Cannot get rid of this!
January 23rd, 2020
Does anyone have information on this, and how to remove it?
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|45878
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|45878 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mspuowe.com -> Delete on reboot.
You could try manually deleting the file using a Linux Live CD (Such as redobackup or puppylinux)
Then later on (If it actually takes care of the problem and it doesn’t return) use regedit to remove
the startup entry. Do keep in mind that some spywares can be very persistent and have backups in-place (So you may not be able to remove it!)
IMO, Whenever there’s spyware involved, The best approach is to do a clean OS reinstall.
It’s the only way to be truly safe. Do keep in mind that no Anti-Virus/Anti-Spyware provides 100% protection and it can be difficult to establish the extent of the infection (In other words, There might be more than just that particular trojan on it, There could be others that you simply don’t know about as they aren’t being detected!) Anyways, If going the reinstall route, Better backup any important data first onto an external hard drive or a secondary partition. Also, There’s the possibility that some (or all) login credentials used by your friend have been stolen or keylogged, So using a Live CD (Or another computer, If she has one) to change em (+Secret questions/answers) would be a good idea.
try going into safe mode. Open up the registry via start > run > regedt32 and navigate to those locations and delete the entries. Then try to delete the file
is there an old Restore Point you can go back to prior to the beginning of the problem ?
Spyhunter 4 it’ll check for regeneration and removehttp://www.google.com?t=14738636&highlight=
Problem Fixed, used MalwareBytes Anti-Rootkit
Thank for your help. It is appreciated.