They aren’t infected files as such but registry entries that may have been left behind from a previous detection where the files are gone.
Since your log contains the → No action taken against these detections you should allow MBAM to deal with them.
Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.
Hi David - I have used your link to remove any possible Norton that was left behind.
FIREWALL - In an earlier post you said I needed to remove Sygate Firewall. This does not show in my Add/Remove program options. I searched for the file name Polonus’ shows on my system- C:\Program Files\Sygate\SEA\smc.exe. It found the folder that houses the files. I opened the folder to view data-all greek to me but I do see ‘trojan’ as one of the files in there.
I would like to send you the file to look at but don’t know how to save it. Can you tell me how to send you the log info? Thanks
Hey David - I just went back into Add/Remove programs after using the above link for the Norton removal & the above & I see SYMANTEC ENFORCEMENT AGENT 5.1…when I click remove it is asking me for an UN-install password. ??
First, I don’t work for Alwil, I’m just an avast user like yourself, so no point in sending me anything. Second even it it was marked trojan in the name doesn’t mean anything as avast, SAS and MBAM have found nothing.
You could a) fix the entries in HJT so they actually wouldn’t be run, b) you could remove the complete Sygate folder in windows explorer. Though I generally hate doing that as removal vial add remove programs is the better option.
However, with the requirement for an uninstall password would put the kybosh on that idea, so you could be down to brute force removal. Or you could try Revo Uninstaller which may get the same response though, http://www.snapfiles.com/reviews/revo-uninstaller/revouninstaller.html.
Hey David. Ok - I downloaded above snapfiles link. It says: “Please carefully verify the bolded items! Only checked bolded items and their subitems will be deleted!” There is a whole page of bolded items. Just in components alone it shows 50 items. ??? Should I put a check in the box of each of these bolded items & select delete? Thanks
When you use Revo uninstaller the first thing it asks is how deep you want to clean, by default this is set to moderate,next it will set a restore point,then its runs the applications own built in uninstaller. After this the application you are removing may suggest a reboot.I ignore this and carry on with revo.Then check ALL bold items,and choose delete.After this you will see my computer + hkey + software + microsoft, ( or similar )just like in the registry, keep clicking on the + sign, which is boxed,until more bold items appear,check these and choose delete.Finally, several more boxes, choose select all, and delete.If you asked to reboot earlier,do so now.
Some uninstallers won’t do their job correctly due to RevoUninstaller had previous deleted registry keys and files…
When a reboot is needed, it’s difficult to guess which one will do the better job: Revo or the program uninstaller.
