mountaintree16
-
Posts
8,187 -
Joined
-
Last visited
-
Days Won
4
Content Type
Events
Profiles
Forums
Posts posted by mountaintree16
-
-
Thank you for posting this, I had no idea.
I am an AVG user and I hope this hasn't happened to my system.
Do you know if there is a way to tell?
AVG Virus Scanner Accidentally Removes Critical Windows ComponentShort story is a bad definition that affected both AVG 7.5 and 8 caused the file user32.dll, a critical Windows component to be deleted.
-
@ MadDogVee
When you say that AV's are targeted by malicious tools, what exactly do you mean?
I've seen a little bit about it on this board but I don't know exactly what it means.
-
Mystery FCM:
What do you mean by Bloatfest?
I used to use Norton and McAfee, as they came free with the computer.
-
What does CA stand for?
-
I found out about Malwarebytes through a friend I met online on a message board that I go to. She recommended it to me when I had a browswer hi-jack to antimalwarescanner . com
I have been using this product since late March and I am very happy with it.
I have also installed the program (free version) on the computers of several friends and they are happy with it too!
I just want to say I am am so grateful for this program and the people that make it. It is a wonderful program and it does a great job of ridding computers of nasty infections that many other programs can only remove partially or not at all. Before Malwarebytes, I didn't have much of a clue about all of the nasty things out there in the online world! I knew that there was spyware and malware, but I didn't really know exactly what that was and what it could do. I still don't fully know but I now have a better understanding of it.
So thank you and I look forward to trying to help whomever I can and look forward to working on any computer problems that I may encounter with the helpful and knowledgeable staff here! Hopefully those problems will be few though
Take care and look forward to working with you!
-
I was just reading through this thread and I just wanted to ask you exactly what you mean by this?
I'd like to be able to do it to my computer if possible.
I turned off the Server service long ago (and do every time I install Windows) as well as disabled the default admin shares so I'm immune from any variants I've seen so far. I'm not on a network either and all my flash drives use a custom autorun.inf file, so if it got infected and overwritten by conficker, I'd know it. Of course, my OS is fully patched as well. -
Hi! Sorry for the late reply. I decided not to add Malwarebytes to the exclusions list because I was concerned that this was the only way the virus was being detected. The reason I think that this is the case is because this is not happening during every scan, it has only happened once or twice as far as I can remember.
I also have no idea what ker.exe was or is.
Other than this, I have not seen any interaction or blockage concerns between AVG and Malwarebytes.
Thank you again for your help and if I do need to add those files to the Trusted Applications or Exclusions list, I now know what I need to do
It looks like the file KER.EXE is trying to be block by both Malwarebytes and AVG at the same time.Look for a setting in AVG to place all the Malwarebytes files on a Trusted Applications list or Exclusion List and see if that helps.
You will also need to include these files:
C:\WINDOWS\system32\drivers\mbam.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
-
Sorry for the late reply.
have you had any problems since?
Oh, I told you wrong, I told MB to fix it, NOT ignore it, now it's not showing. -
I'm a little confused. Did this only happen to users who had a pirated version or did it happen to everyone? I downloaded the free version a couple days before version 1.36 came out. I never saw this message. Did it happen to everyone or only certain people?
Remember, we at Malwarebytes care about your Internet safety and if you would like to speak with anyone at Malwarebytes we urge you to visit our helpdesk. -
Hey sorry for the late reply.
Thanks for letting me know what the fields to enter were!
However, I am not sure if I want to change the setting because it seems that this was the only way the virus got found? If that makes any sense. On my friends computer that this virus popped up on with the AVG Shield (and it happened on my computer once, but mine was a tracking cookie not a virus) it seems as though that was the only way the virus was found. If the settings get changed, I am not sure if that will hurt the ability to find that virus or similar viruses in the future if they happen again (which hopefully they won't!)
The AVG conflict hasn't happened again since that day on the friends computer, so I am thinking that it was actually a virus being found and not a false positive.
Do you think that your system is clean now?
-
Oh, okay, thanks!
Oh, okay. I was just curious if there was a way and if not why.
Thank you for the response
-
Thank you! I am not on my computer right now but I will update and report back when I am.
Should I show the log to you on this thread or post in the log forum?
Also, I know I already asked but perhaps you missed it. Do you know if there is any way to edit a post after its been made?
-
Thank you so much! I will do that as soon as I am able to, hopefully tonight or by Friday. You have been very helpful
Computers and well mainly problems that can occur with them/get in them are so frustrating to me. I've hardly been using my computer for fear of something hiding in it that I am unaware of ever since the antimalwarescanner incident. When not in use, I turn the internet off of the computer and shut it down or put it on standby just in case.
Which logs should I post from MBAM? The most recent one or the one with the infection or both?
Thanks again
-
Thank you for your response!
The bitmap image is the screen shot of the results from the scan. Oh! You mean the infection looks like it was found in a bitmap image?
Did you see my antimalwarescanner . com thread? I gave a little background info on there. That's actually how I cam eto find out about malwarebytes. another forum that I go to I made a post about what happened and someone suggested malwarebytes to me.
