David H. Lipman

I'm glad you got it sorted out and thanx for updating the thread.

My suggestion... Use FireFox and not Google.

One application can have multiple files and each file can have its own versioning. You already posted here but the actual location is for future posts regarding the MBAM software.

I don't see how accessing web sites is a nVidia issue it is more like the KIS virtual keyboard is the issue (whatever that is). On the Win7 PC, why did you update ? Did not the Win7 notebook already have nVidia drivers installed ? What is the make and Model of the Win7 platform ?

One folder, one software. One installed copy. Support for MalwareBytes' Anti-Malware (aka; MBAM not MBW) is here... General Malwarebytes Anti-Malware Forum "Please post any problems or comments related to Malwarebytes Anti-Malware in this forum. See FAQ under(Common Issues, Questions, and their Solutions) top pinned topic"

Did you obtain the nVidia update from them or was the nVidia update offered via Windows Update service and you accepted it ?

You can't change Read-Only attributes on folders and it will not help. The ONLY way you can delete them is to Take Ownership. Right-Click on the folder in question. Choose "Security" --> advanced --> owner --> edit If your account is not listed, Add it via "Other users and groups". Check the box; "Replace owner on subcontainers and objects"

Files or Folders ? Chances are that they are Microsoft HotFix/Update remnants. They may exist but really don't take up any space and can be left alone without consequences. Because of the way the folders are created, even if you have Administrative Rights, you can't delete the folders indicating you don't have sufficient rights to do so. If this is the case, you have to "Take Ownership" of the folders to gain the privileges to delete them. How you go about performing that will depend upon the version of the Windows Operating System these folders are on.

To add to what Maurice wrote, Classic Shell with its Classic Start Menu is a free way to customize Win8 (as well as Win7 and Vista) to a more "classic" user interface.

Details are not samples and while Mandiant may be a company dealing with COMSEC, they may not deal with malware to harvest samples and provide them to MalwareBytes' or other vendors in the anti malware community.

What you see are mostly web pages. However the control workstation used to access a RAT did show MBAM Pro active. The server or manager end may not be detected. It is the RAT that is seen on compromised systems, not the administrative server or manager side software. If MalwareBytes' Malware Researcher's could get a hold of that software I'm sure that signatures would be created. It is the client side or RAT that is most seen and detected. Watching the video leaves many questions such as the time frame the video was generated and the version of MBAM Pro. plus what signatures were used at the time of the video. There are just too many variables to draw a complete conclusion. Note also Mandiant was hired by the NY Times (NYT) to research who had hacked into the NYT network. It has been alleged that APT1 is a malicious actor(s) of Unit 61398 of China's People's Liberation Army (PLA). If true, we are not talking about day-2-day common off the shelf malware but most likely state created malware specifically targeting victims. Thus the software may have a very small scope of distribution and thus not seen and subsequently not detected by MBAM. Often those that are seen by MalwareBytes' are subsequently detected but there may be a time differential between the malicious release of the software and the files being found and submitted to MalwareBytes' for detection. The China's PLA has been known to use Chinese Universities students and the Chinese hacker community to perform data acquisition, hacking and hactivism on behalf of China's government and this has been an ongoing issue since the Hainan Island incident a dozen years ago.

