Ftracy3

Hi..a search indicated this has been reported before in 2011 but reply was it would be fixed in next update. audioconverter.exe is reported as back door agent. I think it's safe but would like confirmation. DETECTION D:\Downloads\AudioConverter.EXE Backdoor.Agent QUARANTINE File downloaded from developer site http://www.networkedmediatank.com/showthread.php?tid=20887

No I haven't removed anything as I didn't want to screw up my system if this was false. I'm set to view both system and hidden files (Vista 64, show hidden files checked, hide protected operating system files unchecked). And as far as I can tell this subfolder doesn't exist..can you think of any explanation as to why I can't see a system32\SYSTEM32 subfolder that MBAM tells me is there?

Agreed and that's what's so weird about this. I don't see the SYSTEM32 subfolder for system32, system is set to show invisible files. Neither of the two flagged files (rtl8187.sys and rtl8187B.sys) appear to exist anywhere either. There is a rtl8187se.sys in my system32 folder, but no additional SYSTEM32 subfolder where the supposedly infected files exist. Any ideas as to why this would identify a folder and files that don't exist? Or if they do why I can't see them even though system is set to show invisible files? Looking up rtl8187se.sys it appears to be a realtek networking driver. It's a Gateway preconfigured machine so I'm assuming if it's necessary Gateway put it there. Also, does that registry data mean anything? Thanks for any additional guidance.

Hi, See below. Kaspersky forum said this was false related to my network adapter. And I don't understand how this can show a system32\SYSTEM32..I don't see it or either of these files in explorer. Is this false? and will deleting these files/keys hurt anything? Thanks for any response. Malwarebytes' Anti-Malware 1.38 Database version: 2365 Windows 6.0.6001 Service Pack 1 7/3/2009 9:03:39 AM mbam-log-2009-07-03 (09-03-33).txt Scan type: Quick Scan Objects scanned: 89021 Time elapsed: 3 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688 38084807185615674796980888461368683837079855570838474807961498077746874708461388 9 81778083708393478034688574877037708476858081367366797270843018130117] Folders Infected: C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019] c:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019] Files Infected: c:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019] c:\Windows\System32\SYSTEM32\DRIVERS\rtl8187B.sys (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019]