS, and when I opened it, DEFENSE+ asked me if this file was ok to modify whatever (I didn't read, thinking it was the usual with keygens) and now that I look at it, it did these three modifications:

1.
Flag: Modify key, suspicious
Application: crd.exe
Target: HKLM\SYSTEM\ControlSet001\services\eventlog\Application\NVIDIA OpenGL Driver\TypesSupported
In this registry file: 7

2.
Flag: Modify key, suspicious
Application: crd.exe
Target: HKLM\SYSTEM\ControlSet001\services\eventlog\Application\NVIDIA OpenGL Driver\EventMessageFile
In this registry file: %SystemRoot%\System32\nvoglv64.dll

3.
It says the same as 2.

I scanned my registry with comodo and Malwarebyte's antimalware, it comes up clean.

It also seems that the same moment as the third modification, Logitech Setpoint decided to "access memory" to comodo's cfp file.

Were these changes harmless, or should I be worried? I've had some bad experiences with worms in the past

Thanks in advance
« Last Edit: March 02, 2012, 02:08:13 PM by kendoka15 »

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2092
  • Oxygen requires Chuck Norris to live
Re: Accepted DEFENSE+ popup by mistake, file modified NVIDIA registry??
« Reply #1 on: March 02, 2012, 05:03:08 PM »
.... and so I had to turn off the antivirus

NO
Think about it.

You had to disable the antivirus, because you wouldnt have been infected otherwise. It wasnt YOUR interest that has been described in this need.

I've had some bad experiences with worms in the past
Because you didnt learn from them.


Edit: Succesfully installed nasties could be not detectable anymore by (installed) antivirus programs.
« Last Edit: March 02, 2012, 05:19:41 PM by clockwork »
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there was no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen."

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13404
  • Volunteer Moderator
Re: Accepted DEFENSE+ popup by mistake, file modified NVIDIA registry??
« Reply #2 on: March 02, 2012, 05:38:52 PM »
My gut feeling tells me rootkit infection, you can try TDSS killer from this page here http://support.kaspersky.com/viruses/utility
And hitmanpro from http://www.surfright.nl/en

If it's a good rootkit you won't find it though on a live system, then you need an offline bootdisk and good knowledge of PC and rootkits to remove it.
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek