Ftracy3
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Ftracy3
-
-
No I haven't removed anything as I didn't want to screw up my system if this was false.
I'm set to view both system and hidden files (Vista 64, show hidden files checked, hide protected operating system files unchecked). And as far as I can tell this subfolder doesn't exist..can you think of any explanation as to why I can't see a system32\SYSTEM32 subfolder that MBAM tells me is there?
-
Agreed and that's what's so weird about this. I don't see the SYSTEM32 subfolder for system32, system is set to show invisible files. Neither of the two flagged files (rtl8187.sys and rtl8187B.sys) appear to exist anywhere either. There is a rtl8187se.sys in my system32 folder, but no additional SYSTEM32 subfolder where the supposedly infected files exist. Any ideas as to why this would identify a folder and files that don't exist? Or if they do why I can't see them even though system is set to show invisible files?
Looking up rtl8187se.sys it appears to be a realtek networking driver. It's a Gateway preconfigured machine so I'm assuming if it's necessary Gateway put it there.
Also, does that registry data mean anything?
Thanks for any additional guidance.
System32\SYSTEM32 <- see the double system32 , this is the problem here .Where are you getting these drivers from ? Is it their website or an older disk ? There is a bug in the version of the driver installer that you are creating and using folders that should not ever exist .
-
Hi, See below. Kaspersky forum said this was false related to my network adapter. And I don't understand how this can show a system32\SYSTEM32..I don't see it or either of these files in explorer.
Is this false? and will deleting these files/keys hurt anything? Thanks for any response.
Malwarebytes' Anti-Malware 1.38
Database version: 2365
Windows 6.0.6001 Service Pack 1
7/3/2009 9:03:39 AM
mbam-log-2009-07-03 (09-03-33).txt
Scan type: Quick Scan
Objects scanned: 89021
Time elapsed: 3 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688
38084807185615674796980888461368683837079855570838474807961498077746874708461388
9
81778083708393478034688574877037708476858081367366797270843018130117]
Folders Infected:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019]
c:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019]
Files Infected:
c:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019]
c:\Windows\System32\SYSTEM32\DRIVERS\rtl8187B.sys (Trojan.Agent) -> No action taken. [3742513036276156747969808884618490848570782019615290848570782019]
audioconverter.exe
in File Detections
Posted
Hi..a search indicated this has been reported before in 2011 but reply was it would be fixed in next update. audioconverter.exe is reported as back door agent. I think it's safe but would like confirmation.
DETECTION D:\Downloads\AudioConverter.EXE Backdoor.Agent QUARANTINE
File downloaded from developer site
http://www.networkedmediatank.com/showthread.php?tid=20887