Tuesday, September 15, 2015

And after three antivirus passes, they are still out there

Just for grins, I used Explorer to search my hard drive for the oddly named program (80454612.exe) I saw running in task manager yesterday.  Surprise, surprise, it was still hiding out on my hard drive, two copies in two obscure locations.  This after running three different anti virus programs.  Naturally I deleted both copies on general principles.
   Take away, if you have the name of a piece of malware, Explorer can find it and zap it.
Being on a roll, I then ran regedit and searched for the same name in the registry.  And, sure enough, on the "Run" key were three program names, one of them odd name.  The other two programs I recognized as my wireless card driver and my calendar program.  So I zapped the odd name just to make sure it was dead.
Take away, if you want to make sure something is gone, search the registry for it and delete any keys containing the name.
  Be careful with regedit.  It will do anything you tell it to.  Some of the stuff in the registry is essential to Windows and if you damage it, Windows will fail to boot up next time.
   There is a place in the registry called "MUIcache" which often contains the names of programs run in the past.  The purpose of MUIcache is not documented by Micro$oft.  Net rumor has it that MUIcache records stuff from the file header of every program ever run.  On my machine, MUIcache had the odd program name that I had been zapping.  I left the MUIcache registry  leaf alone on the majority of advice from the net.  I'm told that popular disk cleaner CCleaner zaps MUIcache, and there was a lively discussion as to whether this was a good idea or not.  I decided not to mess. 

No comments: