Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
fixcar1

What is Registry Editor CodeASU1

Recommended Posts

fixcar1    0

I need information on what codeASU1 is in my registry editor.

See Attachment

One program tells me it is Bifroze Trojan but that is one program Advance System Optimizer.

Ran ESET online no virus; also Norton; no virus detected.

Malware bytes all ok nothing found.

I need to know if this key is good and what program did this CodeASU1 come from?

Thank you in advance

Lee

post-329192-0-93087100-1311817850_thumb.

Edited by fixcar1

Share this post


Link to post
Share on other sites

allen2    1

The only way to be sure, is to uninstall properly Advanced System Optimizer and see if the reg entry is also removed.

Share this post


Link to post
Share on other sites
adamt    0

You could download Process Monitor from Sysinternals, and run that, looking for what is accessing that key.

Start process monitor with the /noconnect switch (c:\path\to\procmon.exe /noconnect) - which will stop it from instantly logging every single bit of activity from the second it loads.

Add a filter:

If path excludes "CodeASU1" then Exclude. Also, use the 'drop filtered events' option - to stop it from filling up your pagefile.

Now tell it to start capturing events, and from there on, it's a waiting game to see which processes are touching that key.

Share this post


Link to post
Share on other sites
Tripredacus    286

It does look to be that virus. Here is more info

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FBifrose.ACI

Other user reports online have found problems removing it fully, as MSE and Kapersky (from March 2011) only would do a partial quarantine.

Moving to AV forum, as I can't find a good set of removal instructions that doesn't involve downloading some weird removal tool.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×