Jump to content

JBOB

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Everything posted by JBOB

  1. JBOB
    I would love to test the new bata version...
  2. JBOB
    Ok.. what registry Keys would I need to change in order to change the setting for the PUP's/PUM's to be rmeoved...?
  3. JBOB
    Greeting Experts, I am hoping somebody on this form can help me out figure out why my mbam-rt utility does not want to remove any malware. I use a .bat script to run mbam-rt (CLI) in the background of computers that are infected with malware. Malwarebytes updates (i.e. mbam.exe /update -silent), runs the scan (i.e. mbam.exe /scan –full –silent –log –remove), and completes. When I look at the log file the action is as follows“-> No action taken” for each incident found (indicated as a Potentially Unwanted Programs “PUP”). I have used this same process with others systems (i.e. botnets, Rootkits, etc) and it removes the objects with no problem… Is there something that I am missing here… I have looked at the cli command list on the administrators guide and does not show any way to remove the pup’s .. Does anybody know how this can be done? Logfile below Malwarebytes Anti-Malware Remediation Tool 1.75.0.1400 www.malwarebytes.org Database version: v2014.12.05.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.17148 Protection: Disabled 12/5/2014 10:48:23 AM mbam-log-2014-12-05 (10-48-23).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 532372 Time elapsed: 1 hour(s), 24 minute(s), 11 second(s) Memory Processes Detected: 3 C:\Program Files (x86)\WordProser_1.10.0.2\Service\wpsvc.exe (PUP.Optional.WordProser.A) -> 2920 -> No action taken. C:\ProgramData\username\fiFoUHEqU.exe (PUP.Optional.SafeWeb.A) -> 2952 -> No action taken. C:\Program Files\010\hxaxuacnrr32.exe (PUP.Optional.AdPeak.A) -> 2060 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 23 HKLM\SYSTEM\CurrentControlSet\Services\wpsvc_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\fiFoUHEqU (PUP.Optional.SafeWeb.A) -> No action taken. HKCR\CLSID\{3EBB5099-9732-48AE-B032-58B702D86EEC} (PUP.Optional.WordProser.A) -> No action taken. HKCR\TypeLib\{03A19B15-6866-4B99-97A7-57F359C40931} (PUP.Optional.WordProser.A) -> No action taken. HKCR\Interface\{D5BCB6C9-3ED8-460D-95F3-BCC309AD1D29} (PUP.Optional.WordProser.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EBB5099-9732-48AE-B032-58B702D86EEC} (PUP.Optional.WordProser.A) -> No action taken. HKCR\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} (PUP.Optional.WebSteroids.A) -> No action taken. HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\hxaxuacnrr32 (PUP.Optional.AdPeak.A) -> No action taken. HKLM\SOFTWARE\WordProser_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. HKLM\SOFTWARE\GLOBALUPDATE\UPDATE (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl (PUP.Optional.SmileysWeLove.A) -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SAFEWEB (PUP.Optional.SafeWeb) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 (PUP.Optional.GlobalUpdate.A) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 (PUP.Optional.GlobalUpdate.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\wpnfd_1_10_0_2 (PUP.Optional.WordProser.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (PUP.Optional.GlobalUpdate.T) -> No action taken. HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (PUP.Optional.GlobalUpdate.T) -> No action taken. HKCR\globalUpdate.OneClickCtrl.10 (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (PUP.Optional.GlobalUpdate.T) -> No action taken. HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} (PUP.Optional.GlobalUpdate.T) -> No action taken. Registry Values Detected: 2 HKLM\SOFTWARE\GlobalUpdate\Update|path (PUP.Optional.GlobalUpdate.T) -> Data: C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SafeWeb|HelpLink (PUP.Optional.SafeWeb) -> Data: http://www.safewebon....com/about.html-> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 21 C:\Users\username\AppData\Local\SafeWeb (PUP.Optional.SafeWeb.A) -> No action taken. C:\Program Files\010 (PUP.Optional.AdPeak.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\x86 (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Program Files (x86)\globalUpdate\Update (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0 (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Download (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Install (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Offline (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Offline\{5CA8EA98-0FF0-45F5-BC66-DB4DEAF3BE29} (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705 (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\imageformats (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\platforms (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\ProgramData\SafeWeb (PUP.Optional.Safeweb.A) -> No action taken. C:\Program Files\WordProser_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files\WordProser_1.10.0.2\IE (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\IE (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\Service (PUP.Optional.WordProser.A) -> No action taken. Files Detected: 83 C:\Program Files (x86)\WordProser_1.10.0.2\Service\wpsvc.exe (PUP.Optional.WordProser.A) -> No action taken. C:\ProgramData\JJNmOZDE\fiFoUHEqU.exe (PUP.Optional.SafeWeb.