Infection Found? What Do I Do Next?

[Guest]

[Fastflys]

Hi

Just run a manual scan and 01 infection was found.

Threat Name: Rootkit.HiddenValue[at]0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OE

I just use a computer so am a complete novice when it comes to something like this.  I believe that the above is a Registry key?  If so why is Comodo flagging it up as a possible infection?  I know that it's not good to mess around with Registry entries so what do I do next?  I'm tempted to hit the "Ignore" button as my computer appears to be running just fine.

If any of you are kind enough to offer help, can you please treat me as you would a child and give me simple instructions as I really don't understand the jargon at all.

Thanks in advance
FF

[malwarekiller]

Please quarintine the file with comodo and send it to comodo from the quarintine area...

Now,to crosscheck your computer is clean.....perform a scan with AVP tool and delete if disinfections is not possible.

http://www.kaspersky.com/antivirus-removal-tool-register

Just fill in a short form and your download will start....update and scan...

[Fastflys]

Thanks for your response.

1st - Comodo cannot quarantine this registry key? file
2nd - Could this key/file be a key/file hidden by Windows OS? as it appears to relate to the running of Outlook Express and cannot be quarantined?
3rd - How do I forward this key/file to Comodo if I can't quarantine it?

[SiberLynx]

Please quarintine the file with comodo and send it to comodo from the quarintine area...

etc.
"quarIntine"  File?!  

Do you know what are you talking about?
Sure you have no idea … as usual... & you are reported again to the moderators

=======

Hi  Fastflys,

Please do not follow any advice given by malwarekiller
Read this thread & this message

I don't see the attention by mods yet & it's sad & dangerous
There were several similar “advices”.  It has to be stopped!

...Threat Name: Rootkit.HiddenValue[at]0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OE

This detection is most likely False Positive

Please rather wait for the response from  Comodo's support staff

Meanwhile supply more info about your system:
OS & Service Pack; platform (x64 or 32 bit)
Version of Comodo installed & current DB of AV
Version of OE that you are running;
etc. ...more info – better

As for the detection – you rather send precise (copied, but not just typed)  message from the log and/or  attach an image

My regards

[clockwork]

Just get another free scanner without an own guard feature, for a second opinion.

Its easy as that

Why should a false positive make work?

[SiberLynx]

Hi clockwork,

Sure getting second opinion by another scanner (or many) is much better approach compare to insanity posted by malwarekiller,
at the same time please remember what the OP said - he is a novice
So even installation of an additional security  (without real-time residents) can be problematic & even lead to more confusion/& possible conflicts at this stage (you know that)

Can you please clarify for me your statement

...Why should a false positive make work?

I don't dig it. What that suppose to mean? Honestly ... no offense intended   

Cheers!

[clockwork]

A second opinion of another free antivirus, without an own guard itself (to avoid incompatibillities), is the easiest suggestion in this case, and the smartest way to act.
And most likely it will come out to be a false positive, so anything else would be too much work (sending files to comodo [confusion], quarantine [maybe bad effects on system if the file is legit], logging, system specifications writing, ect....)


To make it very easy to find a good second opinion antivirus:
Try emsisoft antimalware free version (old name was a-squared free). Its easier to install a product, than to follow any other suggestions.

[georgef]

The best way to deal with this is to delete the root key go to run > regedit > HKEY_CURRENT_USER > Software > Microsoft > Windows >CurrentVersion > Run > OE  this will take out the root virus (note if your on windows vista or 7 your run is also your search bar in the start menu.)

[SiberLynx]

The best way to deal with this is to delete the root key go to run > regedit > HKEY_CURRENT_USER > Software > Microsoft > Windows >CurrentVersion > Run > OE  this will take out the root virus (note if your on windows vista or 7 your run is also your search bar in the start menu.)

Hi georgef ,

Why would you say so
Did you read the posts above?

What can you say about the system of the OP?
What do you know about "how he is running OE"?
What do you know whether he is an Admin or running under Limited User Account?
....etc....
Have noticed that OE .... and most importantly - the System is working fine ?

So why in Hell one have to delete the reg entry? considering the fact  that Comodo's AV  still has high rate of FPs

My regards

[clockwork]

The best way to deal with this is to delete the root key go to run > regedit > HKEY_CURRENT_USER > Software > Microsoft > Windows >CurrentVersion > Run > OE  this will take out the root virus (note if your on windows vista or 7 your run is also your search bar in the start menu.)

Lets say, IF this registry entry has been made by a virus, why should removing this registry entry solve anything?
Most likely you get in trouble if you erase things without verifying their kind.

False positives can happen. So you should not just read the file adress to remove the file/entry.

More worse than no answer is a wrong answer.

[Chiron]

This detection is most likely False Positive

I would tend to agree with this. Currently the rootkit scanner in CIS finds many false positives if enabled. Mine shows 3 for my computer, and I can guarantee you that each is a FP.

That said, you can't be sure whether it is a FP or not. If you like you can read a few reviews about some other rootkit scanners and check your computer with some of them. Of course, with rootkit scanners, I always advise not removing anything until you get the advice of experts.

Please let us know what they find. Thanks.

[Tags:]