Jump to content

Utopian

Members
  • Posts

    34
  • Joined

  • Last visited

Reputation

0 Neutral

About Utopian

  • Birthday 03/03/1974

Contact Methods

  • ICQ
    0
  • Yahoo
    soundgarden_0303@yahoo.com

Profile Information

  • Location
    Iloilo
  1. Hi Kenny94, As I told Maniac, I dont have a rescue cd or an OS installer although its still the original authentic MS XP SP3 OS that came with the laptop, so reformat/reinstall is not an option for the owner, at least unless he buys a new OS installer. I tried to follow Maniacs recommendation to download and run Dr.Web CureIt but it wont run, I tried it twice. I press the Dr.Web.exe icon and nothing happens no activity in task mgr or sign in pointer that Dr.Web is loading, I wait for 10+ mins and nothing, it just sits there. Just downloading it takes a long time and at the time the owner was in a hurry so instead I just updated and ran scans of A-A Pro, MBAM, and AVZ, came up clean. The laptop seems to feel fine and fast and has been connected to the web. I have posted the last HJT log in post #9 above. If Dr. Web won't run is that a sign that there is still malware? Are you absolutely sure that the laptop is still infected?
  2. Hello Borislav, I downloaded Dr.Web CureIt twice but it would not run. The owner was kind of in a hurry so I just ran MBAM, A-A Pro and AVZ and they dont find anything. The laptop had been used by the owner online for several days now and it seems to operate well and feels fast now. I see an entry in the HJT log about a Thunderadvise BHO but its also marked (file missing)-is this something to worry about?. I would have wanted to run the Kaspersky Rescue CD again and know why Dr.Web wont run but its kind of hard to get hold of the laptop, the owner and I seldom meet and if we do he's mostly in a hurry. I don't think I will get hold of that laptop any time soon, I'm just waiting for any complaints from the owner. Why do you think Dr. Web would not run? Is that a sign that malware is still in the laptop?
  3. Borislav if I can just reformat and reinstall I would have but as I said I dont have and the owner does not have a Win XP CD and he does not seem to plan on buying a new OS CD which is kind of expensive here. I guess we here will have to see what happens, so if we dont reformat how long do you think would the laptop stay trouble free? and since it seems your telling me its hopeless(even though the laptop seems ok now)how does the owner back up his data and how do we check to see if the backup is also infected? Please if possible give a not so expensive solution(i mean other than buying a new OS).
  4. Hi Borislav, Since you recommended using a Rescue CD, I just remembered I had a Kaspersky 2010 Rescue CD so I decided to use that instead of Avira cz I did not want to go thru downloading the iso and CD burning. Running the rescue disk did find 2 instances of W32.Sality.aa 3 instances. I did 3 scans of the rescue CD and the final scan did not find anything. I also did updated scans of MBAM and A-A Pro and they also found nothing. Heres the latest HJT log and attached is the latest avz log - I used avz to fix the safe boot prob and this tool I think is one of the best! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:49:02 AM, on 7/22/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Panda USB Vaccine\USBVaccine.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file) O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\MSCONF~1.EXE /auto O4 - Startup: PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174928158234 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199407082312 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...991/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{97941A97-712B-4D5D-9E02-DCE833B2266D}: NameServer = 8.8.8.8 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O21 - SSODL: ThunderAdvise - *DISABLED*{97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: chitosan - {ceca6f2b-247b-4ece-9b7a-d0135c8036fc} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11066 bytes avz_log072210.txt
  5. Hello Borislav, I have just found out about AVZ tool and its a possible solution to fixing the safe boot prob. Right now the laptop is with the owner so I cant continue with the fix it, I just told him to refrain as of this time from connecting it to the internet and using usb drives with it. Could you confirm to me if AVZ will fix booting in safe mode? Also I plan to just do the regular update and scan with both A-A Pro and MBAM after updating them. I jst remembered I still have not turned system restore back on in that laptop but I will do later. Another thing I remembered to do is maybe check with ShieldsUp and maybe install a firewall, although I worry about installing this type of software coz the owner might not like or understand having those pop-ups. I have read the blog you posted but I won't give up on this coz I'm already into deep and I can't tell him he has to buy an OS installer(cz he does not have any OS CD) which is very expensive here and right now hes kind of down financially. I'm not recieving any money from the owner, I'm just trying to help him he's the father a friend of mine. So please what I need is your assurance that what I'm doing is on the right track and your superior knowledge to guide as to what best I can do. I think MBAM,A-A Pro and myself have turned the tide here, please help us continue the fight...c'mon
  6. Unfortunately reformat/repair could not be an option coz the owner does not have a XP SP3 installer although his Windows is authentic. Are you sure that reformat is the only option? A-A Pro can detect and remove Sality however I guess it cant remove the trojans that have Sality as payload thats why it kept returning. Thats where MBAM came in and took care of the Trojans. Last scans with MBAM showed clean, Last scans with A-A Pro also clean. The only prob now is fixing Safeboot(which is removed by Sality). I think the malware has already been taken care of. I have to admit I'm just piecing it all up together but I just want your advice as to what additional procedure must I do to make sure the malware are really gone since you are more knowledgeable. So sorry I had to go on fixing the laptop without your guidance but the owner just cant wait. Please what do I do now to check and make sure there are no malware anymore and how to fix booting in safe mode. Please Borislav I'd really appreciate it.
