[Spyware Protect 2009]

Hi GT500.

I came across this post when I was looking on the message boards and I have a question for you.

Does this mean that Malware can come through updates to Malwarebytes? I am just confused because another user posted that he or she had downloaded a patch that was supposedly for Malwarebytes but it infact was Malware and then you replied to him or her with your response.

Thanks, I am just curious and concerned. I hope it isn't the case that Malware can come through Malwarebytes udpates.

That is nothing new. Malware authors have been targeting anti-malware software for many years. I remember 4 years ago dealing with trojans that would block Spybot Search & Destroy. Back then, I just made a BartPE disk to run it from. Malwarebytes' Anti-Malware, on the other hand, was never meant to be run in that fashion.

[Disable.SecurityCenter came up in a scan]

Oh, and one more thing.

As far as I know, no settings were changed by me or the friend whos computer I ran the scan on. Someone could have changed a setting, but I don't think that that is the case.

Does this mean that this entry should be deleted?

I don't want to leave it on there or ignore it if in fact it is on there because of malware, which I think is the case since it did get a major infection.

Does anyone know if I should actually delete it or not? I don't want to mess something up but I don't want to leave an infection on the computer either.

Hello.

I have downloaded and run the Malwarebytes Free version on the computers of a few friends, and today when I was running a scan for one of my friends, Malwarebytes detected 2 infections.

They are both named Disable.SecurityCenter and are located in the registry keys.

Does anyone know if this is a true infection, and if so, if I should delete them?

If it helps, I always run the full scan, not the quick scan.

Also, do I need to post my Malwarebytes log? If so, where exactly do I post that?

Thank you in advance to anyone that can help! This computer got infected with AntiVirus 2009 previously and Malwarebyes seems to have gotten rid of that, but then this popped up.

[Disable.SecurityCenter came up in a scan]

Thanks I am not sure if I should ignore it or not though, since this computer did have a virus problem (Antivirus 2009).

I was thinking I would just delete it. Do you think that that would do anything bad to the computer?

I had that come up the first time I ran it, I told MB to ignore it and it didn't show again

[Disable.SecurityCenter came up in a scan]

Thanks!

Hmm. The firewall isnt disabled though and the antivirus seems to be running fine when I checked.

I was thinking I should delete it. Do you think that this would be fine to do? I don't want to risk any infection from it in case it is bad.

It's just telling you that there is part of the security center disabled. Like if you have the firewall disabled and you tell it not to keep comming up and notifying you. In some cases this can't be fixed due to group policy.

[Disable.SecurityCenter came up in a scan]

Thank you.

This computer did have a virus so I am not sure if I should ignore it or not though. I was planning on selecting the remove all and deleting it off of the system.

Do you think that this is a safe idea?

I checked when I did the scan and the antivirus is running fine and the Windows Firewall is on.

So I am not sure if I should delete it or not.

Would it hurt to delete it?

Look here

[AVG Resident Shield - error?]

You're welcome!

The computer that I am having the problem with had a Spyware Protect 2009 infection so I am pretty much certain that what the ResidentSheild found is a virus. I just don't understand why it was ONLY found this way. It concerns me.

I had Malwarebytes run on the computer again today and the ResidentSheild issue did not come up again, so I am so confused. I don't want to change the settings IF this is the only way the virus gets found. At least with the Sheild it tells you that its finding a virus.

I have heard of perfectly legitimate .exe files getting infected and being used as a host for a virus. One example I have heard of is lsass. I don't know anything about it really but that is one example.

Maybe that happened with your game file?

In my case, I have never HEARD of ker.exe before and I googled it and there was slim pickings.

What version of AVG do you have? And is it free or paid?

I couldn't find where to put them either, but I am going to look again. I didn't look too thoroughly before.

I just ran Hijackthis for a look and see, and it shows my login and pass for a games forum.. Argh!!!!!!!

[Malware.trace issue]

Just a quick question.

I noticed you said to remove Viewpoint Manager.

Is that a bad program?

Hello hobenenenen and welcome!

You have two antiviruses (or is it antivirii?) installed: Avira Antivir and AVG. You need to remove one of these immediately because running both can cause conflicts and system hangs. Personally, I find that Avira Antivir is excellent and compatible with most other security programs, so I recommend you keep that one.

Next, uninstall Viewpoint Manager and SystemDoctor.

Please download ATF Cleaner by Atribune

• Close Internet Explorer and any other open browsers
  
• Double-click ATF-Cleaner.exe to run the program.
  
• Under Main choose: Select All
  
• Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click
  
• 
  
• No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

________________________________________________________________________

Launch HijackThis (HJT)by clicking the desktop shortcut and choose the Scan Only option. Close all programs except HJT and all browser windows, then check the following items for removal and click on "Fix Checked":

O1 - Hosts: 91.212.65.122 browser-security.microsoft.com

O1 - Hosts: 91.212.65.122 antiwareprotect.com

O1 - Hosts: 91.212.65.122 www.antiwareprotect.com

O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c

O20 - AppInit_DLLs: karna.dat

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Close HJT.

