ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
How exactly are infected registry files handled?
Tnebb


Joined: 17 Apr 2017
Posts: 2
Reply with quote
Basically it found an html exploit in my registry and so after the first scan I ran a second one afterwards and I still see it.
Does ClamWin "fix" or do anything with infected registry? Or is this something I'm supposed to run something like RegAssassin for?
Or is this one of those cases where the infected registries might have some write protection?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
If the registry is infected, the malware may have a separate file to monitor if the victim computer is still infected and that will reinfect it if not.

ClamWin (using the Clam AV scan engine and signatures) can only quarantine or remove infected files, as you choose in the Infected File Option in the Tools, Preferences, General menu. It can only quarantine/remove files. I do not believe it can remove registry entries--some AVs do not.

If you are not using a real-time AV along with ClamWin (you should be--because ClamWin is not a real-time scanner but scans "on demand" after you get an infected file), download Malwarebytes free from https://www.malwarebytes.com/ and do a scan with it. Also download Microsoft's free Safety Scanner (MSERT) from https://www.microsoft.com/security/scanner/en-us/default.aspx and do a scan with it. Be sure and scan with Malwarebytes first and then with MSERT. Get back here with results.

Regards,
View user's profileSend private message
How exactly are infected registry files handled?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic