GLESgunn

OK, I updated, then restored the quarantined file, then did a quick scan. scan reports no malware detected. I'm guessing it's all OK now.

NOTE: I have quarantined the item in question and it is still in quarantine. I have read the instructions about doing a scan in developer mode and appending the log here. But it is not clear to me whether I first need to "UN-quarantine" the quarantined file. Please advise, and please clarify your general "False Positive" instructions so that point is clear. Also, the quarantined/suspect item did not turn up in a scan, but appeared to have been flagged by MB simply while it was running in background. --- MB just informed me of the presence of "Trojan.Packer.Gen" on my system. I responded my putting it in Quarantine The warning came as I was running the Microsoft utility to determine whether my machine was compatible to upgrade to Windows 7. It said the malware infection was located in C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDDriveInfo.exe. I believe that the above file is related to my portable hard drive, which is installed in this machine but which is not normally attached to the machine (it attaches via USB). (The portable hard drive was acquired a few years ago solely to make it easier to transfer files from an old machine about to be retired to a newer machine.) My question: Was the MB warning possibly a false positive, and if I delete the supposed malware would I be unwittingly disabling my ability to use the portable hard drive? If NOT, I'm puzzled about how the malware would have chosen that particular file to infect, since the Portable Hard Drive is rarely used and there's no association between using it and my being online. This isn't an urgent question at this point but I'd really be curious for insight. I am a constant user of my machine, but my technical understanding of some of this stuff is admittedly limited.

Also: Do I need to unquarantine the file for it to be detected in the new scan? Also: Understand, also, that it was NOT found during a regular scan, but MB detected it while simply running in the background.

Will do. Please understand I'm not asserting this IS a false pos. just wondering if that's possible.

MB just informed me of the presence of "Trojan.Packer.Gen" on my system. I responded my putting it in Quarantine The warning came as I was running the Microsoft utility to determine whether my machine was compatible to upgrade to Windows 7. It said the malware infection was located in C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDDriveInfo.exe. I believe that the above file is related to my portable hard drive, which is installed in this machine but which is not normally attached to the machine (it attaches via USB). (The portable hard drive was acquired a few years ago solely to make it easier to transfer files from an old machine about to be retired to a newer machine.) My question: Was the MB warning possibly a false positive, and if I delete the supposed malware would I be unwittingly disabling my ability to use the portable hard drive? If NOT, I'm puzzled about how the malware would have chosen that particular file to infect, since the Portable Hard Drive is rarely used and there's no association between using it and my being online. This isn't an urgent question at this point but I'd really be curious for insight. I am a constant user of my machine, but my technical understanding of some of this stuff is admittedly limited.

Thanks everyone. I've downloaded and installed Avast. After a bit of adjustment -- it turned out I had to change all my Outlook email accounts' incoming and outgoing ports so that it would scan mail -- it looks very good. And seems to have a much smaller footprint than AVG. I've set it to do quick scans daily and a thorough scan once a week. I trust that's OK?

Thanks for the responses. I see there are several who recommend Avast, so I may try that. Machine is Win XP SP 3, I think it's 32 bit... I'd appreciate any advice on installing avast so that there isn't a conflict w/ MBAM.

I have been running AVG up to now but have quit using it because AVG 2011 disabled my machine. I've been a satisfied MalwareBytes user since 2009. Is MalwareBytes all I need on my system? Does it scan incoming email for viruses? It does a very good job for me of blocking bad web sites. Thank you.

I followed your instructions and the IP Protection popup balloon now works. Thank you. There is still the separate issue of the false positive on a particular site, which I have previously reported here. But thank you for helping me get the popup warning working.

I've been told here that when MB's IP Protection feature blocks a web site I'm supposed to get a balloon notification. But that is not happening and never has. How can this be fixed???

The IP Address 67.212.94.146 was repeatedly blocked by Malwarebytes. Further it was blocked without any warning or bubble to tell me that it was being blocked. All I knew was my browser repeatedly failed to load it. I spent over a month trying to resolve the problem without a clue that it originated with Malwarebytes. I have since put the IP address on the ignore list for the IP Protection feature. But you should know that it should not have been blocked in the first place.

Well I am not getting any popup balloon. I have re-enabled the IP blocker, and tried the site. It got blocked. I then right-clicked the Malwarebytes icon and got the option to ignore the IP address for the site. So now IP blocker is enabled and I can still reach the site in question. Thank you for that. However, again, I got no popup all that time the site was being blocked, and if it hadn't been for sheer happenstance today would have had no idea Malwarebytes was the reason I could not reach it.

I just learned today, by happenstance, that my (paid) copy of Malwarebytes even HAD an IP blocking feature. For nearly 2 months I've been trying to reach a particular, known site that I needed to access. I could never get it on my desktop computer, but I could on my laptop, using the same home network. Today, coincidentally, I happened to right-click my Malwarebytes system tray icon. I noticed the "IP Protection" feature checked (I wasn't even aware it existed) and thought maybe that was causing the problem with the one particular web site. So I unchecked it and got to the web site I wanted just fine. I've appreciated Malwarebytes but I am frustrated that 1) I never knew this feature was implemented and 2) when I was trying to reach the site for the last two months, I simply got a fail on Firefox and NO pop-up from Malwarebytes telling me that Malwarebytes was blocking the site. If you have an FAQ on how to effectively use the IP Protection feature please post it. For now I'm going to leave it disabled.

Thank you for your help in removing what you have diagnosed as apparently the Win32:Daonoll variant. I'm planning to buy your program. I'd like to know if you have a recommended protocol for use in conjunction w/ an anti-virus program. (The infection you helped me get rid of appeared to have gotten in despite a daily updated AVG 8.5 av program.) SHould I run a MalwareBytes scan every day? once a week? And thank you again!

Looks like it worked. I was now able to update AVG successfully. I also ran the Malware Bytes update utility successfully. I've done a couple of random Google searches and I am not seeing any re-direction. Thank you. If you have any going-forward advice I'd welcome it. Also, I know you're busy, but if you could direct me to where I could learn more about this particular infection, and how I managed to get it despite my AVG anti-virus program I'd be most grateful. Have a good day.