Reboot.

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:

• Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.
  
• When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  
• When the scan is finished (a few seconds, click the Rootkit/Malware tab,and then select the Scan button.
  
• Leave your system completely idle while this longer scan is in progress.
  
• When the scan is done, save the scan log to the Windows clipboard
  
• Open Notepad or a similar text editor
  
• Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  
• Exit the Program
  
• Save the Scan log as ARK.txt and post it in your next reply. If the log is very long attach it please.
  

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to a name of your choice such as hoben.exe

Notes:

• It is very important that save the newly renamed EXE file to your desktop.
  
• You must rename Combofixe.exe as you download it and not after it is on your computer.
  You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
  • Open Firefox
    
  • Click Tools -> Options -> Main
    
  • Under the downloads section check the button that says "Always ask me where to save files".
    
  • Click OK
    

  [*]For Internet Explorer:

  • Choose to save, not open the file
    
  • When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.
    

Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console if you have not done that already:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Also, disable your firewall!

You can enable the Window firewall in the interim, until the scan is complete.

Note: The above tutorial does not tell you to rename Combofix as I have instructed you to do in the above instructions, so make sure you complete the renaming step before launching Combofix.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

• Close any open browsers.
  
• Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  

1. Double click on the renamed combofix.exe & follow the prompts.

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply with a new hijackthis log.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Rename "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" -> "C:\Program Files\Malwarebytes' Anti-Malware\newyork.exe"

• Now, relaunch MBAM by double-clicking newyork.exe in the MBAM folder.
  
• Select the Update tab -> Check for Updates
  
• After MBAM updates, select the Scanner tab.
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK -> Show Results to view the scan results.
  
• Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
  
• When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.
  

NOTE: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please post C:\ComboFix.txt, your antirootkit log (ARK.txt), and a new MBAM log in your next reply.

[AVG Resident Shield - error?]

Hi I had the same problem with a Trojan on a friends computer and then on my own computer it popped up with a cookie alert.

Try reading through the thread I started and see if that helps. I am not completely sure what is happening either though. Hopefully this is figure-out able AdvancedSetup has been helping me a lot in that thread but we are still trying to figure it out.

http://www.malwarebytes.org/forums/index.php?showtopic=15344 That's the thread that I started.

[Malwarebytes Community Update question]

Does this update pertain at all to the actual Malwarebytes program? Does it infiltrate the update process and infect computers when they update?

Or is the only concern the spam emails and the hurt that they are trying to do to Malwarebytes?

It's so sad that this is happening I hope it stops soon and I will definitely spread the word about Malwarebytes!! I have already recommended it to and installed it on the computers of a few friends.

[Malware Bytes and AVG Resident Shield?]

Thank you. I will try doing that and post back to you This doesn't happen every time though. It's happened three times on my friends laptop and then once on my home computer, where it popped up with ResidentShield but the warning was a cookie so I am not as concerned about that but it still strikes me as odd.

It also definitely seems as though the computer DID have that virus on it. Do you have any ideas about that and why MBAM might have been listed at the bottom of the ResidentShield? I'm concerned that there is a virus in the computer that is not being detected except by ResidentShield and if I change the settings, I am not sure what it will do.

Another thing is, I have installed MalwareBytes on a couple other friends computers that also have AVG, and this has not happened on those computers. (I am okay with computers and some programs and so I offered to help them find a program in addition to their anti-virus program to help detect anything that it may missed. My friends are not as computer savvy). I am at a loss for what may be happening here. I am just really concerned about the virus being found seemingly ONLY when MBAM is being run.

Thank you again for all your help and I look forward to hearing back from you.

[Malware Bytes and AVG Resident Shield?]

Thank you. What do you mean by your own hosted version? Obtaining it off your your website? The only place I know to download the free version of Malwarebytes (which is what I am currently using) is from download.com

I got the link directly off of the wwww.malwarebytes.org website and it took me to download.com I hope that this was safe.

The ResidentShield thing happened again, and I captured a screen shot. I attached it below.

At the bottom, the process says "Malwarebytes". This is really confusing to me. I don't understand if AVG thinks that the virus is coming from Malwarebytes or if Malwarebytes is detecting this virus.

No, not our own hosted version. However there are other sites that do host our installer and some rogue sites that trick you into downloaded what might appear to be our installer but is as you say already infected.

[Disable.SecurityCenter came up in a scan]

I apologize for the third post. Is there a way to edit a post?

I do not have much longer at this friends house and wont' be back again until next week I think, but I can probably tell her how to do this too.

