So I ran Spybot Search and Destroy and came across Win32.AutoRun.tmp, and after doing some forum searches learned this was a false positive and that I needed to update. I updated my Spybot and it doesn’t find AutoRun anymore, but now it shows something called Win.32.Bifrost in “HKEY_USERS\S-1-5-21-861567501-1957994488-839522115-1003\Software\Microsof” it doesn’t tell me the rest of the path, unfortunately so I cannot locate the file and do a VirusTotal or something. Anyways, I’m a little skittish as to whether I should let Spybot kill this file or not… lest it cause something drastic to happen that would lead me to need a format.

It isn’t a file but a registry entry item, I would have though there would be a way of getting the full path of the registry entry, either expanding the column or in a text log report. However, that said S&D should make a backup of any changes in the registry so they could be reversed, but I would still be reluctant to do anything when not in receipt of the full facts.

Personally I wouldn’t be deleting anything in the registry unless I knew exactly what it was that it found and you haven’t got the full information to make that decision. Plus if this key had a run command to run a file, then I would hope that S&D would have found the associated file on your system. So this could be a remnant of a previous infection left behind in the registry, but that is speculation.

I really am not a big fan of S&D whilst at times it might find things not found by other haven’t, but it is things like this that leave doubt as to the legitimacy of the detection.

I gave up on S&D many years ago in favour of SAS Pro and MBAM free, both of which I feel are better than S&D and the tea-timer element of S&D is proving to be a bit of a pain. So I really do think that it has had its day.

Hello kitsune_baka,

DavidR has given you sound advice.

Try switching Spybot to Advanced Mode in the program’s settings and look for the log viewer for the information.