  1. Hi, just wondering if anyone else has experienced this. Whenever I go to the main download page for mediafire and click on the link to download something malwarebytes pops up saying that it blocked a potentially dangerous IP from accessing my computer.

    Does this mean the virus is coming through mediafire or does it mean there's a trojan hiding on my machine that tries to launch whenever I access the mediafire page? I've run Malwarebytes and it says my system is clean. I couldn't find anything on the web about it. I figured if it was happening to me then it must be happening to others.

    Thanks in advance.

  2. Had a virus called Skynet, I ran Malwarebytes, don't know if it was removed but now every time I launch an app or file on my cpu I get a message that pops up saying "The application or DLL globalroot\systemroot\system32\SKYNET\pwbhbnn.dll is not a valid WIndows image. PLease check against your installation diskette."

    It won't stop popping up. Below is my HijackThis log and Malwarebytes scan log. Any help appreciated, thanks!

    Malwarebytes' Anti-Malware 1.38

    Database version: 2330

    Windows 5.1.2600 Service Pack 3

    6/24/2009 7:43:03 PM

    mbam-log-2009-06-24 (19-43-03).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 257725

    Time elapsed: 56 minute(s), 5 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 4

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    c:\WINDOWS\Temp\SKYNETibcrvjucbr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\SKYNETfealvtxy.dll (Trojan.Agent) -> Delete on reboot.

    c:\WINDOWS\system32\SKYNETlpwbhbnn.dll (Trojan.Agent) -> Delete on reboot.

    c:\WINDOWS\system32\drivers\SKYNETvgkuwjpp.sys (Trojan.Agent) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 7:52:59 PM, on 6/24/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:









    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe


    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Google\Update\GoogleUpdate.exe





    C:\Program Files\McAfee\MSK\MskSrver.exe

    C:\Program Files\Dell Support Center\bin\sprtsvc.exe



    C:\Program Files\DellTPad\Apoint.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe





    C:\Program Files\Dell\MediaDirect\PCMService.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe


    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe


    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe

    C:\Program Files\DellTPad\HidFind.exe


    C:\Program Files\DellTPad\Apntex.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Chrome\Application\chrome.exe



    C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090205

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234419453193

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234491428000

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

    O23 - Service: Google Update Service (gupdate1c98d998a4a476a) (gupdate1c98d998a4a476a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


    End of file - 13635 bytes

  3. Hi,

    This was a readerror in malwarebytes causing this false positive. This has been resolved already. Please update malwarebytes and let me know if it's still detecting Goldun.

    Hi Miekie - After updating Malwarebytes this has been fixed but I've been getting viruses every once in a while even though I'm not going anywhere different really in my browser. I thought it was good to just post the log anyway as I thought maybe something was hiding on my system still. Does my log look okay to you?

    Thanks for responding.

  4. First off thanks for a wonderful product. Malwarebytes is truly one of the best if not THE best malware eliminators.

    I own a copy of Malwarebytes and had an issue with a virus. Right now Malwarebytes is saying everything is clean but I don't believe it is. I think there's something hiding on my machine and would love if someone could analyze my log file.

    Here's what happened:

    I had Protection Enabled on startup. When my cpu turned on, Malwarebytes popped-up a window

    that said it had blocked a process from accessing the internet

    (C:\System32\MSCTF.dll: rootkit.Goldun). It gave me the option to

    quarantine the virus but the pop-up window froze and my system locked up

    so I was never able to quarantine it. It's worked fine in the past, just

    seemed to have a problem with this virus.

    What's also strange and concerning to me is when I disabled protection at

    startup and ran a scan with Malwarebytes on it's own it said that it found no malicious

    programs on my cpu. As soon as I enabled the protection again, the window popped-up saying it

    found the rootkit.Goldun again and would freeze.

    I took a chance and ran McAfee which I'm not a fan of but it did find one trojan that malwarebytes didn't called Arftemis!C6216C66E6EB. I don't know what happened with the original rootkit.Goldun virus that Malware was freezing on which makes me think it's still here. Anyway, McAfee quarantined the Artemis trojan and now Malwarebytes works fine with no pop ups on startup and when I run a scan it says everything is clean.

    Thing is I'm still afraid that something is on here because for the past few days I keep getting virus alerts when I haven't gone anywhere differently on the web. Malwarebytes removes it and then the next day a new one shows up. I think something is hiding on my cpu.

    Any help would be greatly appreciated! Log file and MBAM logs below. Thanks!

    Malwarebytes' Anti-Malware 1.37

    Database version: 2219

    Windows 5.1.2600 Service Pack 3

    6/3/2009 11:48:12 AM

    mbam-log-2009-06-03 (11-48-12).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 248265

    Time elapsed: 1 hour(s), 20 minute(s), 5 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:14:20 PM, on 6/3/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:









    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe



    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe


    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Google\Update\GoogleUpdate.exe


    C:\Program Files\DellTPad\Apoint.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe







    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Program Files\Dell\MediaDirect\PCMService.exe


    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\McAfee\MSK\MskSrver.exe

    C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe


    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe


    C:\Program Files\DellTPad\Apntex.exe

    C:\Program Files\DellTPad\HidFind.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe



    C:\Program Files\McAfee\MPF\MPFSrv.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe

    C:\Program Files\FileZilla FTP Client\filezilla.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090205

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234419453193

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234491428000

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

    O23 - Service: Google Update Service (gupdate1c98d998a4a476a) (gupdate1c98d998a4a476a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


    End of file - 13627 bytes

