CIS can’t remove it, and I’ve tried [installed] superantispywear, malwarebytes, nad tried online scans with bitdefender, kapersky, trend micro & eset, and none of these find the mentioned rootkit.
I have of course tried going into the registry to delete the key, but it’s not there (hidden…!)
I did have AVG installed a couple years ago on this [XP] system, but uninstalled and afterwards ran a AVG AV cleanup tool. All I have on my system now [as far as AV] is the CIS.
Could this be a false positive? Can’t find much about it on the net.
Hi p3k,
If you are certain this key is not required.
You could try RegASSASIN
Please use caution with the registry and removal is done at your own risk.
Yes, most likely it is another False Positive on behalf of Comodo, which has very high level of FPs
At the same time if you are really worry about this particular detection & your PC behaves “funny”- please go to to any decent site where malware removal expert will analyse what is wrong with your PC
I was more than surprised by the advice given by captain.
Please do not run any “known” & powerful utilities spontaneously - that may render your system beyond repair
Hi SiberLynx, your concerns are very understandable.
IMO it is possible to be a FP and possibly a left over from an earlier AVG install, but we are not certain.
P3k did sound keen on removing it even to the point of manually removing it, admittedly it could easily be backed up then.
I just suggested a way that might work.
Note: I did specify “if you are certain”, “please use caution” and any “removal is done at your own risk”, to me that shows quite sufficient warning that a relatively high element of risk is involved with my suggestion.
I tried running RegAssin, and at first it said it couldn’t find any problems, but then it said it did (?!?) so I clicked for it to remove the key, nd rebooted, and… I got stuck in a boot loop! Had to launch windows to the f8 startup choices and choose ‘use last good startup’ to ge ■■■ going.
So, I followed the ‘Help, my PC is infected! - Emsisoft’ instructions (interestingly, none of this found the originally mentioned ‘hidden’ rootkit) and went to their ‘create a new topic’ page, created an account, logged it, but… I can’t start a new topic! (the button to start one indicates ‘you cannot start a new topic’)
Is there some trick to starting a new topic there that I’m missing?!
RegAssasin doesn’t actually look for issues, it is designed to remove or reset permissions of keys you enter.
So, I followed the 'Help, my PC is infected! - Emsisoft' instructions (interestingly, none of this found the originally mentioned 'hidden' rootkit) and went to their 'create a new topic' page, created an account, logged it, but... I can't start a new topic! (the button to start one indicates 'you cannot start a new topic')
Is there some trick to starting a new topic there that I’m missing?!
Maybe clear browsing data or try a different browser.
… and what happened is really sad and was suspected as much.
You were warned.
It may have implications even if you were able to reboot normally eventually (let’s hope - not)
That is strange & there shouldn’t be any trick
Please try to login into their Customer Centrer & ask what is the reason. I’m sure you’ll get an answer
Cheers!
P.S. When you succeed please give a short description of the initial problem including your unfortunate episode with the Assassin … probably you saved the report of what was done before “loop-rebooting”
