Jump to content

TonyKlein

Experts
  • Posts

    1,932
  • Joined

  • Last visited

Everything posted by TonyKlein

  1. I have Avira myself, and I can't duplicate this. Also, here are the VirusTotal scan results for the setup file downloaded here http://www.virustotal.com/file-scan/report...bad2-1281685870
  2. @ Nosirrah : np, you're very welcome Bruce. @ daledoc1 : I've never thought of zipping a file from quarantine, but I do suppose you can go to the %UserName%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder , find the (renamed) quarantined file in there, and zip it right there.
  3. Yup, do restore the file from quarantine, and then update MBAM and rescan, if you'd like. The scan should be clean. As to how to zip/unzip a file/files, Win XP and Vista have support for compressed files built in; here's a tutorial: How to Unzip and Zip files
  4. .... and you re very welcome, daledoc1
  5. Dev log from a quick scan is clean, so I guess this was detected in the course of a full scan. File scan is positive though: Files Infected: C:\Program Files\MediaMonkey\VisHelper.exe (Trojan.Dropper) -> No action taken.
  6. I can confirm this. Here's a copy of mine + a clean VT report http://www.virustotal.com/analisis/a17ff1c...f784-1280141983 MBAM scan still running, dev log coming up VisHelper.zip
  7. Hi Kelly, For consumers and personal use, it is a one time fee of $24.95, no strings attached
  8. The Ikarus engine does detect it as "Virus.Win32.Obfuscator" http://www.virustotal.com/analisis/a2afdc0...4288-1268654863 I've pinged the folks at Ikarus; it can't hurt to alert a-squared as well, as I suggested
  9. Hi and welcome. If you report this False Positive to a-squared, I'm sure they'll be quick to fix it.
  10. I tend to agree, but the question remains why half a year ago MysteryFCM delisted the IPs in the first place...
  11. Well, I guess we'l have to wait for MysteryFCM (Steven) to drop by and tell us what's up...
  12. Hi and welcome. I can't double-check right now, but according to this post the myway.com IPs were delisted half a year ago. Are you sure you have the latest database updates installed??
  13. If you're referring to the Windows\Inf folder, it is hidden by default. You need to un-hide hidden files and folders first in order to see it
  14. Here's some reading: http://www.avira.com/en/threats/section/fu...y.zbot.dfr.html http://www.sophos.com/security/analyses/vi...l?_log_from=rss http://www.fortiguard.com/encyclopedia/vir...33;tr.dldr.html In short, this is definitely not a False Positive, prolly a new variant...
  15. It's just that typing in all caps is generally considered "SHOUTING". Otherwise, no (great) snub intended...
  16. I see you just started yet another topic... IF ANYONE HAS PROBLEMS WITH THEIR PC Also, your Caps Lock key appears to have gotten stuck...
  17. It's not a password stealer, as far as I know, so a light threat, I guess
  18. If you uploaded the file to VirusTotal, you'd very likely get something like this: http://www.virustotal.com/analisis/590cc6c...2a85-1247149284 The registry entries also belong to this Webdir adware variant: http://www.systemlookup.com/viewitem.php?l...1&item=4698 http://www.systemlookup.com/viewitem.php?l...&item=56591
  19. Yup, confirmed FP... (note that I have FeedDemon installed in the default location (%ProgramFiles%\FeedDemon) Malwarebytes' Anti-Malware 1.44 Database version: 3645 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 27-1-2010 17:28:59 mbam-log-2010-01-27 (17-28-55).txt Scan type: Quick Scan Objects scanned: 120940 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 19 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\axeserver.axenv (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB] HKEY_CLASSES_ROOT\TypeLib\{24158a0e-da05-4591-ba7d-d85d801e3f11} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB] HKEY_CLASSES_ROOT\Interface\{6c9ca10d-e604-47fb-a2f9-c9a013193609} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB] HKEY_CLASSES_ROOT\CLSID\{44eead9b-4eb1-4236-83bc-1273bb4b01ef} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB] HKEY_CLASSES_ROOT\CLSID\{6c9ca10d-e604-47fb-a2f9-c9a013193609} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB] HKEY_CLASSES_ROOT\axeserver.axenv.1 (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB] HKEY_CLASSES_ROOT\ewebprefilldata.365 (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\TypeLib\{fd96bc95-a0b9-4533-b0d3-8d47e9924d34} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\Interface\{4cc7b178-100e-4533-ba30-bdb668229bf9} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\Interface\{788c5a1b-3643-4e99-87df-e9e0c5b73691} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\Interface\{9512c7b2-2065-4774-a522-2effb4188331} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\CLSID\{892f787f-b650-4a3e-aa5b-2b8021ce4d0a} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\CLSID\{a0b0e5ab-617c-4a7d-8a94-9937d24b6670} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\CLSID\{b34ccd89-d1cd-4f9a-ba6c-936ba7f7a239} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\ewebprefilldata.365.1 (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300] HKEY_CLASSES_ROOT\ewebresultdata.365 (Rogue.PCDocPro) -> No action taken. [8E6ED52CD63EA0E6D1C9D76C596E49F5] HKEY_CLASSES_ROOT\ewebresultdata.365.1 (Rogue.PCDocPro) -> No action taken. [8E6ED52CD63EA0E6D1C9D76C596E49F5] HKEY_CLASSES_ROOT\ewebsdk.365 (Rogue.PCDocPro) -> No action taken. [F8CF97BDC75C48D32940D1C8BD5D00FE] HKEY_CLASSES_ROOT\ewebsdk.365.1 (Rogue.PCDocPro) -> No action taken. [F8CF97BDC75C48D32940D1C8BD5D00FE] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\FeedDemon\eWebClient.dll (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB] C:\Program Files\FeedDemon\eWebControl365.dll (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.