RedStarSQD

final entry: infection was thru a poorly crafted social engineering email ...that pointed to an url with an .exe file.

ok so i applied a exe registry fix..this allowed mbam to update. it detected and seems to have successfully removed the antispyware 10 malware. woo but he is using ie8 and zonelab so a bit disconcerting it all failed him (well if it was a malicious website vs a trojan (says did not download anything). sooo good job you guys. woo !!

My dad's computer is now infected with XP Antispyware 2010 (av.exe process) running any exe file causes the malware to run. have mbam already on system ... He also had paid version of zone alarm with real time protection turned on ..to no avail. i guess. (this is not disabled by the malware) ok. so as per instructions on this forum... i renamed mbam.exe to mbam.com. It runs. I did quick scan and it found only a couple related issues..like firewall turned off. It did not find the malware. i clicked on update..and it downloads a 4 meg file. It then says will close and install the update. But it does not install the updates as indicated in the removal instructions (makes no mention of this problem). Soooo..... how do i get mbam to update so it will recognize this malware and remove it? TIA

Probably false..since prior scans left alone until the update just before i scanned and got this. I am not familiar with spyware.agent. Thus, i am not sure if this is really telling me something piggy backed onto the file...though this seems unlikely. Malwarebytes' Anti-Malware 1.36 Database version: 1955 Windows 6.0.6001 Service Pack 1 4/9/2009 7:21:54 AM mbam-log-2009-04-09 (07-21-16).txt Scan type: Quick Scan Objects scanned: 66749 Time elapsed: 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 51 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\dxaxhost.desktopx (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\TypeLib\{bb49bac9-e2fb-44eb-93c4-e0f2ddee4eab} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{16278baf-9809-47f5-be03-f725bc499e5e} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{42aad1be-542a-4f2d-8c39-1ec77ece4a54} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{460bbe8f-28f6-4214-a35c-9e11efb50996} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{4bd637d4-7497-43d2-8dd2-8a338cadfc01} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{4e797275-634e-48e3-b016-ee4626247362} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{541d379a-8525-4679-bd95-7762a35eb4a3} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{657b52cb-9d1f-45eb-af6e-0a4e7c09fb52} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{6b3bdc6e-6413-40a8-b44c-c3dfb4b767e6} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{753cb499-e958-4301-8a89-e8ede84f25f7} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{a7162c35-5ec6-4f66-beed-d933df855282} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{a9749998-dfab-4158-aff6-5f20ca2722e2} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{b2d0778b-ac99-4c58-a5c8-e7724e5316b5} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{b6ea2051-048a-11d1-82b9-00c04fb9942e} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{d4ff1d76-f7e7-4695-8133-4a7c385f39ff} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{e3019507-b532-46e0-b6bf-ab5589b458c5} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{ea219b20-4da3-433e-988b-88bf291a8110} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\Interface\{fa76f502-7b28-4bfc-8055-b0977fbd3bc9} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{0cb13fc5-efa6-400f-9f32-235193a2d8c1} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{1251c89e-c28b-4523-934c-b8c25550af8b} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{3591bcca-6d3a-4c9e-9890-5eb6561d903e} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{75328d64-87cf-4848-a831-35deafe27822} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{7a233969-a455-4641-90b7-23f904a0af2a} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{80a21aa6-7efa-496f-8369-2e813e25b97b} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{871e56b6-59e6-48d9-ab00-85f66765abc2} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{ab9fa086-83c4-4f56-b614-77ca8c349270} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{d59cf868-3464-49d3-9a96-3e6890edc7e8} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{d8650b19-884f-43b6-a1f4-23a3156f7671} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\CLSID\{e745b262-93b6-4630-b26e-4e0cd4c435ec} (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\dxaxhost.desktopx.1 (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994] HKEY_CLASSES_ROOT\dxaxhost.dxform (Spyware.Agent) -> No action taken. [4054423730922466192020262326146621222214212321181426176724141920712617216617667 1196694] HKEY_CLASSES_ROOT\dxaxhost.dxform.1 (Spyware.Agent) -> No action taken. [4054423730922466192020262326146621222214212321181426176724141920712617216617667 1196694] HKEY_CLASSES_ROOT\dxaxhost.dxmenu (Spyware.Agent) -> No action taken. [4054423730922517661918666623142470716614212623711425202326141970251820701922672 6246794] HKEY_CLASSES_ROOT\dxaxhost.dxmenu.1 (Spyware.Agent) -> No action taken. [4054423730922517661918666623142470716614212623711425202326141970251820701922672 6246794] HKEY_CLASSES_ROOT\dxaxhost.object (Spyware.Agent) -> No action taken. [4054423730926922266871252325142021232114212669201426662623142070232526177069682 4702594] HKEY_CLASSES_ROOT\dxaxhost.object.1 (Spyware.Agent) -> No action taken. [4054423730926922266871252325142021232114212669201426662623142070232526177069682 4702594] HKEY_CLASSES_ROOT\dxaxhost.objectcollection (Spyware.Agent) -> No action taken. [4054423730921768671820716822147071662314211717711426712019141920221826206619692 5681894] HKEY_CLASSES_ROOT\dxaxhost.objectcollection.1 (Spyware.Agent) -> No action taken. [4054423730921768671820716822147071662314211717711426712019141920221826206619692 5681894] HKEY_CLASSES_ROOT\dxaxhost.preference (Spyware.Agent) -> No action taken. [4054423730926925232217671826142525217114212067231466187121141920662018222371242 3241894] HKEY_CLASSES_ROOT\dxaxhost.preference.1 (Spyware.Agent) -> No action taken. [4054423730926925232217671826142525217114212067231466187121141920662018222371242 3241894] HKEY_CLASSES_ROOT\dxaxhost.root (Spyware.Agent) -> No action taken. [4054423730926667267166172523142520682114217122231467231821142424686625682021261 9241794] HKEY_CLASSES_ROOT\dxaxhost.root.1 (Spyware.Agent) -> No action taken. [4054423730926667267166172523142520682114217122231467231821142424686625682021261 9241794] HKEY_CLASSES_ROOT\dxaxhost.script (Spyware.Agent) -> No action taken. [4054423730927024212267192319142620672314212320171467192370142170176869216821202 2706894] HKEY_CLASSES_ROOT\dxaxhost.script.1 (Spyware.Agent) -> No action taken. [4054423730927024212267192319142620672314212320171467192370142170176869216821202 2706894] HKEY_CLASSES_ROOT\dxaxhost.state (Spyware.Agent) -> No action taken. [4054423730922524187022236723142226702314212569261466671717142522712323242322666 7681994] HKEY_CLASSES_ROOT\dxaxhost.state.1 (Spyware.Agent) -> No action taken. [4054423730922524187022236723142226702314212569261466671717142522712323242322666 7681994] HKEY_CLASSES_ROOT\dxaxhost.system (Spyware.Agent) -> No action taken. [4054423730922022261867686866142369206614216826701426252617142270672322231869261 7207094] HKEY_CLASSES_ROOT\dxaxhost.system.1 (Spyware.Agent) -> No action taken. [4054423730922022261867686866142369206614216826701426252617142270672322231869261 7207094] HKEY_CLASSES_ROOT\dxaxhost.widget (Spyware.Agent) -> No action taken. [4054423730921819221868252670146819256714212219201426202168146725681922222217667 1256794] HKEY_CLASSES_ROOT\dxaxhost.widget.1 (Spyware.Agent) -> No action taken. [4054423730921819221868252670146819256714212219201426202168146725681922222217667 1256794] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: F:\Games\GalCiv2\SDPlugins\DXAxHost.dll (Spyware.Agent) -> No action taken. [4054423730922422201925692321142524687114212521251466252018142022697066717019242 5191994]