|
Tnebb
| Joined: 17 Apr 2017 |
| Posts: 0 |
|
|
|
 Posted: Sat May 06, 2017 12:32 am |
|
 |
 |
|
|
Basically it found an html exploit in my registry and so after the first scan I ran a second one afterwards and I still see it.
Does ClamWin "fix" or do anything with infected registry? Or is this something I'm supposed to run something like RegAssassin for?
Or is this one of those cases where the infected registries might have some write protection?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sat May 06, 2017 1:23 am |
|
|
|
|
|
If the registry is infected, the malware may have a separate file to monitor if the victim computer is still infected and that will reinfect it if not.
ClamWin (using the Clam AV scan engine and signatures) can only quarantine or remove infected files, as you choose in the Infected File Option in the Tools, Preferences, General menu. It can only quarantine/remove files. I do not believe it can remove registry entries--some AVs do not.
If you are not using a real-time AV along with ClamWin (you should be--because ClamWin is not a real-time scanner but scans "on demand" after you get an infected file), download Malwarebytes free from https://www.malwarebytes.com/ and do a scan with it. Also download Microsoft's free Safety Scanner (MSERT) from https://www.microsoft.com/security/scanner/en-us/default.aspx and do a scan with it. Be sure and scan with Malwarebytes first and then with MSERT. Get back here with results.
Regards,
|
|
|