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\IE\WordProserClientIE.dll (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files\WordProser_1.10.0.2\IE\WordProserClientIE.dll (PUP.Optional.WordProser.A) -> No action taken. C:\ProgramData\username\dat\lfXnjWzkg.exe (PUP.Optional.SafeWeb.A) -> No action taken. C:\Users\username\AppData\Local\Temp\Setup-1-.exe (PUP.Optional.SafeWeb.A) -> No action taken. C:\Users\username\AppData\Local\Temp\setup_424.exe (PUP.Optional.CrossRider.A) -> No action taken. C:\Users\username\AppData\Local\Temp\setup_ra.exe (PUP.Optional.SilentInstaller.A) -> No action taken. C:\Users\username\AppData\Local\Temp\ZOG\Setup.exe (PUP.Optional.WordProser.A) -> No action taken. C:\Users\username\Downloads\download-funny-photo-maker.exe (PUP.Optional.Eguide) -> No action taken. C:\Users\username\Downloads\download-photoscape.exe (PUP.Optional.Eguide) -> No action taken. C:\Users\username\Downloads\SoftonicDownloader_for_supereasy-video-booster.exe (PUP.Optional.Softonic) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\SafeWeb\data2.dat (PUP.Optional.SafeWeb.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage (PUP.Optional.ShoppingGate.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal (PUP.Optional.ShoppingGate.A) -> No action taken. C:\Windows\Tasks\8d89449c-65b1-4eaa-89c6-1cbe7c878898-4.job (PUP.Optional.CrossRider.T) -> No action taken. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Program Files\010\hxaxuacnrr32.exe (PUP.Optional.AdPeak.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-install-v0003 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-processes-v0002 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-vmdetect-v0001 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\BrowserHelper.exe.config (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\BrowserHelper.pdb (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\browserhelperff.log (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\channel_generic.json.old (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\smileyswelove.xpi (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\x86\SQLite.Interop.dll (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleCrashHandler.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdate.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdateBroker.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdateHelper.msi (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdateOnDemand.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\goopdate.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\goopdateres_en.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\npGoogleUpdate4.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\psmachine.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\psuser.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\application.log (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\db.db (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\libeay32.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\LoopbackForWin8.exe (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\msvcp100.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\msvcr100.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Core.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Gui.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Network.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Sql.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Widgets.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\ssleay32.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\imageformats\qgif.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\platforms\qwindows.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\ProgramData\SafeWeb\data.dat (PUP.Optional.Safeweb.A) -> No action taken. C:\ProgramData\SafeWeb\SafeWeb.ico (PUP.Optional.Safeweb.A) -> No action taken. C:\ProgramData\SafeWeb\Uninstall.exe (PUP.Optional.Safeweb.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\terms-of-service.rtf (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\JSON-simple-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\Nustache-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\TaskScheduler-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\UAC-license.txt (PUP.Optional.WordProser.A) -> No action taken. (end)
  4. JBOB