  7. Hello Maniac, Thank you very much for responding, I just want to update you that because the owner was kind of in a hurry what I did was I got rid of all the detections bit by bit so in case something goes wrong I can restore it from quarantine. Every time I finished removing some I again scanned with MBAM(full scan)until it had removed the last and after this I did a final full scan and MBAM detected nothing. I also did an updated full scan with Ad-Aware Pro(since its the regular paid AV) and it too found nothing. Before all this I had run SysRestorePoint and ERUNT then GMER which did not seem to find anything. Afterwards, just to be sure I then turned off System Restore, cleaned with ATF cleaner and CCleaner. Then thats when I did the bit by bit removal with MBAM taking care to fully scan before again removing until I had eliminated the last and did the last full scans with MBAM and A-A Pro which showed nothing. Afterwards I removed all malware from quarantine, totally deleted them. All the logs are on that laptop, which is now being used by the owner, so I cant give them to you now. I had installed Panda usb vaccine and adviced him to scan and clean all his usb drives. When the owner brought the laptop to me it wont run msconfig,task mgr,defrag,services and safe mode. With some bit of research I had fixed all except booting in safe mode. What his av(A-A Pro) had mostly detected first was W32.Sality.ek (v) but it kept returning so thats why I installed MBAM. Now I'm still trying to figure out how to get that laptop to boot in safe mode(it boots up in normal mode), this could have been damage made by W32.Sality since I read somewhere that is one of its bad effects. I'm an aspiring malware fighter so I have learned a lot from this, it's great. I just want to ask you now, has MBAM finished it all off? and how do I find out if it has(last scans w/ MBAM and A-A Pro turned up nothing)? and last maybe you could help me fix the safe boot problem.
  8. Hello MBAM Forum, Had just downloaded MBAM updated and ran. It found 80+ malware or so and I chose to let MBAM quarantine. After restart though the Wndows log on was not the same any more and the log off dialogue was also corrupted(buttons and letters not showing). Also win explorer windows became black so I had MBAM restore what it quarantined. Luckily it all came back. However I had downloaded MBAM to free my laptop of a malware infestation which my paid AV can't seem to finish off , also I downloaded this cz I can't start the laptop in Safe Mode, but then this. Here is the HijackThis log prior to scanning with MBAM:hijackthis_log.txt Here is the MBAM log:mbam_log_2010_07_18__18_08_38_.txt Please help cz this laptop is needed by the owner and it's Monday tomorrow here so its gonna be busy and hes gonna need it. The laptop specs are: Compaq Presario V2000, Win XP SP3, AMD Turion 1.6 Ghz, 1.87 Gig RAM Security Software Ad-Aware Pro with Windows FW, just downloaded MBAM. Thanks in advance
  9. Hello MBAM Forum, Had just downloaded MBAM updated and ran. It found 80+ malware or so and I chose to let MBAM quarantine. After restart though the Wndows log on was not the same any more and the log off dialogue was also corrupted(buttons and letters not showing). Also win explorer windows became black so I had MBAM restore what it quarantined. Luckily it all came back. However I had downloaded MBAM to free my laptop of a malware infestation which my paid AV can't seem to finish off , also I downloaded this cz I can't start the laptop in Safe Mode, but then this. Here is the HijackThis log prior to scanning with MBAM:hijackthis_log.txt Here is the MBAM log:mbam_log_2010_07_18__18_08_38_.txt Please help cz this laptop is needed by the owner and it's Monday tomorrow here so its gonna be busy and hes gonna need it. The laptop specs are: Compaq Presario V2000, Win XP SP3, AMD Turion 1.6 Ghz, 1.87 Gig RAM Security Software Ad-Aware Pro with Windows FW, just downloaded MBAM. Thanks in advance
  10. Hello noknojon, Sorry I have to ask, why do I need to run Disable CD-ROM Emulation Software DeFogger? and what is DDS for?
  11. Hello noknojon and mountaintree16, I have to let u kno that its gonna take some time for me to reply back since I have to download and use many tools as per your directions: GMER(this cud be very dangerous to use, I dont have much experience in altering the Windows registry),DDS, DeFogger, HijackThis which I am all not familiar with. The troubled PC is my mothers and I have to go to there house next door to fix it. Right we use a popular paid internet security which has let this Backdoor.IRCbot thru. I have lost some trust with this paid av(im not telling u which) because they have lousy support and it has already let thru many malware, including this Backdoor.IRCbot. If this goes well I just might recommend to my mother to instead change over to MBAM full all or some of the PCs here when our subscription expires. Also, I understand that after I download all these tools, which I have to ask about- cud we reduce to the most important ones since it seems too many but if all these are 'absolutely' necessary then I will download them, and have the results I will post all the results in 'malware removal' and 'hijack this' forum, is this right?
  12. Hello and Happy New Year to Malwarebytes, Just 2 days ago I ran a full scan and MBAM detected Backdoor.IRCbot in file xp_cd_update.exe and so MBAM says it has been deleted and placed in quarintine. I then did another scan just yesterday and it again found Backdoor.IRCbot this time in System restore {xxxxxxxxxxxx-xxxx-xxxx} (or so i can't remember exactly). Is this a repeat infection or just the same file detected in quarintine? Is this a false positive coz I noticed that when I enter C: in Windows explorer the choice to 'hide contents of this drive' is gone, I'm not sure if this was the case before MBAM quarintined the infected file or only after? Would like to be able to 'hide contents of this drive' and get rid of Backdoor.IRCbot once and for all.
  13. That clears things that MBAM does NOT grow until it fills up the whole HD. One more great characteristic
  14. Hello, hope you don't mind me adding to this post and asking. How come the size fluctuates, sometimes the new update is smaller than the previous even without new program updates?
  15. Thanks for the responses and you are correct. The fault is with the Automatic update of MS XP where temp files from the Visual Studio 2008 install to root but has already been fixed.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.