innovation55: There is no such thing as a "trojan virus". Both are subtypes of malware. Therefore you can have a virus or a trojan but not a "trojan virus". The *only* exception is that you can have a trojan infected by a virus like a Zapchast. Compare the idea to automobiles. Toyota and Chevrolet are both subtypes of automobiles but you don't say "I have a Chevy Toyota". You either have a Chevy or a Toyota. Thus when talking about malware you say one is infected with a virus or a trojan (and there are many sub-types of trojans and viruses). One uses the infection of a host as a simile for malware in biological hosts. A Tick is a parasite and the Lyme Disease is a bacterial infection. A human can be said to have a parasite infection (having a Tick) and that Tick can infect you with Lyme Disease. Likewise you can have a triojan like a IRC Backdoor and it can be infected with a virus such as Parite. This kind of malware infection is known as a Zapchast. Too many mistakenly call every malware a "virus". The fact is viruses are a small subset of malware and all viruses are malware but not all malware are viruses. One must understand that for a malware to be a virus it must self replicate. That is it autonomously spreads from file to file or system to system by itself. Trjojans do not self replicate. That is why viruses and trojans are two distinct subtypes of malware. As for "Iron Shield" anti virus. This is not one of the top anti virus solutions and is contraindicated. There are better, well known, solutions to choose from such as; BitDefender, Eset NOD32, Emsisoft, Avira AntiVir, Avast, Kaspersky, Grisoft AVG and Microsoft Security Essentials1. Each with their own intrinsic strengths and weaknesses but when combined with MalwareBytes' Anti-Malware, (aka; MBAM) one has a much better and more complete level of protection. 1. Not necessarily rated in quality by the order given.

It certainly is NOT a virus as noted in the post's subject. Right-Clink on the file. If it is digitally signed by Microsoft then there you go. A legitimate Visual Basic Command line Compiler.

With a desktop I do NOT suggest using a can of compressed air. In a notebook it is used because it is not readily accessible to opening a chassis. With a desktop I suggest using a long-haired soft bristle paint brush and a wand attachment to a vacuum cleaner. You use the paint brush to gently dislodge the dust and the vacuum to suck it up. Vacuum cleaners with HEPA filters are best.

Interesting information on mitigating the problems induced by a large etc/hosts file. Of course in an AD you couldn't disable the DNS Client but within a non-AD SOHO environment I see it "could" have a benefit. Thanx Samuel.

Yeah, it screws up DNS Caching. EDIT:

alhazred No. Don't do that or you will effectively cut-off your Internet activity as no DNS means no name to IP resolution.

I can't state anything about HostsServer as I have no knowledge of it. I am making a general statement about a large etc/hosts file such as Steve's HpHosts and Mike's MVP Hosts File.

Actually the use a large etc/hosts file can degrade speed as it takes an inordinate amount of time, as a function of its size, to load the table and find an entry for every name resolution the browser (or other TCP/IP compliant application) has to perform. Browsers suffer more because many web pages load numerous URLs requiring many lookups to complete the page loading. Resolution negation was never the intent of the etc/hosts file as it was designed in NFS and the TCP/IP stack for resolution in situations where there was a lack of Domain Name services.

The first and foremost thing to do is use a can of compressed air and blow the dust out of all grills and openings on the notebook such that it can get air to cool it.

As CWB has indicated, take the 6 week old NB back to the place you purchased it.

"I googled it and I ended up at this malware forum so could it be a virus?" LOL there's that "virus" word again. The question really is... "I googled it and I ended up at this malware forum so could it be malware?" The answer most likely is no. If sound is heard in earphones/headset then the software is working, for the most part the electronics is working but there could be a physical wiring or some other problem with the notebook. Not everything that goes wrong is malware related and while all viruses are malware not all malware are viruses and viruses actually are a very small part of the malicious software seen in the wild. It is a common, public, misperception that all malicious software are viruses.

For the most part - yes. Since it is associated with code that can be used to exploit a vulnerability, is it incumbent upon you to make sure that ALL software is up-to-date. Prevention is always better than cure.

It is NOT a virus. It exploit code related. That means conhost.dll is associated with code that can be used to exploit a vulnerability in the computer OS or in a application or software installed within that OS. Usually the word "drop" in the name would be indicative of a dropped exploit and the GS is either a version such as GS vs GT or GR but it could also be an acronym associated with the type of exploitation performed by the DLL file (Dynamic Link Loader). All viruses are malware but not all malware are viruses and viruses actually make up a small fraction of the malware seen in the wild. It is a common, public, misperception that all bad software are viruses. All bad software are malware where mal is short for MALicious as in Malicious Software. HTH