    Greeting Experts, I am hoping somebody on this form can help me out figure out why my mbam-rt utility does not want to remove any malware. I use a .bat script to run mbam-rt (CLI) in the background of computers that are infected with malware. Malwarebytes updates (i.e. mbam.exe /update -silent), runs the scan (i.e. mbam.exe /scan –full –silent –log –remove), and completes. When I look at the log file the action is as follows“-> No action taken” for each incident found (indicated as a Potentially Unwanted Programs “PUP”). I have used this same process with others systems (i.e. botnets, Rootkits, etc) and it removes the objects with no problem… Is there something that I am missing here… I have looked at the cli command list on the administrators guide and does not show any way to remove the pup’s .. Does anybody know how this can be done? Logfile below Malwarebytes Anti-Malware Remediation Tool 1.75.0.1400 www.malwarebytes.org Database version: v2014.12.05.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.17148 Protection: Disabled 12/5/2014 10:48:23 AM mbam-log-2014-12-05 (10-48-23).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 532372 Time elapsed: 1 hour(s), 24 minute(s), 11 second(s) Memory Processes Detected: 3 C:\Program Files (x86)\WordProser_1.10.0.2\Service\wpsvc.exe (PUP.Optional.WordProser.A) -> 2920 -> No action taken. C:\ProgramData\username\fiFoUHEqU.exe (PUP.Optional.SafeWeb.A) -> 2952 -> No action taken. C:\Program Files\010\hxaxuacnrr32.exe (PUP.Optional.AdPeak.A) -> 2060 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 23 HKLM\SYSTEM\CurrentControlSet\Services\wpsvc_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\fiFoUHEqU (PUP.Optional.SafeWeb.A) -> No action taken. HKCR\CLSID\{3EBB5099-9732-48AE-B032-58B702D86EEC} (PUP.Optional.WordProser.A) -> No action taken. HKCR\TypeLib\{03A19B15-6866-4B99-97A7-57F359C40931} (PUP.Optional.WordProser.A) -> No action taken. HKCR\Interface\{D5BCB6C9-3ED8-460D-95F3-BCC309AD1D29} (PUP.Optional.WordProser.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EBB5099-9732-48AE-B032-58B702D86EEC} (PUP.Optional.WordProser.A) -> No action taken. HKCR\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} (PUP.Optional.WebSteroids.A) -> No action taken. HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\hxaxuacnrr32 (PUP.Optional.AdPeak.A) -> No action taken. HKLM\SOFTWARE\WordProser_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. HKLM\SOFTWARE\GLOBALUPDATE\UPDATE (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl (PUP.Optional.SmileysWeLove.A) -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SAFEWEB (PUP.Optional.SafeWeb) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 (PUP.Optional.GlobalUpdate.A) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 (PUP.Optional.GlobalUpdate.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\wpnfd_1_10_0_2 (PUP.Optional.WordProser.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (PUP.Optional.GlobalUpdate.T) -> No action taken. HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (PUP.Optional.GlobalUpdate.T) -> No action taken. HKCR\globalUpdate.OneClickCtrl.10 (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (PUP.Optional.GlobalUpdate.T) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (PUP.Optional.GlobalUpdate.T) -> No action taken. HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} (PUP.Optional.GlobalUpdate.T) -> No action taken. Registry Values Detected: 2 HKLM\SOFTWARE\GlobalUpdate\Update|path (PUP.Optional.GlobalUpdate.T) -> Data: C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SafeWeb|HelpLink (PUP.Optional.SafeWeb) -> Data: http://www.safewebonline.com/about.html-> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 21 C:\Users\username\AppData\Local\SafeWeb (PUP.Optional.SafeWeb.A) -> No action taken. C:\Program Files\010 (PUP.Optional.AdPeak.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\x86 (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Program Files (x86)\globalUpdate\Update (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0 (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Download (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Install (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Offline (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\Offline\{5CA8EA98-0FF0-45F5-BC66-DB4DEAF3BE29} (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705 (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\imageformats (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\platforms (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\ProgramData\SafeWeb (PUP.Optional.Safeweb.A) -> No action taken. C:\Program Files\WordProser_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files\WordProser_1.10.0.2\IE (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2 (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\IE (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\Service (PUP.Optional.WordProser.A) -> No action taken. Files Detected: 83 C:\Program Files (x86)\WordProser_1.10.0.2\Service\wpsvc.exe (PUP.Optional.WordProser.A) -> No action taken. C:\ProgramData\JJNmOZDE\fiFoUHEqU.exe (PUP.Optional.SafeWeb.