Scanned my computer with MBAM and it keeps showing these same registry ‘hijack’ viruses and I click to delete them but they are still there every time MBAM says it deleted them. Even using regedit doesn’t work.
Here is the log:
Malwarebytes’ Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
Avast did not detect this problem. And even though the log says the virus was quaranteened and deleted successfully IT IS NOT because I still have the regedit open and can view it is still there. I’ve had this problem for a few days now and MBAM is always detecting it but not able to delete it even though it ‘thinks’ it did.
This a registry entry, but some values in the registry MBAM considers bad, this could have been changes a user made or in this case possible corruption, see the difference between the two.
Bad (%fystemroot%\system32\svchost.exe -k netsvcs)
Good: (%SystemRoot%\System32\svchost.exe -k netsvcs)
Can you see it %f and not %S.
The %SystemRoot% is a variable for C:\Windows now the %fystemroot% isn’t a valid variable so it would have no assigned value, so is effectively dead in the water and can’t do anything.
How this became corrupt I haven’t the slightest idea, but avast doesn’t look for registry problems in this way, avast scans your system and if it finds infected files then it would look for associated registry entries for those files.
MBAM doesn’t actually delete the registry entry as far as I’m aware it should chnage it but keep a copy of the original registry key in the quarantine area of MBAM.
If you had regedit open whilst making the decision about this and MBAM said quaranteened and deleted the item may still appear, close the regedit and open it again. If it is still the same you could manually change the value.
From:
%fystemroot%\system32\svchost.exe -k netsvcs
To:
%SystemRoot%\system32\svchost.exe -k netsvcs