Malicious registry code: can’t remove it

Topic

New Reply

Every time I run “Malware Bytes”, it identifies a malicious registry code, PUP.Optional.Bandoo.A. Specifically, it’s location is: HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A).
I’ve tried isolating it and deleting using Malware Bytes, and by doing a RegEdit. I have MSE and AVG antivirus running. I’ve also run TrendMicro’s “Housecall”. It always comes back, within 5-10 minutes.
I’m wondering, is Bandoo really a “malicious” code? If so, what threat does it present? I can’t seem to really find a difinitive answer. What can I do to permanently delete it?

Reply | Quote

Replies

See if one of these tips using a Google searchmight help.

Reply | Quote

JRT can remove I think. Handy tool to have anyways Junkware Removal Tool

Reply | Quote

Veegertx – Hadn’t heard of JRT, but will check it out. See my previous post to medico

Reply | Quote

PUPs are apps that usually sneak by you. Most malware protection vendors don’t see it as real malware, they are usually just annoying apps that are installed when you install something else. So, are they really malicious? Most, probably not. They just “sneaked” their install – in some cases it’s possible that the user actually agreed to download it.

Reply | Quote

PUPs are apps that usually sneak by you.
They just “sneaked” their install – in some cases it’s possible that the user actually agreed to download it.

Thats why you don’t do DEFAULT installs of nothing, click through each thing and READ
LOL Like Google Chrome, have several things want to install that mess and I ain’t having it.

Reply | Quote

Check out what Bandoo is for http://search.yahoo.com/search?ei=utf-8&fr=slv1-hpd03&p=bandoo&type=
If you still don’t want it see if it can be uninstalled
Check your startups
Since you know how to use regedit, search for anything Bandoo and delete them especially an exe entry

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

The registry entry is not a .exe. I suspect it’s a linger-er from some past IE search. Already checked startups and programs – not there.

Reply | Quote

Olgimp,

Have you tried running MalwareBytes in Safe Mode? HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Remove Bandoo (Uninstall Guide)

Bruce

Reply | Quote

After reading and checking out all the helpful suggestions, I’m not as concerned about this redundant registry “stat” entry being malicious….more appropriately, annoying. I am going to attempt the malware scan in safe mode to see if I can finally get rid of it. I note it is used in social network sites, and I do use facebook to keep up w/the kiddies ;-). At least it’s not a .exe file.

Reply | Quote

After reading and checking out all the helpful suggestions, I’m not as concerned about this redundant registry “stat” entry being malicious….more appropriately, annoying. I am going to attempt the malware scan in safe mode to see if I can finally get rid of it. I note it is used in social network sites, and I do use facebook to keep up w/the kiddies ;-). At least it’s not a .exe file.

Have you tried the suggestion by BruceR? Probably you can remove Bandoo without even messing with the registry…

Reply | Quote

Bruce – I consider your referral one of the most informative. Thanks again!

Reply | Quote

I hope you follow up on the uninstall recommendation.
My brother uses facebook and I checked out his computer for anything Bandoo and there isn’t any Bandoo’s in his computer
I have a friend who’s always trying to keep up with his kids since things including PUP’s for whatever reason come in many times. He also uses Facebook and he doesn’t have anything Bandoo either.
If Bandoo is needed for whatever site it will probably come back; if it does you might be able to figure which site it comes in from
BTW I also suspect that’s why it isn’t an exe, it’s probably part of some site that has been visited
In your case Bandoo might be only an annoyance but I would uninstall it unless there’s a compelling reason not to
One reason is the possibility of allowing spyware at a minimum, another reason is not knowing what website it works with – andthe possibilty of eventually some malware creeping in
Anyway, I like to keep my computer good and clean like you are dong and if my children were still kids I’d be following up on Bandoo are anything unfamiliar to me

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

I’m not familiar with Bando but I had Qone that I had problems removing. I followed all recommendations but nothing. I decided to do a restore point and that solved my problem. The virus got in by tagging on a download I suspect. I did not download a critical program to get it and now all is well. My solution was simple and no aggravation.
MJ

Reply | Quote

AdwCleaner is a program designed to rout out PuPs which you could try.

Reply | Quote

If you are still intersted in removing Bandoo, please let us know whether or not you have been able to uninstall it or if AdwCleaner worked for you.

If nothing has worked yet
You have already tried to delete
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExt Stats{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A)
in the registry but Bandoo still comes back
You have checked your startups and it doesn’t have anything Bandoo in it

Unisntall any program that you don’t need or looks fishy

If that doesn’t work go back into the registry,, in addition to deleting the above registry item aslo do a search for Bandoo
— It might be in more than one entry
— As it finds Bandoo entries, you might be able to even find which application/program Bandoo is associated with in your case
— I don’t like to assume things but I suspect you know how to work in the registry and ensure the computer stays ok

After all that if still unsuccesful, I would try CCleaner. I know many people don’t feel registry cleaners are worth using etc
— But I can guarantee you I have helped many friends and volunteers clean up their computers very well with CCleaner
— But it shouldn’t be used to clean up everything all at once plus normal maintenance items should already be in place
— If you decide to try it, just run the Cleaner section first
— Then in the registry section, unclick all items but one and clean out that section only
—— Make very sure the computer still runs ok after that
— Then if you want to continue continue, check in a 2nd item etc
Good luck

HP EliteBook 8540w laptop Windows 10 Pro (x64)

Reply | Quote

You have not said whether you’ve used a tool such as Autoruns or WhatInStartup. If you haven’t use either one to display and manage what gets started when you boot the system. Autoruns produces a vast amount of information. You should refer to the Logon tab. If you aren’t sure of what some entries are post a screenshot and someone here will help identify it.

What ever is adding the registry entry is not necessarily named anything close to Bandoo.

Joe

--Joe

Reply | Quote