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\IE\WordProserClientIE.dll (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files\WordProser_1.10.0.2\IE\WordProserClientIE.dll (PUP.Optional.WordProser.A) -> No action taken. C:\ProgramData\username\dat\lfXnjWzkg.exe (PUP.Optional.SafeWeb.A) -> No action taken. C:\Users\username\AppData\Local\Temp\Setup-1-.exe (PUP.Optional.SafeWeb.A) -> No action taken. C:\Users\username\AppData\Local\Temp\setup_424.exe (PUP.Optional.CrossRider.A) -> No action taken. C:\Users\username\AppData\Local\Temp\setup_ra.exe (PUP.Optional.SilentInstaller.A) -> No action taken. C:\Users\username\AppData\Local\Temp\ZOG\Setup.exe (PUP.Optional.WordProser.A) -> No action taken. C:\Users\username\Downloads\download-funny-photo-maker.exe (PUP.Optional.Eguide) -> No action taken. C:\Users\username\Downloads\download-photoscape.exe (PUP.Optional.Eguide) -> No action taken. C:\Users\username\Downloads\SoftonicDownloader_for_supereasy-video-booster.exe (PUP.Optional.Softonic) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal (PUP.Optional.Boost.A) -> No action taken. C:\Users\username\AppData\Local\SafeWeb\data2.dat (PUP.Optional.SafeWeb.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage (PUP.Optional.ShoppingGate.A) -> No action taken. C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal (PUP.Optional.ShoppingGate.A) -> No action taken. C:\Windows\Tasks\8d89449c-65b1-4eaa-89c6-1cbe7c878898-4.job (PUP.Optional.CrossRider.T) -> No action taken. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Program Files\010\hxaxuacnrr32.exe (PUP.Optional.AdPeak.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-install-v0003 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-processes-v0002 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\vitruvian-installer-vmdetect-v0001 (PUP.Optional.Vitruvian.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\BrowserHelper.exe.config (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\BrowserHelper.pdb (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\browserhelperff.log (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\channel_generic.json.old (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\smileyswelove.xpi (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Users\username\AppData\Local\Temp\swlfiles\x86\SQLite.Interop.dll (PUP.Optional.SmileysWeLove.A) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll (PUP.Optional.GlobalUpdate.T) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleCrashHandler.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdate.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdateBroker.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdateHelper.msi (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\GoogleUpdateOnDemand.exe (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\goopdate.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\goopdateres_en.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\npGoogleUpdate4.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\psmachine.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Temp\comh.102705\psuser.dll (PUP.Optional.GlobalUpdate.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\application.log (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\db.db (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\libeay32.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\LoopbackForWin8.exe (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\msvcp100.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\msvcr100.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Core.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Gui.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Network.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Sql.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\Qt5Widgets.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\ssleay32.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\imageformats\qgif.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\Users\username\AppData\Local\Obrona Block Ads\platforms\qwindows.dll (PUP.Optional.ObronaBlockAds.A) -> No action taken. C:\ProgramData\SafeWeb\data.dat (PUP.Optional.Safeweb.A) -> No action taken. C:\ProgramData\SafeWeb\SafeWeb.ico (PUP.Optional.Safeweb.A) -> No action taken. C:\ProgramData\SafeWeb\Uninstall.exe (PUP.Optional.Safeweb.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\terms-of-service.rtf (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\JSON-simple-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\Nustache-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\TaskScheduler-license.txt (PUP.Optional.WordProser.A) -> No action taken. C:\Program Files (x86)\WordProser_1.10.0.2\3rd Party Licenses\UAC-license.txt (PUP.Optional.WordProser.A) -> No action taken. (end)
  5. JBOB
    Greeting Experts, For the past couple of weeks I have been trying to get the current version of MBAM-RT to run on remote computers via using psexec.exe (i.e. scrip.bat file). I copy the mbam fil (as zip) and 7zip.exe cli utility over to the target computer, Unzip the folder, and start the bat file that updates and scans in “-silent” mode. My problem is trying to get the log files redirected to a different share location on the network. I know the use of /logtofile and /logtofolder is not possible. But I found the following “https://forums.malwarebytes.org/index.php?/topic/157029-how-to-customize-mbam-rt-default-settings/” and thought this may be an option that can be used… As anybody had the chance to try this out?? IF so, how did it work out… and how did you set it up to redirect the log files to different location.
