what does it mean for MalwareBytes to find malicious registry keys but nothing else?

Posted by EndangeringSpecies on Super User See other posts from Super User or by EndangeringSpecies
Published on 2012-03-19T17:35:11Z Indexed on 2012/03/19 18:07 UTC
Read the original article Hit count: 268

Filed under:

Windows

|

rootkit

|

malware-removal

|

malware-detection

I have a machine that is obviously infected, and when I ran MalwareBytes it told me that it found some "malicious" registry keys (surprisingly enough these contained file path to currently non-existent javascript files). But, that's it. Full scan did not uncover any malicious files, or malicious hidden processes in memory. Like, maybe the (hidden?) process that for whatever reason periodically injects keystrokes (hotkeys?) into whatever currently open window.

Then on another, not obviously infected, machine it found a "malware.trace" registry key but again no files or processes etc.

How does this jive with people's experience with MalwareBytes? Does it usually find registry key symptoms of an infection but nothing else? Or is it a common thing to have no infection but some malicious registry keys in place anyway?

© Super User or respective owner

Related posts about Windows

Server 2012 DFS New Member Issue

as seen on Server Fault - Search for 'Server Fault'
I am trying to add a new member to our DFS topology. We have 3 DCs (VMs - VMware) running Windows server 2012, two servers are located in or Primary site and the third at our DR site. Currently the two servers at our primary site are currently replicating DFS (full mesh) and are working fine. I have… >>> More
error in IIS7 but not on IIS6

as seen on Server Fault - Search for 'Server Fault'
I have a website that is we are now deploying to windows 2008 servers that has worked in the past on IIS6 without a problem. It is using .net 2 framework. Most of the website works. Just when we create a screen report over a certain size on the server we get this error. Event code: 3005 Event… >>> More
error in IIS7 but not on IIS6

as seen on Server Fault - Search for 'Server Fault'
I have a website that is we are now deploying to windows 2008 servers that has worked in the past on IIS6 without a problem. It is using .net 2 framework. Most of the website works. Just when we create a screen report over a certain size on the server we get this error. Event code: 3005 Event… >>> More
Microsoft Management Console stops working when I add snap-in to it

as seen on Super User - Search for 'Super User'
I have Windows 7 Ultimate OS. I'm opening mmc.exe as administrator and trying add Certificates or any other snap-in, then while loading that snap-in MMC breaks and displays following message and after that it closes automatically once I click on close button on that message. What could be the problem… >>> More
Handling keyboard and mouse input (Win API)

as seen on Game Development - Search for 'Game Development'
There is a number of ways to catch mouse or keyboard under Windows. So I tried some of them, but every of them has some advantages and drawbacks. I want to ask you: Which method do use? I've tried these: WM_KEYDOWN/WM_KEYUP - Main disadvantage is that, I can't distinguish between left and right-handed… >>> More

Related posts about rootkit

Rkhunter 122 suspect files; do I have a problem?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am new to ubuntu. I am using Xfce Ubuntu 14.04 LTS. I have ran rkhunter a few weeks age and only got a few warnings. The forum said that they were normal. But, this time rkhunter reported 122 warnings. Please advise. casey@Shaman:~$ sudo rkhunter -c [ Rootkit Hunter version 1.4.0 ] Checking… >>> More
Microsoft Says Rootkit Causes XP 'Blue Screens'

as seen on Internet.com - Search for 'Internet.com'
After a week-long investigation, Microsoft bug sleuths claim they've hunted down the cause of multiple reboots and crashes inflicted on Windows XP users. >>> More
Latest Microsoft Patch Aims To Block Rootkit

as seen on Internet.com - Search for 'Internet.com'
Patch meant to kill off 17-year-old bug was suspected of causing multiple crashes and continuous reboots, but the problems were traced to a rootkit. But since the patch won't install on infected systems, what will users do now? >>> More
Latest Microsoft Patch Aims To Block Rootkit

as seen on Internet.com - Search for 'Internet.com'
Patch meant to kill off 17-year-old bug was suspected of causing multiple crashes and continuous reboots, but the problems were traced to a rootkit. But since the patch won't install on infected systems, what will users do now? >>> More
Microsoft Redux: Windows XP Patch Back to Block Rootkit

as seen on Internet.com - Search for 'Internet.com'
The software giant re-releases the bug patch that some Windows XP users blamed for repeated restarts and blue screen crashes following February's Patch Tuesday release. >>> More