Member Avatar for bolzebop

Hello,
I just assembled a new computer about a month ago and now I'm dealing with a small problem.
a plug in called 'Click Potato lite' installed itself on my computer(or else it did when I installed xvid codecs perhaps).
I ran Mbam and my normal anti virus(avast), mbam found a lot of infected stuff related to clickpotato, and so, succesfully deleted it.
Now what's worrying me is that I still find traces of click Potato in my registry, and since I'm not that familiar with deleting stuff in the registry it would be a real help if you could inform me about what to do. I'll post the Mbam log if it's needed.

I hope you can help me out :)

  • 2 Contributors
  • 6 Replies
  • 161 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by PhilliePhan

Recommended Answers

All 6 Replies

Member Avatar for PhilliePhan

I hope you can help me out :)

How do you find the stuff in the registry? (does it show on a scanner or do you go in manually?)

Try this:
Download Bill James’ RegSrch

Extract it to your Desktop and DoubleClick regsrch.vbs
-- if your AV has script blocking, you’ll need to allow this to run
When the dialog box opens, type Potato and Click OK.

You’ll need to save the log that pops up in Wordpad and then submit it for me. We can use that to pull out any remnants.

Cheers :)
PP

Member Avatar for bolzebop

Thank you for the fast reply.
I went in manually because I read that it can come back if it stays in your registry, but I'm not good at those things so I figured asking someone with some experience would be the smartest thing to do.

Here's the log

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "potato" 25-1-2011 14:40:11

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS]

Seems like there are 2 things in there, but I don't know whether they can hurt :)

Member Avatar for PhilliePhan

I read that it can come back if it stays in your registry

No - that's not going to happen.

But, if it makes you feel better, you can still rip them out of there.
-- If you are going in manually, just rightclick those and delete them.

Or, download the attached Fix.txt to the desktop,
-- Rename it Fix.reg
-- Doubleclick it and allow it to merge into the registry

That ought to take care of it.

Cheers :)
PP

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS]
Edited by PhilliePhan because: It would help if I attached the Fix.txt
Member Avatar for bolzebop

Makes me feel better to hear that it won't do that.
Thank you very much PP, I consider this solved :)

Member Avatar for PhilliePhan

Makes me feel better to hear that it won't do that.
Thank you very much PP, I consider this solved :)

You're welcome - Happy to help :)

Over the years, the registry will collect tons of remnants from normal software and malware that has been uninstalled/removed.
Usually they are not a problem unless they consist of legitimate reg keys which have been altered such as security settings and the like.
Sometimes a malware "run key" will be left as a remnant and notifications will pop up on boot that say "suchandsuch.dll" could not be loaded. The actual malware has been removed, but it is still being called on startup. This is annoying, but not harmful - just need to delete the reg key that is calling the previously removed malware component....


PP:)

Edited by PhilliePhan because: n/a
Member Avatar for PhilliePhan

I also wanted to add this:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FClickPotato

That's a fairly thorough enumeration of the changes this baddie makes to you machine (though they may vary for 64-bit OS). You might want to check and see if there is anything that you missed....

ClickPotato is not a particularly pernicious baddie - I probably wouldn't worry too much about it.

Best :)
PP

Edited by PhilliePhan because: Fixed Linky
commented: fast and friendly. +1
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.