  6. JBOB
    Greeting Experts, For the past couple of weeks I have been trying to get the current version of MBAM-RT to run on remote computers via using psexec.exe (i.e. scrip.bat file). I copy the mbam fil (as zip) and 7zip.exe cli utility over to the target computer, Unzip the folder, and start the bat file that updates and scans in “-silent” mode. My problem is trying to get the log files redirected to a different share location on the network. I know the use of /logtofile and /logtofolder is not possible. But I found the following “https://forums.malwarebytes.org/index.php?/topic/157029-how-to-customize-mbam-rt-default-settings/” and thought this may be an option that can be used… As anybody had the chance to try this out?? IF so, how did it work out… and how did you set it up to redirect the log files to different location.
  7. JBOB
    AAH...!!!... I understand now... thanks for your help ...
  8. JBOB
    sorry .. ment to say omitted not omented...
  9. JBOB
    no problem ....... I did look at the new one " http://static-cdn.malwarebytes.org/assets/userguides/2014-11-19/MBRTGuide.pdf" and noticed the /logtofile and /logtofolder was omented from the current mbam.exe tool....?? Would this be the correct one...?? not sure if this fuction was removed or not.... ..
  10. JBOB
    Yes, I used the command as it status in the cli section of the manual ... mbam.exe /logtofile c:\mbam_logs\mbam_log.txt . It would be at the bottom of page 14.... I used the excate verabe and still have trouble... any ideas... Malwarebytes Anti-Malware Remediation Tool 1.0 Administrators Guide.pdf
  11. JBOB
    My Mistake, I ment to say /Logtofile not /logtofolder Mbam.exe Tool: Malwarebytes Anti-Malware Remediation Tool 1.0 Script Parameters C:\MalwareBytes\mbam.exe /logtofile "E:\MalwareBytes\mbam_logs\mbam_log.txt" C:\MalwareBytes\mbam.exe /update -silent C:\MalwareBytes\mbam.exe /scan -flash -log -silent -remove
  12. JBOB
    Maybe somebody can help with a problem I am having with Malwarebytes logging. When I try to set up a script using Malwarebytes cli command “in .bat file” fails to redirect the logging to custom file directly and goes to the default location. The update/scanning functions work without any problems but it fails to place the logs in custom directory… Does anybody have any idea what I am doing wrong…? Mbam.exe Tool: Malwarebytes Anti-Malware Remediation Tool 1.0 Script Parameters C:\MalwareBytes\mbam.exe /logtofolder "E:\MalwareBytes\mbam_logs\mbam_log.txt" C:\MalwareBytes\mbam.exe /update -silent C:\MalwareBytes\mbam.exe /scan -flash -log -silent -remove
  13. JBOB
    Maybe somebody can help with a problem I am having with Malwarebytes logging. When I try to set up a script using Malwarebytes cli command “in .bat file” fails to redirect the logging to custom file directly and goes to the default location. The update/scanning functions work without any problems but it fails to place the logs in custom directory… Does anybody have any idea what I am doing wrong…? Mbam.exe Tool: Malwarebytes Anti-Malware Remediation Tool 1.0 Script Parameters C:\MalwareBytes\mbam.exe /logtofolder "E:\MalwareBytes\mbam_logs\mbam_log.txt" C:\MalwareBytes\mbam.exe /update -silent C:\MalwareBytes\mbam.exe /scan -flash -log -silent -remove
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.