Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Hudson, FL
    Posts
    13
    Thanks
    5
    Thanked 1 Time in 1 Post

    Exclamation Malicious registry code: can't remove it

    Every time I run "Malware Bytes", it identifies a malicious registry code, PUP.Optional.Bandoo.A. Specifically, it's location is: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A).
    I've tried isolating it and deleting using Malware Bytes, and by doing a RegEdit. I have MSE and AVG antivirus running. I've also run TrendMicro's "Housecall". It always comes back, within 5-10 minutes.
    I'm wondering, is Bandoo really a "malicious" code? If so, what threat does it present? I can't seem to really find a difinitive answer. What can I do to permanently delete it?

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 928 Times in 851 Posts
    See if one of these tips using a Google search might help.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. The Following User Says Thank You to Medico For This Useful Post:

    Olgimp (2013-12-06)

  5. #3
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Texas
    Posts
    162
    Thanks
    0
    Thanked 2 Times in 2 Posts
    JRT can remove I think. Handy tool to have anyways Junkware Removal Tool

  6. The Following User Says Thank You to veegertx For This Useful Post:

    Olgimp (2013-12-06)

  7. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    9,957
    Thanks
    126
    Thanked 1,100 Times in 1,012 Posts
    PUPs are apps that usually sneak by you. Most malware protection vendors don't see it as real malware, they are usually just annoying apps that are installed when you install something else. So, are they really malicious? Most, probably not. They just "sneaked" their install - in some cases it's possible that the user actually agreed to download it.
    Rui
    -------
    R4

  8. The Following User Says Thank You to ruirib For This Useful Post:

    Olgimp (2013-12-06)

  9. #5
    3 Star Lounger
    Join Date
    Jul 2012
    Posts
    371
    Thanks
    185
    Thanked 23 Times in 22 Posts
    Check out what Bandoo is for http://search.yahoo.com/search?ei=ut...p=bandoo&type=
    If you still don't want it see if it can be uninstalled
    Check your startups
    Since you know how to use regedit, search for anything Bandoo and delete them especially an exe entry

  10. The Following User Says Thank You to cmptrgy For This Useful Post:

    Olgimp (2013-12-06)

  11. #6
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    5,821
    Thanks
    185
    Thanked 703 Times in 641 Posts
    Olgimp,

    Have you tried running MalwareBytes in Safe Mode? HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  12. The Following User Says Thank You to RetiredGeek For This Useful Post:

    Olgimp (2013-12-06)

  13. #7
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,606
    Thanks
    76
    Thanked 324 Times in 293 Posts

  14. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Hudson, FL
    Posts
    13
    Thanks
    5
    Thanked 1 Time in 1 Post
    Veegertx - Hadn't heard of JRT, but will check it out. See my previous post to medico

  15. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Hudson, FL
    Posts
    13
    Thanks
    5
    Thanked 1 Time in 1 Post
    The registry entry is not a .exe. I suspect it's a linger-er from some past IE search. Already checked startups and programs - not there.

  16. The Following User Says Thank You to Olgimp For This Useful Post:

    cmptrgy (2013-12-07)

  17. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Hudson, FL
    Posts
    13
    Thanks
    5
    Thanked 1 Time in 1 Post
    After reading and checking out all the helpful suggestions, I'm not as concerned about this redundant registry "stat" entry being malicious....more appropriately, annoying. I am going to attempt the malware scan in safe mode to see if I can finally get rid of it. I note it is used in social network sites, and I do use facebook to keep up w/the kiddies ;-). At least it's not a .exe file.

  18. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Hudson, FL
    Posts
    13
    Thanks
    5
    Thanked 1 Time in 1 Post
    Bruce - I consider your referral one of the most informative. Thanks again!

  19. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    9,957
    Thanks
    126
    Thanked 1,100 Times in 1,012 Posts
    Quote Originally Posted by Olgimp View Post
    After reading and checking out all the helpful suggestions, I'm not as concerned about this redundant registry "stat" entry being malicious....more appropriately, annoying. I am going to attempt the malware scan in safe mode to see if I can finally get rid of it. I note it is used in social network sites, and I do use facebook to keep up w/the kiddies ;-). At least it's not a .exe file.
    Have you tried the suggestion by BruceR? Probably you can remove Bandoo without even messing with the registry...
    Rui
    -------
    R4

  20. #13
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Texas
    Posts
    162
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by ruirib View Post
    PUPs are apps that usually sneak by you.
    They just "sneaked" their install - in some cases it's possible that the user actually agreed to download it.
    Thats why you don't do DEFAULT installs of nothing, click through each thing and READ
    LOL Like Google Chrome, have several things want to install that mess and I ain't having it.

  21. #14
    3 Star Lounger
    Join Date
    Jul 2012
    Posts
    371
    Thanks
    185
    Thanked 23 Times in 22 Posts
    I hope you follow up on the uninstall recommendation.
    My brother uses facebook and I checked out his computer for anything Bandoo and there isn't any Bandoo's in his computer
    I have a friend who's always trying to keep up with his kids since things including PUP's for whatever reason come in many times. He also uses Facebook and he doesn't have anything Bandoo either.
    If Bandoo is needed for whatever site it will probably come back; if it does you might be able to figure which site it comes in from
    BTW I also suspect that's why it isn't an exe, it's probably part of some site that has been visited
    In your case Bandoo might be only an annoyance but I would uninstall it unless there's a compelling reason not to
    One reason is the possibility of allowing spyware at a minimum, another reason is not knowing what website it works with - andthe possibilty of eventually some malware creeping in
    Anyway, I like to keep my computer good and clean like you are dong and if my children were still kids I'd be following up on Bandoo are anything unfamiliar to me

  22. #15
    New Lounger
    Join Date
    Mar 2010
    Location
    Massillon,Ohio,USA
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm not familiar with Bando but I had Qone that I had problems removing. I followed all recommendations but nothing. I decided to do a restore point and that solved my problem. The virus got in by tagging on a download I suspect. I did not download a critical program to get it and now all is well. My solution was simple and no aggravation.
    MJ

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •