Jump to content

ESET does not repair registry keys caused by inf/autorun and autorun/java


Recommended Posts

Hi,

 

Most of you should be familiar with the Autorun virus, which changed all your drives to folders and enables autoplay which executes some java code. ESET removed the autorun.inf and recycler folder, but it does not repair the registry associated with this malware.

 

The Registry keys mountpoints2 needs to be deleted to repair the drive icons.

 

Thanks

Link to comment
Share on other sites

Well, as far as i know, windows added patches and updates to completely remove the autorun feature years ago. 2009 -2012 ?

 

If ESET infact missed a key somewhere, they like to state that even old systems are still supported, so i'm sure ESET would like to verify and fix this little nuance.

 

Thanks for reporting. :)

Link to comment
Share on other sites

  • Administrators

ESET actually cleans references to malware from the registry when malware is detected on a disk. Of course, if the malware happened to change policies or something, it's not possible to fix it because these might have been changed intentionally by the user or an administrator. ESET provides stand-alone cleaners and tools that can be used to fix the registry.

Link to comment
Share on other sites

Hi Arakasi and Marcos,

 

Thank for your reply, who can I email about this, I was away from the site with infected PCs at the time of posting. I will provide more technical details when I have the information back in front of me.

 

I will provide the full names of the worms as ESET identifies them and the full path to the registry keys. I would like to discuss this further with someone as we are talking about 1000's of PCs.

 

Please let me know who I can contact.

 

Thanks 

Link to comment
Share on other sites

  • ESET Moderators

Hello,

Please send an email to ESET's malware researchers, including a copy of the worm and exported registry keys in a password-protected archive file, if possible, by following the instructions in ESET Knowledgebase Article 141, "How to submit virus or potential false positive samples to ESET's labs."

Please start the Subject: of the message with "CLEANER REQUESTED:" and be sure to include a description of the problem (registry keys) in the body of the message.  You can reference the URL for this message thread as well in the message body.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...