sony_georgiev

Thanks the one file is detected: sysmon.exe backdoor.bot, but the main by autorun.inf is winhost.exe still MB miss them Just like your product, like the type of the work, that you do and try to help. And say that is not detected when extract the viruses too. [autorun] ;hh333hhhfdf777 open=RECYCLER\S-51-9-25-3434476501-1644491928-601013333-1214\winhost.exe ;hh88h3333hfdfd777 icon=%windir%\system32\SHELL32.dll,4 ;df8888h3333hhhfd77 action=Open folder to view files ;df8888hh3333hhhhf7 shell\open=Open ;dh88888h3333hhhf2777 shell\open\command=RECYCLER\S-51-9-25-3434476501-1644491928-601013333-1214\winhost.exe ;dfd888hh3333hhhfdf977 shell\open\default=1 p.s. Will code the direct links, 10x.

Now with manual scan of archived RAR file I see that, MB scan 1 file only. In archive are 9 files... + settings of deep level scan up to 10 levels. And please add malwarebytes.org/forums/index.php?act=attach&type=post&id=6166to signature update.

The right mask is: 212.95.165.200 - 212.95.165.254. So many big sites are hidden in this range.

I am writing it, not to protect me. I am ok, just want to share that, MB don't detect threat on manual scan of infected USB drive. You can scan, or extract the attached file and see that MB will stay in tray with no reaction. I use that soft - Flash_Disinfector. 10x for your post.

The problem is that the infected USB drive, when is scanned-manual, MB don't find infections. Even if you install the virus. But when you scan drive C:, 2 registry keys and one file, that put the infections in everyone usb drive that will be attached to the PC. And you know the virus what do, after infected pc is restarted: 1. Put copy on all hard drives 2. Disable firewall, Task Manager, and disable function to see hidden files and system protected files. 3. Also block MalwareBytes from update with error 732( 0, 0) 4. Slow down the PC and put also various Adware. Attached file is archived untouched version and that the file in:RECYCLER\S-51-9-25-3434476501-1644491928-601013333-1214\winhost.exe is protected with 2 level hidden and important system file. The good news is that after all MB remove it, but don't stop it in beginning. RECYCLER.rar

And the missing code are: [roam@straylight ~]> dnsip download.microsoft.com 212.95.165.233 212.95.165.232 [roam@straylight ~]>

And for luck behind this treat: http://www.businessweek.com/the_thread/tec...ce_buys_po.html - Blocked IP 212.95.165.231

In short download.microsoft.com use akamai Server: Log: [roam@straylight ~]> dnsq a download.microsoft.com f.root-servers.net 2 download.microsoft.com: 472 bytes, 1+0+13+13 records, response, noerror query: 2 download.microsoft.com authority: com 172800 NS i.gtld-servers.net [snip others 12 gTLD servers] [roam@straylight ~]> dnsq a download.microsoft.com i.gtld-servers.net 2 download.microsoft.com: 238 bytes, 1+0+5+5 records, response, noerror query: 2 download.microsoft.com authority: microsoft.com 172800 NS dns1.cp.msft.net [snip more, 4 levels] [roam@straylight ~]> dnsq a download.microsoft.com dns1.cp.msft.net 2 download.microsoft.com: 84 bytes, 1+1+0+0 records, response, authoritative, noerror query: 2 download.microsoft.com [b]answer: download.microsoft.com 3600 CNAME* *dl-geodir.microsoft.akadns.net[/b] I send this because of spam of the blocked ip from malwarebytes, when tray automatic download is used only, no browser activity. And this spam is only for download.microsoft.com, when use update in site or automatic. May be some malware are hosted too on akamai servers, so just look for pass the side of download.microsoft.com. All the best for your light-weight and massive killer and for the team behind them, Sony Georgiev, Bulgaria