0

Hello,
I just assembled a new computer about a month ago and now I'm dealing with a small problem.
a plug in called 'Click Potato lite' installed itself on my computer(or else it did when I installed xvid codecs perhaps).
I ran Mbam and my normal anti virus(avast), mbam found a lot of infected stuff related to clickpotato, and so, succesfully deleted it.
Now what's worrying me is that I still find traces of click Potato in my registry, and since I'm not that familiar with deleting stuff in the registry it would be a real help if you could inform me about what to do. I'll post the Mbam log if it's needed.

I hope you can help me out :)

2
Contributors
6
Replies
7
Views
6 Years
Discussion Span
Last Post by PhilliePhan
0

I hope you can help me out :)

How do you find the stuff in the registry? (does it show on a scanner or do you go in manually?)

Try this:
Download Bill James’ RegSrch

Extract it to your Desktop and DoubleClick regsrch.vbs
-- if your AV has script blocking, you’ll need to allow this to run
When the dialog box opens, type Potato and Click OK.

You’ll need to save the log that pops up in Wordpad and then submit it for me. We can use that to pull out any remnants.

Cheers :)
PP

0

Thank you for the fast reply.
I went in manually because I read that it can come back if it stays in your registry, but I'm not good at those things so I figured asking someone with some experience would be the smartest thing to do.

Here's the log

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "potato" 25-1-2011 14:40:11

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS]

Seems like there are 2 things in there, but I don't know whether they can hurt :)

0

I read that it can come back if it stays in your registry

No - that's not going to happen.

But, if it makes you feel better, you can still rip them out of there.
-- If you are going in manually, just rightclick those and delete them.

Or, download the attached Fix.txt to the desktop,
-- Rename it Fix.reg
-- Doubleclick it and allow it to merge into the registry

That ought to take care of it.

Cheers :)
PP

Edited by PhilliePhan: It would help if I attached the Fix.txt

Attachments
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS]
0

Makes me feel better to hear that it won't do that.
Thank you very much PP, I consider this solved :)

0

Makes me feel better to hear that it won't do that.
Thank you very much PP, I consider this solved :)

You're welcome - Happy to help :)

Over the years, the registry will collect tons of remnants from normal software and malware that has been uninstalled/removed.
Usually they are not a problem unless they consist of legitimate reg keys which have been altered such as security settings and the like.
Sometimes a malware "run key" will be left as a remnant and notifications will pop up on boot that say "suchandsuch.dll" could not be loaded. The actual malware has been removed, but it is still being called on startup. This is annoying, but not harmful - just need to delete the reg key that is calling the previously removed malware component....


PP:)

Edited by PhilliePhan: n/a

1

I also wanted to add this:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FClickPotato

That's a fairly thorough enumeration of the changes this baddie makes to you machine (though they may vary for 64-bit OS). You might want to check and see if there is anything that you missed....

ClickPotato is not a particularly pernicious baddie - I probably wouldn't worry too much about it.

Best :)
PP

Edited by PhilliePhan: Fixed Linky

Votes + Comments
fast and friendly.
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.