user_avatar****

I used AdwCleaner v6.010 and it came up clean.  I used it ten days later and it came up with

*****  [ Registry ] *****

[ - ] Key deleted:  HKLM\SOFTWARE\Classes\SAVI.SAVI

[ - ] Key deleted:  HKLM\SOFTWARE\Classes\SAVI.SAVI.3

I checked in my control panel and I have had 4 programs installed on my computer during that time period:

NetBeans IDE 8.1

Java 8 Update 101 (64-bit)

Java SE Development Kit 8 Update 101 (64-bit)

Sophos Anti-Virus.

Other than those programs being installed, I visited websites that are pretty safe, like my college website and netbeans.org and oracle.com and a few other places that are okay by safeweb.norton.com.

Anyway, I was wondering if anyone knew anything about those items in the registry.  I still have them locked in the AdwCleaner quarantine.  I have scanned them with Sophos Endpoint Security and Control and Malwarebytes Anti-Malware (free edition) and they both came up clean.  I tried googling savi.savi.3 virus and came up with some information about Sophos Anti-Virus, with a file savi.dll also being associated.  If they are genuinely associated with Sophos, I would like to restore them.  However, if someone has infiltrated my computer through Sophos, I would like to delete them.  Does anyone have any information?  Has anyone experienced anything similar?

Thanks a lot!

Additional information:

They're currently located in quarantine.  However, their filenames are

reg_kmxxiidzkqsvskvuaafvvcqalnidaaxu

reg_uyxbdxfygppblgvmiwglsjkfvebnxtfw

The first one is 588 bytes (4,096 bytes for "size on disk") and the second one is 446 bytes (4,096 bytes for "size on disk").  I don't know if those are realistic sizes for registry files.  I thought it seemed small, but I have no idea.

Re: Virus in registry or false alarm??

Hello,

This FP has been removed from the definitions.

Sorry for the inconvenience,