Jump to content

CrowsLiveBig

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by CrowsLiveBig

  1. Thanks, Rich. I think I am good to go. I am in the middle of a big clean up of disks and folders and was going to be deleting those folders from my F drive anyway. I looked in quarantine and the original file that got quarantined (prior to the 8 we just worked on) was from my C drive but, since I plan to get rid of this computer in a short time and since I have an idea of what that file does (uninstalls something I don't need but isn't bothering me), I think I'll just let it lie. I appreciate your help. Have a good weekend!
  2. OK, thanks Rich, looking good. I updated by right-clicking on the mbam icon in the system tray and got v. 2013.02.16.07. I scanned these 8 files and nothing was detected. Yay! So should I now click ignore on the scan result page? I'd prefer to click remove if that is OK (this disk isn't a boot disk, it used to be my boot disk, but I moved it from being my C: (boot) drive to my secondary drive, F: (non-boot), when I went from Vista to Win 7). Also, what about that one file that got quarantined yesterday? I don't know if it is on the F: drive or not until I navigate away from this scan result page.
  3. Sorry, Rich. I am getting confused here. Here is a second affected file. Please use this one instead. In the first one I sent, I thought I had compressed s1vo.1 but I see that the zip file is s1vo. Since the folder contains two files s1vo (7KB uncompressed) and s1vo.1 (3550 KB uncompressed), I am wondering if I accidentally compressed the wrong (and therefore unaffected) file. However, it may be that the compression doesn't completely use the original file name. At any rate, please use the file I have sent here (Memeo_Sync_setup). Memeo_Sync_Setup.zip
  4. Here is one of the affected files. Thanks for your help. s1vo.zip
  5. Ok, heading back to send the file (1 mile away).
  6. Corrected post with additional question (sorry, working from alternate device away from computer): Sorry to be dense, here, but how do I handle the open scan result window? If I leave it open and scan in dev mode, will that be ok? Or are you suggesting I click ignore? To zip, do I buy winzip from winzip.com or is something built into Win 7 or ...? Also, to be prudent, should I not use the computer until this is worked out?
  7. Sorry to be dense, here, but how do I handle the open scan result window? If I leave it open (mbam scan result winsow) and cc an in dev mode, will that be ok? To zip, do I buy winzip from winzip.com or is something built into Win 7 or ...?
  8. Thanks, Shadowwar. Here is the log file. The 8 most recently affected files are not on my boot drive. (I'm not sure about the one that was detected originally, no log file was created.) These 8 are on my F drive which is an internal drive but is not used to install programs or for the OS. In this case, would it be OK to remove them? I'm not feeling comfortable saying Ignore. Log file: ===================== Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.16.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 name :: CINDY-PC [administrator] Protection: Enabled 2/16/2013 2:51:55 AM MBAM-log-2013-02-16 (12-18-41) 8 detections after updating mbam db.txt Scan type: Full scan (C:\|F:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 670370 Time elapsed: 2 hour(s), 42 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 F:\Program Files\McAfee\SiteAdvisor\Download\s1vo.1 (Trojan.Backdoor.MRX) -> No action taken. F:\Puggs_Backup\HTC HD2 Backups\Drag&Drop\HD2yyy20111231\Storage Card\Multimedia Sync by doubleTwist.exe (Trojan.Backdoor.MRX) -> No action taken. F:\Puggs_Backup\HTC HD2 Backups\Drag&Drop\HD2yyy20120321\Storage Card\Multimedia Sync by doubleTwist.exe (Trojan.Backdoor.MRX) -> No action taken. F:\Puggs_Backup\Seagate\Seagate FreeAgent GoFlex\Disk 13\Seagate\SeagateDashboard\SeagateDashboard.exe (Trojan.Backdoor.MRX) -> No action taken. F:\Puggs_Backup\Seagate\Seagate FreeAgent GoFlex\Disk 13\Seagate\SeagateDashboard\Products\Memeo_Instant_Backup_Setup.exe (Trojan.Backdoor.MRX) -> No action taken. F:\Puggs_Backup\Seagate\Seagate FreeAgent GoFlex\Disk 13\Seagate\SeagateDashboard\Products\Memeo_Send_Setup.exe (Trojan.Backdoor.MRX) -> No action taken. F:\Puggs_Backup\Seagate\Seagate FreeAgent GoFlex\Disk 13\Seagate\SeagateDashboard\Products\Memeo_Share_Setup.exe (Trojan.Backdoor.MRX) -> No action taken. F:\Puggs_Backup\Seagate\Seagate FreeAgent GoFlex\Disk 13\Seagate\SeagateDashboard\Products\Memeo_Sync_Setup.exe (Trojan.Backdoor.MRX) -> No action taken. (end) MBAM-log-2013-02-16 (12-18-41) 8 detections after updating mbam db.txt
  9. Last night mbam quarantined one file with Trojan.Backdoor.MRX. I read about the false positives on this forum, and that the problem had been solved in the new database, so I updated the database and ran a full scan overnight. However eight more detections were found. 1. If these really are false positives, why am I still getting detections and what should I do next? 2. On the scan result screen, does remove mean quarantine? Since I don't need these eight files, I'm inclined to remove them even though this may be a false positive. My options are remove selected, ignore, save log, main menu, exit. If I remove them does it just delete those files or does it make changes to the registry as well that I might regret? 3. I would look at the mbam help files but I'm concerned about navigating away from the scan result screen. Other info: I also run Eset NOD32. Yesterday, before these detections happened, I downloaded a free open source utility called winmerge from winmerge.org via sourceforge.net. Although I tried to check it out before downloading it and it seemed safe and well reviewed, it makes me very wary since I have never downloaded an executable, at least not for many years.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.