Here is the link to the thread: http://www.malwarebytes.org/forums/index.php?showtopic=16083
I think that I might have more malware on my system, I am not sure. I run Malwarebytes, SpyBot and AVG Full Internet Security Suite. Before last night when it found the infection, the only thing any of them had found were tracking cookies, and Malwarebytes had found something called Adware.MyWebSearch, which I got rid of. So I am not sure if this thing wasn't detectable yet by Malwarebytes or if it is newly on the system.
I don't know much about HiJack this, but it looks like a great program. I was going to download it and run it tonight and post the log. What exactly is HiJack this, and will it find anything thats lingering in my system?
Also, a little off topic, but do you know if its possible to edit a post on this forum?
-
I did a Malwarebytes quickscan this evening on my computer and it found something called Heuristics.Malware
I am just wondering if anyone knows what this is?
I removed it.
Attached is a screen shot of what the results looked like prior to deleting it. Malwarebytes then asked me to restart my computer, which I did right away.
-
Thank you so much AdvancedSetup!
-
Thank you so much for your response!
I have another question though.
As far as I know, a user has the ability to restore quarantined items. If that is possible, then how can an item be restored if it is completely dead?
Also, would you recommend deleting the items in quarantine?
-
I had Trojan.Agent come up on some scans too, and I deleted it and there was no problem with the computer after I deleted them.
I wonder if something off happened with your system?
Are the problems still occurring?
Here is a log i got after the scan. All the inftected files are important to windows.Malwarebytes' Anti-Malware 1.36
Database version: 2176
Windows 5.1.2600 Service Pack 3
25/05/2009 17:27:59
mbam-log-2009-05-25 (17-27-59).txt
Scan type: Quick Scan
Objects scanned: 84652
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doron\Application Data\Microsoft\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doron\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doron\Application Data\Microsoft\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doron\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
-
Hello. I have a question about the Quarantine tab on Malwarebytes.
When items are in Quarantine, are they no longer able to harm the computer?
Is it safe to delete them?
Once they are deleted, are they completely removed from the computer system and can no longer harm them?
-
Thank you
That looks like a good site! I'd never heard of it until today though. I'll keep it in mind! -
Maniac,
Thank you so much! You guys are great, I appreciate everyone's help so much.
-
In late March I believe it was, or it may have been early February, I got redirected to antimalwarescanner . com when I was going to the homepage of myspace.
I quickly closed out of it (if I remember correctly, via the red "x" on the browser. I was using Internet Explorer at the time, but since then I have used nothing but Firefox.
A fake-scan thing that looked like it was on "my computer" started "Scanning" before I closed out of it. I am pretty sure it wasn't actually in the my computer area though.
At the time, I only had AVG Free on the computer.
Then I purchased the full internet security suite from AVG. A month later, the same thing happened, this time when I was using Firefox. I posted on a messageboard that I frequent and someone suggested that I download ATF cleaner from Atribune.org and Malwarebytes. I downloaded and ran both, and all Malwarebytes found was Adware.MyWebSearch, which I removed.
This incidence has not happened since, but I still wonder from time to time if there is still something on my computer.
I was doing some searches on it again tonight and found that supposedly usually when you get redirected to the site you already have a trojan on your computer :/, but its not a given that you do. The website (antimalwarescanner), I found out, is an advertising tool for the AntiVirus 2009 malware, which my computer never got, thankfully. At least not as far as I am aware.
Update: Malwarebytes found something called Heuristics.Malware a few nights ago, which I removed.
Has anyone heard of antimalwarescanner, know anything about it, or have any idea how to get rid of it? Anything else?
Thank you so much to anyone that replies!
-
Thank you so much for your response GT500.
That clears up my question. The only update that I have ever gotten when using Malwarebytes is the one in the program and I have never seen an instance of foul play with the updates even prior to removing malware. all I see is the little box that comes from the program when I update it.
-
Hi!
I just came across this post and I saw your reply and had a question for you.
I had this same result pop up on a friends computer that I was helping them out with. They had an antivirus 2009 infection which Malwarebytes seems to have gotten rid of, but then when I scanned it again two weeks later, the Disable.SecurityCenter result came up in Malwarebytes.
When I did the second scan, they had installed McAfee. I am not sure if the security center was disabled by McAfee or the virus.
I had my friend delete the entries. I was wondering if you think that the virus probably did it or McAfee since the Disabled.SecurityCenter result didn't come up until after McAfee was installed? If so, do you think that it was safe to delete it?
Thank you
Greetings and welcome . The entries themselves aren't malware but they are settings that sometimes get changed by malware. That being said, many antiviruses and firewalls will disable these settings because they monitor themselves so they disable the built in Windows monitoring in Security Center so that you don't get double the alerts (one from the program itself and one from Window's Security Center). If you use an internet security suite like Norton or McAfee you can safely have Malwarebytes' ignore these detections because those programs disable the Security Center's notifications.
AVG Virus Scanner Accidentally Removes Critical Windows Component
in Malwarebytes News
Posted
What exactly is Heuristics scanning and what is Heuristics in general?
The only thing I know about them is that I see the name heur in AVG updates of viruses (I always click on the link in the update box that says "more about this update) and then last night when MBAM found an infection on my computer called Heuristic.Malware
So, because of that, the name Heuristic kind of scares me, but again, I don't know much about it.