Attached is a screen shot of the results. Basically, I want to know if anyone would be able to tell me if it would be safe to delete these entries or not? I haven't yet because I don't want to create more problems in case I don't need to delete it.

However, this entry does look concerning and I think it should be deleted but I am not sure.

Any help would be greatly appreciated! Thank you

[Disable.SecurityCenter came up in a scan]

I typed it wrong: it is actually Disabled.SecurityCenter, not Disable.SecurityCenter, if that helps.

[Malware Bytes and AVG Resident Shield?]

Thank you so much for your reply.

That definitely helps. My other question was and I am not sure if I worded it correctly, has Malwarebytes ever had a virus itself? What I mean is, has the program itself ever contained or harbored a virus that you are aware of?

Okay, thanks. I was just wondering if this had happened to anyone else. Something similar also happened on my home computer (this particular post that I made happened on a friends laptop - I have downloaded and run this program on my home computer as well as the friends laptop. They also have a paid AVG version. I forgot to say that in my original post because I wasn't sure if it was important to mention or not.) On my home computer, the issue with Malwarebyes and ResidentShield that popped up was a matter of a tracking cookie, which didn't hugely concern me, but the Trojan on the laptop was concerning to me.

If I run into it again I will definitely capture a screen shot. I don't know why I didn't think to do it before. I think its because I panicked about the virus.

[Disable.SecurityCenter came up in a scan]

Hello.

I have downloaded and run the Malwarebytes Free version on the computers of a few friends, and today when I was running a scan for one of my friends, Malwarebytes detected 2 infections.

They are both named Disable.SecurityCenter and are located in the registry keys.

Does anyone know if this is a true infection, and if so, if I should delete them?

If it helps, I always run the full scan, not the quick scan.

Also, do I need to post my Malwarebytes log? If so, where exactly do I post that?

Thank you in advance to anyone that can help! This computer got infected with AntiVirus 2009 previously and Malwarebyes seems to have gotten rid of that, but then this popped up.

[Malware Bytes and AVG Resident Shield?]

Thank you very much. I'll try the HiJack this program too.

I am not sure what was going on with Mbam and the Resident Shield. It only happened when I was running an MBAM scan. I am running it again and if it pops up again, I will be sure to post a picture of what it looks like. Essentially it detected a threat,, showed the name of the threat and then I opted to have more details displayed, and the program listed underneath was MBAM and there was a 4-digit number listed underneath that. It was confusing to me whether it thought that the problem came from MBAM (which it doesn't seem likely, do you have any idea about that?) or if it just had it there randomly.

Do you know of anyone else who has had a problem like this? Also, do you know if there is any possibility that a virus has ever come through with the Malwarebytes program?

[Malware Bytes and AVG Resident Shield?]

sorry, my file was too big, so I had to save it as a jpeg.

[Malware Bytes and AVG Resident Shield?]

Thank you.

I did find the log, however, it just gives a history of what you have done with AVG (updates, scans, etc) and doesn't show anything about what actually was found.

I'll attach a picture of a screen shot of the virus vault. Let me know if you'd like me to upload it to a photobucket though since it could possibly have a virus, but I would hope not.

I mean the AVG log. I don't have the paid version, but if you look around in the settings, somewhere there should be an option with logs.

[Malware Bytes and AVG Resident Shield?]

Thank you. Do you mean that I need to post the log details of MBAM or of AVG?

AVG doesn't actually have a log, however, I could take a screen shot and show you what came up.

While the resident shield named the program as Malware Bytes, in the Virus Vault Malwarebytes name is nowhere to be seen, so its a little confusing. If the Resident Shield pops up again like this, I will be sure to take a screen shot of it and upload it.

You would need to post the log details so that we can see what was actually reported by AVG

If its one of our system files then it would need to be reported to AVG as a False Positive so they can remove it from their detection files.

[Malware Bytes and AVG Resident Shield?]

Hi.

I am a Malwarebytes Free version user, and I recently was doing a scan with Malwarebytes. I also have a paid AVG 8.5 AntiVirus program that I use too.

While I was doing a scan with Malwarebytes, AVG's resident shield popped up with a warning for a virus. I clicked on the "more about this" link, and the Program listed that it was coming from was Malwarebytes. I thought that this was pretty strange. After I opted to remove it with the Resident Shield, I checked the Virus Vault and looked at the pathname, and Malwarebytes was not seeming to be listed in the pathname.

So, my question is, has this EVER happened to anyone else? Has Malwarebytes ever had a virus come from itself before? Does anyone know anything about this?

I love this program and I have been using it for a few months now and am considering buying the paid version.

However, when this happened today I became concerned that Malwarebytes was possibly infected with a virus.

Any help that anyone can offer would be extremely helpful! Thank you! Also, if you need any more details, please let me know.